From 8c02e75907d2c287ca344954c6d302230c4af7c0 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 20 May 2024 17:49:22 +0200 Subject: [PATCH 01/94] workarounds for charon --- libcrux-ml-kem/{build.rs => build-foo.rs} | 0 libcrux-ml-kem/c.sh | 2 +- libcrux-ml-kem/src/helper.rs | 2 +- libcrux-ml-kem/src/invert_ntt.rs | 4 ++-- libcrux-ml-kem/src/matrix.rs | 14 ++++++++------ libcrux-ml-kem/src/ntt.rs | 4 ++-- libcrux-ml-kem/src/polynomial.rs | 9 ++++----- libcrux-sha3/src/generic_keccak.rs | 2 -- libcrux-sha3/src/traits.rs | 2 +- 9 files changed, 19 insertions(+), 20 deletions(-) rename libcrux-ml-kem/{build.rs => build-foo.rs} (100%) diff --git a/libcrux-ml-kem/build.rs b/libcrux-ml-kem/build-foo.rs similarity index 100% rename from libcrux-ml-kem/build.rs rename to libcrux-ml-kem/build-foo.rs diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 88a3eb543..b48ab69ad 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -15,7 +15,7 @@ if [[ -z "$EURYDICE_HOME" ]]; then fi echo "Running charon ..." -$CHARON_HOME/bin/charon --errors-as-warnings +RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings mkdir -p c cd c diff --git a/libcrux-ml-kem/src/helper.rs b/libcrux-ml-kem/src/helper.rs index 20e850b0d..22308a179 100644 --- a/libcrux-ml-kem/src/helper.rs +++ b/libcrux-ml-kem/src/helper.rs @@ -23,7 +23,7 @@ macro_rules! cloop { }; (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => { for $i in 0..$val.len() { - let $item = &$val[$i]; + let $item = $val[$i]; $body } }; diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 589633ac1..89ca8a92a 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -76,8 +76,8 @@ pub(crate) fn invert_ntt_at_layer_4_plus( *zeta_i -= 1; let offset = round * step * 2; - let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; - let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; + let offset_vec = offset / 16; // FIELD_ELEMENTS_IN_VECTOR; + let step_vec = step / 16; // FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { let (x, y) = inv_ntt_layer_int_vec_step_reduce( diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 2b4d4ed85..b14f9687d 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -22,12 +22,14 @@ pub(crate) fn sample_matrix_A(seeds); - for (j, sample) in sampled.into_iter().enumerate() { - // A[i][j] = A_transpose[j][i] - if transpose { - A_transpose[j][i] = sample; - } else { - A_transpose[i][j] = sample; + cloop! { + for (j, sample) in sampled.into_iter().enumerate() { + // A[i][j] = A_transpose[j][i] + if transpose { + A_transpose[j][i] = sample; + } else { + A_transpose[i][j] = sample; + } } } } diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index afa17cf9e..69b252d00 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -81,8 +81,8 @@ pub(crate) fn ntt_at_layer_4_plus( *zeta_i += 1; let offset = round * step * 2; - let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; - let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; + let offset_vec = offset / 16; //FIELD_ELEMENTS_IN_VECTOR; + let step_vec = step / 16; //FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { let (x, y) = ntt_layer_int_vec_step( diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index b78c0e491..bc1eb770e 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -13,9 +13,10 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [FieldElementTimesMontgomeryR; 128] = -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628, ]; -pub(crate) const VECTORS_IN_RING_ELEMENT: usize = - super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; +pub(crate) const VECTORS_IN_RING_ELEMENT: usize = 16; +// super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; +#[cfg_attr(eurydice, derive(Clone, Copy))] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } @@ -33,9 +34,7 @@ impl PolynomialRingElement { pub(crate) fn from_i16_array(a: &[i16]) -> Self { let mut result = PolynomialRingElement::ZERO(); for i in 0..VECTORS_IN_RING_ELEMENT { - result.coefficients[i] = Vector::from_i16_array( - &a[i * FIELD_ELEMENTS_IN_VECTOR..(i + 1) * FIELD_ELEMENTS_IN_VECTOR], - ); + result.coefficients[i] = Vector::from_i16_array(&a[i * 16..(i + 1) * 16]); } result } diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index e5f6ea9f1..5e0105f6d 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -6,7 +6,6 @@ use core::ops::Index; use crate::traits::*; #[cfg_attr(hax, hax_lib::opaque_type)] -#[allow(private_bounds)] // TODO: figure out visibility #[derive(Clone, Copy)] pub struct KeccakState> { pub st: [[T; 5]; 5], @@ -20,7 +19,6 @@ impl> Index for KeccakState { } } -#[allow(private_bounds)] // TODO: figure out visibility impl> KeccakState { /// Create a new Shake128 x4 state. #[inline(always)] diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index a499305e3..f8dc30c79 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -1,5 +1,5 @@ /// A trait for multiplexing implementations. -pub(crate) trait KeccakItem: Clone + Copy { +pub trait KeccakItem: Clone + Copy { fn zero() -> Self; fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self; fn rotate_left1_and_xor(a: Self, b: Self) -> Self; From 9d0c4815c09882ea520d9193bdcd3f57bfb5dca2 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 21 May 2024 15:44:39 +0200 Subject: [PATCH 02/94] refactor: kill `GenericOperations` in favor of functions --- libcrux-ml-kem/src/invert_ntt.rs | 6 ++++-- libcrux-ml-kem/src/ntt.rs | 6 ++++-- libcrux-ml-kem/src/polynomial.rs | 4 ++-- libcrux-ml-kem/src/serialize.rs | 16 +++++++-------- polynomials/src/lib.rs | 5 ++++- traits/src/lib.rs | 35 ++++++++++++-------------------- 6 files changed, 35 insertions(+), 37 deletions(-) diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 89ca8a92a..12a0911a9 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -2,7 +2,9 @@ use crate::{ hax_utils::hax_debug_assert, polynomial::{PolynomialRingElement, ZETAS_TIMES_MONTGOMERY_R}, }; -use libcrux_polynomials::{GenericOperations, Operations, FIELD_ELEMENTS_IN_VECTOR}; +use libcrux_polynomials::{ + montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR, +}; #[inline(always)] pub(crate) fn invert_ntt_at_layer_1( @@ -61,7 +63,7 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce( ) -> (Vector, Vector) { let a_minus_b = Vector::sub(b, &a); a = Vector::barrett_reduce(Vector::add(a, &b)); - b = Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); + b = montgomery_multiply_fe::(a_minus_b, zeta_r); (a, b) } #[inline(always)] diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 69b252d00..383c4a00b 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -2,7 +2,9 @@ use crate::{ hax_utils::hax_debug_assert, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, ZETAS_TIMES_MONTGOMERY_R}, }; -use libcrux_polynomials::{GenericOperations, Operations, FIELD_ELEMENTS_IN_VECTOR}; +use libcrux_polynomials::{ + montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR, +}; #[inline(always)] pub(crate) fn ntt_at_layer_1( @@ -62,7 +64,7 @@ fn ntt_layer_int_vec_step( mut b: Vector, zeta_r: i16, ) -> (Vector, Vector) { - let t = Vector::montgomery_multiply_fe_by_fer(b, zeta_r); + let t = montgomery_multiply_fe::(b, zeta_r); b = Vector::sub(a, &t); a = Vector::add(a, &t); (a, b) diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index bc1eb770e..8c16097ad 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,5 +1,5 @@ use libcrux_polynomials::{ - FieldElementTimesMontgomeryR, GenericOperations, Operations, FIELD_ELEMENTS_IN_VECTOR, + to_standard_domain, FieldElementTimesMontgomeryR, Operations, FIELD_ELEMENTS_IN_VECTOR, }; pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [FieldElementTimesMontgomeryR; 128] = [ @@ -97,7 +97,7 @@ impl PolynomialRingElement { for j in 0..VECTORS_IN_RING_ELEMENT { // The coefficients are of the form aR^{-1} mod q, which means // calling to_montgomery_domain() on them should return a mod q. - let coefficient_normal_form = Vector::to_standard_domain(self.coefficients[j]); + let coefficient_normal_form = to_standard_domain::(self.coefficients[j]); self.coefficients[j] = Vector::barrett_reduce(Vector::add( coefficient_normal_form, diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 9cc9fc9c3..17fa8250a 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -4,7 +4,7 @@ use crate::{ helper::cloop, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT}, }; -use libcrux_polynomials::{GenericOperations, Operations}; +use libcrux_polynomials::{decompress_1, to_unsigned_representative, Operations}; #[cfg(hax)] use super::constants::COEFFICIENTS_IN_RING_ELEMENT; @@ -15,7 +15,7 @@ pub(super) fn compress_then_serialize_message( ) -> [u8; SHARED_SECRET_SIZE] { let mut serialized = [0u8; SHARED_SECRET_SIZE]; for i in 0..16 { - let coefficient = Vector::to_unsigned_representative(re.coefficients[i]); + let coefficient = to_unsigned_representative::(re.coefficients[i]); let coefficient_compressed = Vector::compress_1(coefficient); let bytes = Vector::serialize_1(coefficient_compressed); @@ -31,7 +31,7 @@ pub(super) fn deserialize_then_decompress_message( let mut re = PolynomialRingElement::::ZERO(); for i in 0..16 { let coefficient_compressed = Vector::deserialize_1(&serialized[2 * i..2 * i + 2]); - re.coefficients[i] = Vector::decompress_1(coefficient_compressed); + re.coefficients[i] = decompress_1::(coefficient_compressed); } re } @@ -42,7 +42,7 @@ pub(super) fn serialize_uncompressed_ring_element( ) -> [u8; BYTES_PER_RING_ELEMENT] { let mut serialized = [0u8; BYTES_PER_RING_ELEMENT]; for i in 0..VECTORS_IN_RING_ELEMENT { - let coefficient = Vector::to_unsigned_representative(re.coefficients[i]); + let coefficient = to_unsigned_representative::(re.coefficients[i]); let bytes = Vector::serialize_12(coefficient); serialized[24 * i..24 * i + 24].copy_from_slice(&bytes); @@ -118,7 +118,7 @@ fn compress_then_serialize_10( let mut serialized = [0u8; OUT_LEN]; for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient = - Vector::compress::<10>(Vector::to_unsigned_representative(re.coefficients[i])); + Vector::compress::<10>(to_unsigned_representative::(re.coefficients[i])); let bytes = Vector::serialize_10(coefficient); serialized[20 * i..20 * i + 20].copy_from_slice(&bytes); @@ -133,7 +133,7 @@ fn compress_then_serialize_11( let mut serialized = [0u8; OUT_LEN]; for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient = - Vector::compress::<11>(Vector::to_unsigned_representative(re.coefficients[i])); + Vector::compress::<11>(to_unsigned_representative::(re.coefficients[i])); let bytes = Vector::serialize_11(coefficient); serialized[22 * i..22 * i + 22].copy_from_slice(&bytes); @@ -165,7 +165,7 @@ fn compress_then_serialize_4( ) { for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient = - Vector::compress::<4>(Vector::to_unsigned_representative(re.coefficients[i])); + Vector::compress::<4>(to_unsigned_representative::(re.coefficients[i])); let bytes = Vector::serialize_4(coefficient); serialized[8 * i..8 * i + 8].copy_from_slice(&bytes); @@ -179,7 +179,7 @@ fn compress_then_serialize_5( ) { for i in 0..VECTORS_IN_RING_ELEMENT { let coefficients = - Vector::compress::<5>(Vector::to_unsigned_representative(re.coefficients[i])); + Vector::compress::<5>(to_unsigned_representative::(re.coefficients[i])); let bytes = Vector::serialize_5(coefficients); serialized[10 * i..10 * i + 10].copy_from_slice(&bytes); diff --git a/polynomials/src/lib.rs b/polynomials/src/lib.rs index 1dd33fd91..6c0a2e5d9 100644 --- a/polynomials/src/lib.rs +++ b/polynomials/src/lib.rs @@ -10,7 +10,10 @@ //! FIXME: This is kyber specific for now. use libcrux_traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; -pub use libcrux_traits::{GenericOperations, Operations, FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS}; +pub use libcrux_traits::{ + decompress_1, montgomery_multiply_fe, to_standard_domain, to_unsigned_representative, + Operations, FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS, +}; // There's no runtime detection here. This either exposes the real SIMD vector, // or the portable when the feature is not set. diff --git a/traits/src/lib.rs b/traits/src/lib.rs index ef59e381f..1f7509ac5 100644 --- a/traits/src/lib.rs +++ b/traits/src/lib.rs @@ -65,28 +65,19 @@ pub trait Operations: Copy + Clone { } // hax does not support trait with default implementations, so we use the following patter -pub trait GenericOperations { - fn montgomery_multiply_fe_by_fer(v: Self, fer: i16) -> Self; - fn to_standard_domain(v: Self) -> Self; - fn to_unsigned_representative(a: Self) -> Self; - fn decompress_1(v: Self) -> Self; +pub fn montgomery_multiply_fe(v: T, fer: i16) -> T { + T::montgomery_multiply_by_constant(v, fer) +} +pub fn to_standard_domain(v: T) -> T { + T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) +} + +pub fn to_unsigned_representative(a: T) -> T { + let t = T::shift_right::<15>(a); + let fm = T::bitwise_and_with_constant(t, FIELD_MODULUS); + T::add(a, &fm) } -impl GenericOperations for T { - fn montgomery_multiply_fe_by_fer(v: Self, fer: i16) -> Self { - Self::montgomery_multiply_by_constant(v, fer) - } - fn to_standard_domain(v: Self) -> Self { - Self::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) - } - - fn to_unsigned_representative(a: Self) -> Self { - let t = Self::shift_right::<15>(a); - let fm = Self::bitwise_and_with_constant(t, FIELD_MODULUS); - Self::add(a, &fm) - } - - fn decompress_1(v: Self) -> Self { - Self::bitwise_and_with_constant(Self::sub(Self::ZERO(), &v), 1665) - } +pub fn decompress_1(v: T) -> T { + T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) } From f85d218879aa62ce86eeb7fb3438464ec8dbb265 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 21 May 2024 15:46:50 +0200 Subject: [PATCH 03/94] refactor: kill strings in unreachable --- libcrux-ml-kem/src/hash_functions.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index cc00df6fd..b2619ec68 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -206,7 +206,7 @@ pub(crate) mod avx2 { &mut out3[0], ); } - _ => unreachable!("This function is only called with 2, 3, 4"), + _ => unreachable!(), } out } @@ -231,7 +231,7 @@ pub(crate) mod avx2 { &mut state, &input[0], &input[1], &input[2], &input[3], ); } - _ => unreachable!("This function is only called with 2, 3, 4"), + _ => unreachable!(), } Self { shake128_state: state, @@ -279,7 +279,7 @@ pub(crate) mod avx2 { &mut out3[0], ); } - _ => unreachable!("This function is only called with 2, 3, 4"), + _ => unreachable!(), } out } @@ -326,7 +326,7 @@ pub(crate) mod avx2 { &mut out3[0], ); } - _ => unreachable!("This function is only called with 2, 3, 4"), + _ => unreachable!(), } out } @@ -462,7 +462,7 @@ pub(crate) mod neon { &mut out3[0], ); } - _ => unreachable!("This function is only called with 2, 3, 4"), + _ => unreachable!(), } out } @@ -522,7 +522,7 @@ pub(crate) mod neon { out[2] = out2; out[3] = out3; } - _ => unreachable!("This function is only called with 2, 3, 4"), + _ => unreachable!(), } out } From 1dfd5d5b2c9fa61ab42823eb4b5bb99af892d9f8 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 23 May 2024 15:13:51 +0200 Subject: [PATCH 04/94] inlining --- libcrux-ml-kem/Cargo.toml | 3 ++- libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/invert_ntt.rs | 4 +--- libcrux-ml-kem/src/lib.rs | 5 ++++- libcrux-ml-kem/src/matrix.rs | 2 +- libcrux-ml-kem/src/ntt.rs | 4 +--- libcrux-ml-kem/src/polynomial.rs | 2 +- libcrux-ml-kem/src/sampling.rs | 2 +- libcrux-ml-kem/src/serialize.rs | 2 +- polynomials/src/lib.rs | 3 +++ 11 files changed, 17 insertions(+), 14 deletions(-) diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 9c9b04b93..4362ebd97 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -13,7 +13,8 @@ exclude = ["/tests", "/implementation_notes.pdf"] rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-pre.2", path = "../libcrux-sha3" } -libcrux-polynomials = { path = "../polynomials/" } +# libcrux-polynomials = { path = "../polynomials/" } +libcrux-traits = { path = "../traits/" } # This is only required for verification. # The hax config is set by the hax toolchain. diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index a538e313b..e90bf05ad 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,4 +1,4 @@ -use libcrux_polynomials::{Operations, PortableVector}; +use crate::libcrux_polynomials::{Operations, PortableVector}; use crate::{ constant_time_ops::{ diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 2271b9ed9..7195c7a81 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -1,4 +1,4 @@ -use libcrux_polynomials::Operations; +use crate::libcrux_polynomials::Operations; use crate::{ constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE}, diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 12a0911a9..037cdb8e4 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -1,10 +1,8 @@ +use crate::libcrux_polynomials::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}; use crate::{ hax_utils::hax_debug_assert, polynomial::{PolynomialRingElement, ZETAS_TIMES_MONTGOMERY_R}, }; -use libcrux_polynomials::{ - montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR, -}; #[inline(always)] pub(crate) fn invert_ntt_at_layer_1( diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 315fe911f..6c83f1f0d 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -37,7 +37,7 @@ //! [F*]: https://fstar-lang.org #![no_std] -#![forbid(unsafe_code, missing_docs)] +#![forbid(unsafe_code)] #![warn(rust_2018_idioms, unused_lifetimes, unused_qualifications)] #![allow(clippy::needless_range_loop)] @@ -71,6 +71,9 @@ pub mod mlkem1024; pub mod mlkem512; pub mod mlkem768; +#[path = "../../polynomials/src/lib.rs"] +pub mod libcrux_polynomials; + pub use constants::SHARED_SECRET_SIZE; pub use ind_cca::{MlKemSharedSecret, ENCAPS_SEED_SIZE, KEY_GENERATION_SEED_SIZE}; // These types all have type aliases for the different variants. diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index b14f9687d..53c366ce4 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -1,4 +1,4 @@ -use libcrux_polynomials::Operations; +use crate::libcrux_polynomials::Operations; use crate::{ hash_functions::Hash, helper::cloop, invert_ntt::invert_ntt_montgomery, diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 383c4a00b..e2d38997b 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -1,10 +1,8 @@ +use crate::libcrux_polynomials::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}; use crate::{ hax_utils::hax_debug_assert, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, ZETAS_TIMES_MONTGOMERY_R}, }; -use libcrux_polynomials::{ - montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR, -}; #[inline(always)] pub(crate) fn ntt_at_layer_1( diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 8c16097ad..45e6521cb 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,4 +1,4 @@ -use libcrux_polynomials::{ +use crate::libcrux_polynomials::{ to_standard_domain, FieldElementTimesMontgomeryR, Operations, FIELD_ELEMENTS_IN_VECTOR, }; diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 26e6ff216..8e9d88e78 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -1,4 +1,4 @@ -use libcrux_polynomials::Operations; +use crate::libcrux_polynomials::Operations; use crate::{ constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, hax_utils::hax_debug_assert, diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 17fa8250a..9ee9757da 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -1,10 +1,10 @@ +use crate::libcrux_polynomials::{decompress_1, to_unsigned_representative, Operations}; use crate::{ constants::{BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE}, hax_utils::hax_debug_assert, helper::cloop, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT}, }; -use libcrux_polynomials::{decompress_1, to_unsigned_representative, Operations}; #[cfg(hax)] use super::constants::COEFFICIENTS_IN_RING_ELEMENT; diff --git a/polynomials/src/lib.rs b/polynomials/src/lib.rs index 6c0a2e5d9..70979fe1d 100644 --- a/polynomials/src/lib.rs +++ b/polynomials/src/lib.rs @@ -9,6 +9,9 @@ //! //! FIXME: This is kyber specific for now. +#[path = "../../traits/src/lib.rs"] +mod libcrux_traits; + use libcrux_traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; pub use libcrux_traits::{ decompress_1, montgomery_multiply_fe, to_standard_domain, to_unsigned_representative, From a2bc1fb71874e3dde16499c12104bbc9bd0943a0 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 24 May 2024 08:34:49 +0200 Subject: [PATCH 05/94] kill two debug_asserts that cause trait issues in Charon --- polynomials/src/lib.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/polynomials/src/lib.rs b/polynomials/src/lib.rs index 70979fe1d..1f89f1462 100644 --- a/polynomials/src/lib.rs +++ b/polynomials/src/lib.rs @@ -349,9 +349,9 @@ fn compress(mut v: PortableVector) -> PortableVecto fn decompress_ciphertext_coefficient( mut v: PortableVector, ) -> PortableVector { - debug_assert!(to_i16_array(v) - .into_iter() - .all(|coefficient| coefficient.abs() < 1 << COEFFICIENT_BITS)); + // debug_assert!(to_i16_array(v) + // .into_iter() + // .all(|coefficient| coefficient.abs() < 1 << COEFFICIENT_BITS)); for i in 0..FIELD_ELEMENTS_IN_VECTOR { let mut decompressed = v.elements[i] as i32 * FIELD_MODULUS as i32; @@ -360,9 +360,9 @@ fn decompress_ciphertext_coefficient( v.elements[i] = decompressed as i16; } - debug_assert!(to_i16_array(v) - .into_iter() - .all(|coefficient| coefficient.abs() as u16 <= 1 << 12)); + // debug_assert!(to_i16_array(v) + // .into_iter() + // .all(|coefficient| coefficient.abs() as u16 <= 1 << 12)); v } From 3b3164c0145d55114607e2b65ee7e2425de63493 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 24 May 2024 09:19:01 +0200 Subject: [PATCH 06/94] commit C snapshot --- libcrux-ml-kem/.gitignore | 2 +- libcrux-ml-kem/c/Eurydice.h | 27 + libcrux-ml-kem/c/LIST.md | 11 + libcrux-ml-kem/c/core.c | 34 + libcrux-ml-kem/c/core.h | 34 + libcrux-ml-kem/c/eurydice_glue.h | 231 + libcrux-ml-kem/c/internal/core.h | 29 + libcrux-ml-kem/c/internal/libcrux_ml_kem.h | 31 + libcrux-ml-kem/c/libcrux_ml_kem.c | 9870 ++++++++++++++++++++ libcrux-ml-kem/c/libcrux_ml_kem.h | 2575 +++++ libcrux-ml-kem/src/polynomial.rs | 19 +- 11 files changed, 12853 insertions(+), 10 deletions(-) create mode 100644 libcrux-ml-kem/c/Eurydice.h create mode 100644 libcrux-ml-kem/c/LIST.md create mode 100644 libcrux-ml-kem/c/core.c create mode 100644 libcrux-ml-kem/c/core.h create mode 100644 libcrux-ml-kem/c/eurydice_glue.h create mode 100644 libcrux-ml-kem/c/internal/core.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_ml_kem.h create mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.c create mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.h diff --git a/libcrux-ml-kem/.gitignore b/libcrux-ml-kem/.gitignore index fed5ebf9b..0eccf5f52 100644 --- a/libcrux-ml-kem/.gitignore +++ b/libcrux-ml-kem/.gitignore @@ -1,4 +1,4 @@ Cargo.lock proofs/fstar/extraction/.cache/ proofs/fstar/extraction/.depend -c +# c diff --git a/libcrux-ml-kem/c/Eurydice.h b/libcrux-ml-kem/c/Eurydice.h new file mode 100644 index 000000000..41c54191f --- /dev/null +++ b/libcrux-ml-kem/c/Eurydice.h @@ -0,0 +1,27 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __Eurydice_H +#define __Eurydice_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "core.h" +#include "eurydice_glue.h" + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#if defined(__cplusplus) +} +#endif + +#define __Eurydice_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/LIST.md b/libcrux-ml-kem/c/LIST.md new file mode 100644 index 000000000..a34681d42 --- /dev/null +++ b/libcrux-ml-kem/c/LIST.md @@ -0,0 +1,11 @@ +This file lists the changes I did to make progres extracting & compiling ml-kem + +For each problem in `libcrux_ml_kem.c`, I added a `FIXME` comment there as well. + + - `src/polynomial.rs`: removed `add_message_error_reduce`, makes eurydice crash + - `c/libcrux_ml_kem.c`: commented out `libcrux_ml_kem_libcrux_polynomials_from_i16_array`, contains a `core_result_Result` type what should have been monomorphized + - `c/libcrux_ml_kem.c`: `libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector`: replace assignments with `memcpy`s (tried to assign array LHS) + - `c/eurydice_glue.h` added `core_slice___Slice_T___split_at_mut` + - `c/eurydice_glue.h` added `core_core_arch_x86___m256i` + - `c/eurydice_glue.h` added `core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut` + diff --git a/libcrux-ml-kem/c/core.c b/libcrux-ml-kem/c/core.c new file mode 100644 index 000000000..6357c4a7e --- /dev/null +++ b/libcrux-ml-kem/c/core.c @@ -0,0 +1,34 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/core.h" + +typedef struct Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +Option__size_t; + +typedef size_t RangeTo__size_t; + +typedef size_t RangeFrom__size_t; + +typedef struct Option__uint32_t_s +{ + core_option_Option__size_t_tags tag; + uint32_t f0; +} +Option__uint32_t; + +typedef struct Option__int32_t_s +{ + core_option_Option__size_t_tags tag; + int32_t f0; +} +Option__int32_t; + diff --git a/libcrux-ml-kem/c/core.h b/libcrux-ml-kem/c/core.h new file mode 100644 index 000000000..73d4c37a8 --- /dev/null +++ b/libcrux-ml-kem/c/core.h @@ -0,0 +1,34 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __core_H +#define __core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +#if defined(__cplusplus) +} +#endif + +#define __core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h new file mode 100644 index 000000000..053694d26 --- /dev/null +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -0,0 +1,231 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. +// the number of elements in the slice (this is NOT the number of bytes). This design choice has two +// important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end +// index in x (excluded). The argument x must be suitably cast to something that can decay (see +// remark above about how pointer arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +#define EURYDICE_SLICE_LEN(s, _) s.len +#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) + +#include +#define core_core_arch_x86___m256i __m256i + +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq + +#define core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(subslice, _t, _ret_t) subslice + + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + +// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. +typedef struct +{ + uint8_t tag; + uint8_t case_Ok[]; +} +result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) +{ + return x; +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ + ((iter_ptr)->start == (iter_ptr)->end) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ + ) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static +// inline function cannot receive a type as an argument. Instead, we receive the element size and +// use it to peform manual offset computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; + Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); + chunks->slice = ((Eurydice_slice) { + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size + }); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ + .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ + .chunk_size = sz_ }) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t)) })) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ + (((iter)->index == (iter)->s.len) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) + +// MISC + +#define core_fmt_Formatter void + + +// VECTORS + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size/sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX/2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t*)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) + +#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-ml-kem/c/internal/core.h b/libcrux-ml-kem/c/internal/core.h new file mode 100644 index 000000000..a03dd66fa --- /dev/null +++ b/libcrux-ml-kem/c/internal/core.h @@ -0,0 +1,29 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_core_H +#define __internal_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../core.h" +#include "eurydice_glue.h" + +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); + +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); + +#define CORE_NUM__U32_8__BITS (32U) + +#if defined(__cplusplus) +} +#endif + +#define __internal_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_ml_kem.h b/libcrux-ml-kem/c/internal/libcrux_ml_kem.h new file mode 100644 index 000000000..58d9a57e2 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_ml_kem.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_libcrux_ml_kem_H +#define __internal_libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/core.h" +#include "../libcrux_ml_kem.h" +#include "eurydice_glue.h" + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s +{ + core_option_Option__size_t_tags tag; + Eurydice_slice f0; +} +core_option_Option__Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c new file mode 100644 index 000000000..6391cf86e --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_ml_kem.c @@ -0,0 +1,9870 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/libcrux_ml_kem.h" + +#include "internal/core.h" + +uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) +{ + uint16_t value0 = (uint16_t)value; + uint16_t uu____0 = value0; + uint16_t + result = + (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) + >> 8U + & 1U; + return (uint8_t)result; +} + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +) +{ + uint8_t + mask = core_num__u8_6__wrapping_sub(libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); + uint8_t out[32U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) + { + size_t i0 = i; + uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); + out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); + } + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials___core__clone__Clone_for_libcrux_ml_kem__libcrux_polynomials__PortableVector__1__clone( + int16_t (*self)[16U], + int16_t ret[16U] +) +{ + memcpy(ret, self[0U], (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_zero(int16_t ret[16U]) +{ + ret[0U] = (int16_t)0; + ret[1U] = (int16_t)0; + ret[2U] = (int16_t)0; + ret[3U] = (int16_t)0; + ret[4U] = (int16_t)0; + ret[5U] = (int16_t)0; + ret[6U] = (int16_t)0; + ret[7U] = (int16_t)0; + ret[8U] = (int16_t)0; + ret[9U] = (int16_t)0; + ret[10U] = (int16_t)0; + ret[11U] = (int16_t)0; + ret[12U] = (int16_t)0; + ret[13U] = (int16_t)0; + ret[14U] = (int16_t)0; + ret[15U] = (int16_t)0; +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO( + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_to_i16_array(int16_t v[16U], int16_t ret[16U]) +{ + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___to_i16_array( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_to_i16_array(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +#define Ok 0 +#define Err 1 + +typedef uint8_t Result__int16_t_16size_t__core_array_TryFromSliceError_tags; + +typedef struct Result__int16_t_16size_t__core_array_TryFromSliceError_s +{ + Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + int16_t case_Ok[16U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__int16_t_16size_t__core_array_TryFromSliceError; + +static void +unwrap__int16_t_16size_t__core_array_TryFromSliceError( + Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +) +{ + if (self.tag == Ok) + { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]) +{ + + /* int16_t ret0[16U]; */ + + /* FIXME: `core_result_Result` seems not to be properly monomorphized here */ + + /* core_result_Result dst; */ + + /* Eurydice_slice_to_array2(&dst, */ + /* Eurydice_slice_subslice(array, */ + /* ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), */ + /* int16_t, */ + /* core_ops_range_Range__size_t, */ + /* Eurydice_slice), */ + /* Eurydice_slice, */ + /* int16_t [16U], */ + /* void *); */ + /* unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret0); */ + /* memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); */ +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___from_i16_array( + Eurydice_slice array, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_from_i16_array(array, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_add(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs[uu____0] = lhs[uu____0] + rhs[0U][i0]; + } + memcpy(ret, lhs, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add( + int16_t lhs[16U], + int16_t (*rhs)[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_add(lhs, rhs, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_sub(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs[uu____0] = lhs[uu____0] - rhs[0U][i0]; + } + memcpy(ret, lhs, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub( + int16_t lhs[16U], + int16_t (*rhs)[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_sub(lhs, rhs, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_multiply_by_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v[uu____0] = v[uu____0] * c; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___multiply_by_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_multiply_by_constant(v, c, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_bitwise_and_with_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v[uu____0] = v[uu____0] & c; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_bitwise_and_with_constant(v, c, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_cond_subtract_3329(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + if (v[i0] >= (int16_t)3329) + { + size_t uu____0 = i0; + v[uu____0] = v[uu____0] - (int16_t)3329; + } + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___cond_subtract_3329( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_cond_subtract_3329(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +int16_t libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(int16_t value) +{ + int32_t + t = + (int32_t)value + * LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_R >> 1U); + int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; +} + +inline void libcrux_ml_kem_libcrux_polynomials_barrett_reduce(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[i0]); + v[i0] = uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_barrett_reduce(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +int16_t libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element(int32_t value) +{ + int32_t + k = + (int32_t)(int16_t)value + * + (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t + k_times_modulus = + (int32_t)(int16_t)k + * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; + int16_t + c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT); + int16_t + value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT); + return value_high - c; +} + +inline int16_t +libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) +{ + return + libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element((int32_t)fe * (int32_t)fer); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_by_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[i0], c); + v[i0] = uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant( + int16_t v[16U], + int16_t r, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_by_constant(v, r, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +uint8_t libcrux_ml_kem_libcrux_polynomials_compress_message_coefficient(uint16_t fe) +{ + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +inline void libcrux_ml_kem_libcrux_polynomials_compress_1(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + uint8_t + uu____0 = libcrux_ml_kem_libcrux_polynomials_compress_message_coefficient((uint16_t)v[i0]); + v[i0] = (int16_t)uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress_1( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_compress_1(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline uint32_t +libcrux_ml_kem_libcrux_polynomials_get_n_least_significant_bits(uint8_t n, uint32_t value) +{ + return value & ((1U << (uint32_t)n) - 1U); +} + +int16_t +libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient( + uint8_t coefficient_bits, + uint16_t fe +) +{ + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return + (int16_t)libcrux_ml_kem_libcrux_polynomials_get_n_least_significant_bits(coefficient_bits, + (uint32_t)compressed); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_ntt_layer_1_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +) +{ + int16_t t = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[2U], zeta0); + v[2U] = v[0U] - t; + v[0U] = v[0U] + t; + int16_t t0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[3U], zeta0); + v[3U] = v[1U] - t0; + v[1U] = v[1U] + t0; + int16_t t1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[6U], zeta1); + v[6U] = v[4U] - t1; + v[4U] = v[4U] + t1; + int16_t t2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[7U], zeta1); + v[7U] = v[5U] - t2; + v[5U] = v[5U] + t2; + int16_t + t3 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)2U], + zeta2); + v[(size_t)8U + (size_t)2U] = v[(size_t)8U + (size_t)0U] - t3; + v[(size_t)8U + (size_t)0U] = v[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)3U], + zeta2); + v[(size_t)8U + (size_t)3U] = v[(size_t)8U + (size_t)1U] - t4; + v[(size_t)8U + (size_t)1U] = v[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)6U], + zeta3); + v[(size_t)8U + (size_t)6U] = v[(size_t)8U + (size_t)4U] - t5; + v[(size_t)8U + (size_t)4U] = v[(size_t)8U + (size_t)4U] + t5; + int16_t + t6 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)7U], + zeta3); + v[(size_t)8U + (size_t)7U] = v[(size_t)8U + (size_t)5U] - t6; + v[(size_t)8U + (size_t)5U] = v[(size_t)8U + (size_t)5U] + t6; + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_1_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_ntt_layer_2_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +) +{ + int16_t t = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[4U], zeta0); + v[4U] = v[0U] - t; + v[0U] = v[0U] + t; + int16_t t0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[5U], zeta0); + v[5U] = v[1U] - t0; + v[1U] = v[1U] + t0; + int16_t t1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[6U], zeta0); + v[6U] = v[2U] - t1; + v[2U] = v[2U] + t1; + int16_t t2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[7U], zeta0); + v[7U] = v[3U] - t2; + v[3U] = v[3U] + t2; + int16_t + t3 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)4U], + zeta1); + v[(size_t)8U + (size_t)4U] = v[(size_t)8U + (size_t)0U] - t3; + v[(size_t)8U + (size_t)0U] = v[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)5U], + zeta1); + v[(size_t)8U + (size_t)5U] = v[(size_t)8U + (size_t)1U] - t4; + v[(size_t)8U + (size_t)1U] = v[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)6U], + zeta1); + v[(size_t)8U + (size_t)6U] = v[(size_t)8U + (size_t)2U] - t5; + v[(size_t)8U + (size_t)2U] = v[(size_t)8U + (size_t)2U] + t5; + int16_t + t6 = + libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)7U], + zeta1); + v[(size_t)8U + (size_t)7U] = v[(size_t)8U + (size_t)3U] - t6; + v[(size_t)8U + (size_t)3U] = v[(size_t)8U + (size_t)3U] + t6; + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_2_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_ntt_layer_2_step(a, zeta0, zeta1, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_ntt_layer_3_step( + int16_t v[16U], + int16_t zeta, + int16_t ret[16U] +) +{ + int16_t t = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[8U], zeta); + v[8U] = v[0U] - t; + v[0U] = v[0U] + t; + int16_t t0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[9U], zeta); + v[9U] = v[1U] - t0; + v[1U] = v[1U] + t0; + int16_t t1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[10U], zeta); + v[10U] = v[2U] - t1; + v[2U] = v[2U] + t1; + int16_t t2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[11U], zeta); + v[11U] = v[3U] - t2; + v[3U] = v[3U] + t2; + int16_t t3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[12U], zeta); + v[12U] = v[4U] - t3; + v[4U] = v[4U] + t3; + int16_t t4 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[13U], zeta); + v[13U] = v[5U] - t4; + v[5U] = v[5U] + t4; + int16_t t5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[14U], zeta); + v[14U] = v[6U] - t5; + v[6U] = v[6U] + t5; + int16_t t6 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[15U], zeta); + v[15U] = v[7U] - t6; + v[7U] = v[7U] + t6; + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_3_step( + int16_t a[16U], + int16_t zeta, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_ntt_layer_3_step(a, zeta, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_1_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +) +{ + int16_t a_minus_b = v[2U] - v[0U]; + int16_t uu____0 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[0U] + v[2U]); + v[0U] = uu____0; + int16_t + uu____1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v[2U] = uu____1; + int16_t a_minus_b0 = v[3U] - v[1U]; + int16_t uu____2 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[1U] + v[3U]); + v[1U] = uu____2; + int16_t + uu____3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v[3U] = uu____3; + int16_t a_minus_b1 = v[6U] - v[4U]; + int16_t uu____4 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[4U] + v[6U]); + v[4U] = uu____4; + int16_t + uu____5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + v[6U] = uu____5; + int16_t a_minus_b2 = v[7U] - v[5U]; + int16_t uu____6 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[5U] + v[7U]); + v[5U] = uu____6; + int16_t + uu____7 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + v[7U] = uu____7; + int16_t a_minus_b3 = v[(size_t)8U + (size_t)2U] - v[(size_t)8U + (size_t)0U]; + int16_t + uu____8 = + libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U + + (size_t)0U] + + v[(size_t)8U + (size_t)2U]); + v[(size_t)8U + (size_t)0U] = uu____8; + int16_t + uu____9 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + v[(size_t)8U + (size_t)2U] = uu____9; + int16_t a_minus_b4 = v[(size_t)8U + (size_t)3U] - v[(size_t)8U + (size_t)1U]; + int16_t + uu____10 = + libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U + + (size_t)1U] + + v[(size_t)8U + (size_t)3U]); + v[(size_t)8U + (size_t)1U] = uu____10; + int16_t + uu____11 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + v[(size_t)8U + (size_t)3U] = uu____11; + int16_t a_minus_b5 = v[(size_t)8U + (size_t)6U] - v[(size_t)8U + (size_t)4U]; + int16_t + uu____12 = + libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U + + (size_t)4U] + + v[(size_t)8U + (size_t)6U]); + v[(size_t)8U + (size_t)4U] = uu____12; + int16_t + uu____13 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + v[(size_t)8U + (size_t)6U] = uu____13; + int16_t a_minus_b6 = v[(size_t)8U + (size_t)7U] - v[(size_t)8U + (size_t)5U]; + int16_t + uu____14 = + libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U + + (size_t)5U] + + v[(size_t)8U + (size_t)7U]); + v[(size_t)8U + (size_t)5U] = uu____14; + int16_t + uu____15 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + v[(size_t)8U + (size_t)7U] = uu____15; + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_1_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_2_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +) +{ + int16_t a_minus_b = v[4U] - v[0U]; + v[0U] = v[0U] + v[4U]; + int16_t + uu____0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v[4U] = uu____0; + int16_t a_minus_b0 = v[5U] - v[1U]; + v[1U] = v[1U] + v[5U]; + int16_t + uu____1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v[5U] = uu____1; + int16_t a_minus_b1 = v[6U] - v[2U]; + v[2U] = v[2U] + v[6U]; + int16_t + uu____2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + v[6U] = uu____2; + int16_t a_minus_b2 = v[7U] - v[3U]; + v[3U] = v[3U] + v[7U]; + int16_t + uu____3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + v[7U] = uu____3; + int16_t a_minus_b3 = v[(size_t)8U + (size_t)4U] - v[(size_t)8U + (size_t)0U]; + v[(size_t)8U + (size_t)0U] = v[(size_t)8U + (size_t)0U] + v[(size_t)8U + (size_t)4U]; + int16_t + uu____4 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v[(size_t)8U + (size_t)4U] = uu____4; + int16_t a_minus_b4 = v[(size_t)8U + (size_t)5U] - v[(size_t)8U + (size_t)1U]; + v[(size_t)8U + (size_t)1U] = v[(size_t)8U + (size_t)1U] + v[(size_t)8U + (size_t)5U]; + int16_t + uu____5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v[(size_t)8U + (size_t)5U] = uu____5; + int16_t a_minus_b5 = v[(size_t)8U + (size_t)6U] - v[(size_t)8U + (size_t)2U]; + v[(size_t)8U + (size_t)2U] = v[(size_t)8U + (size_t)2U] + v[(size_t)8U + (size_t)6U]; + int16_t + uu____6 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v[(size_t)8U + (size_t)6U] = uu____6; + int16_t a_minus_b6 = v[(size_t)8U + (size_t)7U] - v[(size_t)8U + (size_t)3U]; + v[(size_t)8U + (size_t)3U] = v[(size_t)8U + (size_t)3U] + v[(size_t)8U + (size_t)7U]; + int16_t + uu____7 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v[(size_t)8U + (size_t)7U] = uu____7; + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_2_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_2_step(a, zeta0, zeta1, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_3_step( + int16_t v[16U], + int16_t zeta, + int16_t ret[16U] +) +{ + int16_t a_minus_b = v[8U] - v[0U]; + v[0U] = v[0U] + v[8U]; + int16_t + uu____0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + v[8U] = uu____0; + int16_t a_minus_b0 = v[9U] - v[1U]; + v[1U] = v[1U] + v[9U]; + int16_t + uu____1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + v[9U] = uu____1; + int16_t a_minus_b1 = v[10U] - v[2U]; + v[2U] = v[2U] + v[10U]; + int16_t + uu____2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + v[10U] = uu____2; + int16_t a_minus_b2 = v[11U] - v[3U]; + v[3U] = v[3U] + v[11U]; + int16_t + uu____3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + v[11U] = uu____3; + int16_t a_minus_b3 = v[12U] - v[4U]; + v[4U] = v[4U] + v[12U]; + int16_t + uu____4 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + v[12U] = uu____4; + int16_t a_minus_b4 = v[13U] - v[5U]; + v[5U] = v[5U] + v[13U]; + int16_t + uu____5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + v[13U] = uu____5; + int16_t a_minus_b5 = v[14U] - v[6U]; + v[6U] = v[6U] + v[14U]; + int16_t + uu____6 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + v[14U] = uu____6; + int16_t a_minus_b6 = v[15U] - v[7U]; + v[7U] = v[7U] + v[15U]; + int16_t + uu____7 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + v[15U] = uu____7; + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_3_step( + int16_t a[16U], + int16_t zeta, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_3_step(a, zeta, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline K___int16_t_int16_t +libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +) +{ + int16_t a0 = _.fst; + int16_t a1 = _.snd; + int16_t b0 = _0.fst; + int16_t b1 = _0.snd; + int32_t uu____0 = (int32_t)a0 * (int32_t)b0; + int16_t + uu____1 = + libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element(uu____0 + + + (int32_t)libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element((int32_t)a1 + * (int32_t)b1) + * (int32_t)zeta); + return + ( + (K___int16_t_int16_t){ + .fst = uu____1, + .snd = libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element((int32_t)a0 + * (int32_t)b1 + + (int32_t)a1 * (int32_t)b0) + } + ); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_ntt_multiply( + int16_t (*lhs)[16U], + int16_t (*rhs)[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +) +{ + int16_t out[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(out); + K___int16_t_int16_t lit0; + lit0.fst = lhs[0U][0U]; + lit0.snd = lhs[0U][1U]; + K___int16_t_int16_t lit1; + lit1.fst = rhs[0U][0U]; + lit1.snd = rhs[0U][1U]; + K___int16_t_int16_t + product = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit0, lit1, zeta0); + out[0U] = product.fst; + out[1U] = product.snd; + K___int16_t_int16_t lit2; + lit2.fst = lhs[0U][2U]; + lit2.snd = lhs[0U][3U]; + K___int16_t_int16_t lit3; + lit3.fst = rhs[0U][2U]; + lit3.snd = rhs[0U][3U]; + K___int16_t_int16_t + product0 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit2, lit3, -zeta0); + out[2U] = product0.fst; + out[3U] = product0.snd; + K___int16_t_int16_t lit4; + lit4.fst = lhs[0U][4U]; + lit4.snd = lhs[0U][5U]; + K___int16_t_int16_t lit5; + lit5.fst = rhs[0U][4U]; + lit5.snd = rhs[0U][5U]; + K___int16_t_int16_t + product1 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit4, lit5, zeta1); + out[4U] = product1.fst; + out[5U] = product1.snd; + K___int16_t_int16_t lit6; + lit6.fst = lhs[0U][6U]; + lit6.snd = lhs[0U][7U]; + K___int16_t_int16_t lit7; + lit7.fst = rhs[0U][6U]; + lit7.snd = rhs[0U][7U]; + K___int16_t_int16_t + product2 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit6, lit7, -zeta1); + out[6U] = product2.fst; + out[7U] = product2.snd; + K___int16_t_int16_t lit8; + lit8.fst = lhs[0U][(size_t)8U + (size_t)0U]; + lit8.snd = lhs[0U][(size_t)8U + (size_t)1U]; + K___int16_t_int16_t lit9; + lit9.fst = rhs[0U][(size_t)8U + (size_t)0U]; + lit9.snd = rhs[0U][(size_t)8U + (size_t)1U]; + K___int16_t_int16_t + product3 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit8, lit9, zeta2); + out[(size_t)8U + (size_t)0U] = product3.fst; + out[(size_t)8U + (size_t)1U] = product3.snd; + K___int16_t_int16_t lit10; + lit10.fst = lhs[0U][(size_t)8U + (size_t)2U]; + lit10.snd = lhs[0U][(size_t)8U + (size_t)3U]; + K___int16_t_int16_t lit11; + lit11.fst = rhs[0U][(size_t)8U + (size_t)2U]; + lit11.snd = rhs[0U][(size_t)8U + (size_t)3U]; + K___int16_t_int16_t + product4 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit10, lit11, -zeta2); + out[(size_t)8U + (size_t)2U] = product4.fst; + out[(size_t)8U + (size_t)3U] = product4.snd; + K___int16_t_int16_t lit12; + lit12.fst = lhs[0U][(size_t)8U + (size_t)4U]; + lit12.snd = lhs[0U][(size_t)8U + (size_t)5U]; + K___int16_t_int16_t lit13; + lit13.fst = rhs[0U][(size_t)8U + (size_t)4U]; + lit13.snd = rhs[0U][(size_t)8U + (size_t)5U]; + K___int16_t_int16_t + product5 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit12, lit13, zeta3); + out[(size_t)8U + (size_t)4U] = product5.fst; + out[(size_t)8U + (size_t)5U] = product5.snd; + K___int16_t_int16_t lit14; + lit14.fst = lhs[0U][(size_t)8U + (size_t)6U]; + lit14.snd = lhs[0U][(size_t)8U + (size_t)7U]; + K___int16_t_int16_t lit; + lit.fst = rhs[0U][(size_t)8U + (size_t)6U]; + lit.snd = rhs[0U][(size_t)8U + (size_t)7U]; + K___int16_t_int16_t + product6 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit14, lit, -zeta3); + out[(size_t)8U + (size_t)6U] = product6.fst; + out[(size_t)8U + (size_t)7U] = product6.snd; + memcpy(ret, out, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_multiply( + int16_t (*lhs)[16U], + int16_t (*rhs)[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_serialize_1(int16_t v[16U], uint8_t ret[2U]) +{ + uint8_t result[2U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) + { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] + | (uint32_t)(uint8_t)v[i0] << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_1( + int16_t a[16U], + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_libcrux_polynomials_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_deserialize_1(Eurydice_slice v, int16_t ret[16U]) +{ + int16_t result[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(result); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); + result[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); + } + for + (size_t + i = (size_t)8U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); + result[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + } + memcpy(ret, result, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_1( + Eurydice_slice a, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_deserialize_1(a, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_serialize_4(int16_t v[16U], uint8_t ret[8U]) +{ + uint8_t result[8U] = { 0U }; + result[0U] = (uint32_t)(uint8_t)v[1U] << 4U | (uint32_t)(uint8_t)v[0U]; + result[1U] = (uint32_t)(uint8_t)v[3U] << 4U | (uint32_t)(uint8_t)v[2U]; + result[2U] = (uint32_t)(uint8_t)v[5U] << 4U | (uint32_t)(uint8_t)v[4U]; + result[3U] = (uint32_t)(uint8_t)v[7U] << 4U | (uint32_t)(uint8_t)v[6U]; + result[4U] = + (uint32_t)(uint8_t)v[(size_t)8U + (size_t)1U] + << 4U + | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)0U]; + result[5U] = + (uint32_t)(uint8_t)v[(size_t)8U + (size_t)3U] + << 4U + | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)2U]; + result[6U] = + (uint32_t)(uint8_t)v[(size_t)8U + (size_t)5U] + << 4U + | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)4U]; + result[7U] = + (uint32_t)(uint8_t)v[(size_t)8U + (size_t)7U] + << 4U + | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_4( + int16_t a[16U], + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_libcrux_polynomials_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_deserialize_4(Eurydice_slice bytes, int16_t ret[16U]) +{ + int16_t v[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(v); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_4( + Eurydice_slice a, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_deserialize_4(a, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_serialize_5(int16_t v[16U], uint8_t ret[10U]) +{ + uint8_t result[10U] = { 0U }; + result[0U] = (uint8_t)((v[1U] & (int16_t)7) << 5U | v[0U]); + result[1U] = (uint8_t)(((v[3U] & (int16_t)1) << 7U | v[2U] << 2U) | v[1U] >> 3U); + result[2U] = (uint8_t)((v[4U] & (int16_t)15) << 4U | v[3U] >> 1U); + result[3U] = (uint8_t)(((v[6U] & (int16_t)3) << 6U | v[5U] << 1U) | v[4U] >> 4U); + result[4U] = (uint8_t)(v[7U] << 3U | v[6U] >> 2U); + result[5U] = + (uint8_t)((v[(size_t)8U + (size_t)1U] & (int16_t)7) << 5U | v[(size_t)8U + (size_t)0U]); + result[6U] = + (uint8_t)(((v[(size_t)8U + (size_t)3U] & (int16_t)1) << 7U | v[(size_t)8U + (size_t)2U] << 2U) + | v[(size_t)8U + (size_t)1U] >> 3U); + result[7U] = + (uint8_t)((v[(size_t)8U + (size_t)4U] & (int16_t)15) << 4U | v[(size_t)8U + (size_t)3U] >> 1U); + result[8U] = + (uint8_t)(((v[(size_t)8U + (size_t)6U] & (int16_t)3) << 6U | v[(size_t)8U + (size_t)5U] << 1U) + | v[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = (uint8_t)(v[(size_t)8U + (size_t)7U] << 3U | v[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_5( + int16_t a[16U], + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_libcrux_polynomials_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_deserialize_5(Eurydice_slice bytes, int16_t ret[16U]) +{ + int16_t v[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(v); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); + uint8_t + uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); + uint8_t + uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); + uint8_t + uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); + uint8_t + uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); + uint8_t + uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) + << 3U; + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); + uint8_t + uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) + << 1U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t + uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) + << 4U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); + v[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); + uint8_t + uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) + << 2U; + uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); + v[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_5( + Eurydice_slice a, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_deserialize_5(a, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_serialize_10(int16_t v[16U], uint8_t ret[20U]) +{ + uint8_t result[20U] = { 0U }; + result[0U] = (uint8_t)(v[0U] & (int16_t)255); + result[1U] = + (uint32_t)(uint8_t)(v[1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v[0U] >> 8U & (int16_t)3); + result[2U] = + (uint32_t)(uint8_t)(v[2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v[1U] >> 6U & (int16_t)15); + result[3U] = + (uint32_t)(uint8_t)(v[3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v[2U] >> 4U & (int16_t)63); + result[4U] = (uint8_t)(v[3U] >> 2U & (int16_t)255); + result[5U] = (uint8_t)(v[4U] & (int16_t)255); + result[6U] = + (uint32_t)(uint8_t)(v[5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v[4U] >> 8U & (int16_t)3); + result[7U] = + (uint32_t)(uint8_t)(v[6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v[5U] >> 6U & (int16_t)15); + result[8U] = + (uint32_t)(uint8_t)(v[7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v[6U] >> 4U & (int16_t)63); + result[9U] = (uint8_t)(v[7U] >> 2U & (int16_t)255); + result[10U] = (uint8_t)(v[(size_t)8U + (size_t)0U] & (int16_t)255); + result[11U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + result[12U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + result[13U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); + result[14U] = (uint8_t)(v[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + result[15U] = (uint8_t)(v[(size_t)8U + (size_t)4U] & (int16_t)255); + result[16U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + result[17U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + result[18U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); + result[19U] = (uint8_t)(v[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10( + int16_t a[16U], + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_libcrux_polynomials_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_deserialize_10(Eurydice_slice bytes, int16_t ret[16U]) +{ + int16_t result[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(result); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + result[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; + int16_t + uu____8 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); + int16_t + uu____10 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; + int16_t + uu____12 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + result[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; + int16_t + uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); + result[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); + result[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); + result[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; + int16_t + uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); + result[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; + int16_t + uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); + result[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); + int16_t + uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); + result[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; + int16_t + uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); + result[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; + int16_t + uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); + result[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; + memcpy(ret, result, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_10( + Eurydice_slice a, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_deserialize_10(a, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_serialize_11(int16_t v[16U], uint8_t ret[22U]) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v[0U]; + result[1U] = (uint32_t)(uint8_t)(v[1U] & (int16_t)31) << 3U | (uint32_t)(uint8_t)(v[0U] >> 8U); + result[2U] = (uint32_t)(uint8_t)(v[2U] & (int16_t)3) << 6U | (uint32_t)(uint8_t)(v[1U] >> 5U); + result[3U] = (uint8_t)(v[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v[2U] >> 10U); + result[5U] = (uint32_t)(uint8_t)(v[4U] & (int16_t)15) << 4U | (uint32_t)(uint8_t)(v[3U] >> 7U); + result[6U] = (uint32_t)(uint8_t)(v[5U] & (int16_t)1) << 7U | (uint32_t)(uint8_t)(v[4U] >> 4U); + result[7U] = (uint8_t)(v[5U] >> 1U & (int16_t)255); + result[8U] = (uint32_t)(uint8_t)(v[6U] & (int16_t)63) << 2U | (uint32_t)(uint8_t)(v[5U] >> 9U); + result[9U] = (uint32_t)(uint8_t)(v[7U] & (int16_t)7) << 5U | (uint32_t)(uint8_t)(v[6U] >> 6U); + result[10U] = (uint8_t)(v[7U] >> 3U); + result[11U] = (uint8_t)v[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11( + int16_t a[16U], + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_libcrux_polynomials_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_deserialize_11(Eurydice_slice bytes, int16_t ret[16U]) +{ + int16_t result[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(result); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + memcpy(ret, result, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_11( + Eurydice_slice a, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_deserialize_11(a, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void libcrux_ml_kem_libcrux_polynomials_serialize_12(int16_t v[16U], uint8_t ret[24U]) +{ + uint8_t result[24U] = { 0U }; + result[0U] = (uint8_t)(v[0U] & (int16_t)255); + result[1U] = (uint8_t)(v[0U] >> 8U | (v[1U] & (int16_t)15) << 4U); + result[2U] = (uint8_t)(v[1U] >> 4U & (int16_t)255); + result[3U] = (uint8_t)(v[2U] & (int16_t)255); + result[4U] = (uint8_t)(v[2U] >> 8U | (v[3U] & (int16_t)15) << 4U); + result[5U] = (uint8_t)(v[3U] >> 4U & (int16_t)255); + result[6U] = (uint8_t)(v[4U] & (int16_t)255); + result[7U] = (uint8_t)(v[4U] >> 8U | (v[5U] & (int16_t)15) << 4U); + result[8U] = (uint8_t)(v[5U] >> 4U & (int16_t)255); + result[9U] = (uint8_t)(v[6U] & (int16_t)255); + result[10U] = (uint8_t)(v[6U] >> 8U | (v[7U] & (int16_t)15) << 4U); + result[11U] = (uint8_t)(v[7U] >> 4U & (int16_t)255); + result[12U] = (uint8_t)(v[(size_t)8U + (size_t)0U] & (int16_t)255); + result[13U] = + (uint8_t)(v[(size_t)8U + (size_t)0U] >> 8U | (v[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = (uint8_t)(v[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + result[15U] = (uint8_t)(v[(size_t)8U + (size_t)2U] & (int16_t)255); + result[16U] = + (uint8_t)(v[(size_t)8U + (size_t)2U] >> 8U | (v[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = (uint8_t)(v[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + result[18U] = (uint8_t)(v[(size_t)8U + (size_t)4U] & (int16_t)255); + result[19U] = + (uint8_t)(v[(size_t)8U + (size_t)4U] >> 8U | (v[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = (uint8_t)(v[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + result[21U] = (uint8_t)(v[(size_t)8U + (size_t)6U] & (int16_t)255); + result[22U] = + (uint8_t)(v[(size_t)8U + (size_t)6U] >> 8U | (v[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = (uint8_t)(v[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_12( + int16_t a[16U], + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_libcrux_polynomials_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_deserialize_12(Eurydice_slice bytes, int16_t ret[16U]) +{ + int16_t re[16U]; + libcrux_ml_kem_libcrux_polynomials_zero(re); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); + int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); + re[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + re[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + re[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); + re[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); + re[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); + re[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); + re[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); + re[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); + int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); + int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); + int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); + int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); + int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); + int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); + int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); + int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); + int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); + int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); + int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); + int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); + re[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); + re[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); + re[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); + re[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); + re[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); + re[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); + re[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); + re[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); + memcpy(ret, re, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12( + Eurydice_slice a, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_deserialize_12(a, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline size_t +libcrux_ml_kem_libcrux_polynomials_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_libcrux_polynomials_rej_sample(a, out); +} + +const +int16_t +libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = + { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, + (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, + (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, + (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, + (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, + (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, + (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, + (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, + (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, + (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, + (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, + (int16_t)1522, (int16_t)1628 + }; + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret0); + /* FIXME: assignment with array LHS */ + + /* ret[0U] = ret0; */ memcpy(ret[0U], ret0, sizeof(int16_t) * 16); + int16_t ret1[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret1); + /* ret[1U] = ret1; */ memcpy(ret[1U], ret1, sizeof(int16_t) * 16); + int16_t ret2[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret2); + /* ret[2U] = ret2; */ memcpy(ret[2U], ret2, sizeof(int16_t) * 16); + int16_t ret3[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret3); + /* ret[3U] = ret3; */ memcpy(ret[3U], ret3, sizeof(int16_t) * 16); + int16_t ret4[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret4); + /* ret[4U] = ret4; */ memcpy(ret[4U], ret4, sizeof(int16_t) * 16); + int16_t ret5[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret5); + /* ret[5U] = ret5; */ memcpy(ret[5U], ret5, sizeof(int16_t) * 16); + int16_t ret6[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret6); + /* ret[6U] = ret6; */ memcpy(ret[6U], ret6, sizeof(int16_t) * 16); + int16_t ret7[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret7); + /* ret[7U] = ret7; */ memcpy(ret[7U], ret7, sizeof(int16_t) * 16); + int16_t ret8[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret8); + /* ret[8U] = ret8; */ memcpy(ret[8U], ret8, sizeof(int16_t) * 16); + int16_t ret9[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret9); + /* ret[9U] = ret9; */ memcpy(ret[9U], ret9, sizeof(int16_t) * 16); + int16_t ret10[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret10); + /* ret[10U] = ret10; */ memcpy(ret[10U], ret10, sizeof(int16_t) * 16); + int16_t ret11[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret11); + /* ret[11U] = ret11; */ memcpy(ret[11U], ret11, sizeof(int16_t) * 16); + int16_t ret12[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret12); + /* ret[12U] = ret12; */ memcpy(ret[12U], ret12, sizeof(int16_t) * 16); + int16_t ret13[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret13); + /* ret[13U] = ret13; */ memcpy(ret[13U], ret13, sizeof(int16_t) * 16); + int16_t ret14[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret14); + /* ret[14U] = ret14; */ memcpy(ret[14U], ret14, sizeof(int16_t) * 16); + int16_t ret15[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret15); + /* ret[15U] = ret15; */ memcpy(ret[15U], ret15, sizeof(int16_t) * 16); +} + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + int16_t coefficient[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12(bytes, + coefficient); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___cond_subtract_3329(coefficient, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t(i, + deserialized_pk[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, + uu____0); + memcpy(deserialized_pk[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + deserialized_pk, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_shift_right___15int32_t(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + v[i0] = v[i0] >> (uint32_t)(int32_t)15; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___shift_right___15int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_shift_right___15int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t a[16U], + int16_t ret[16U] +) +{ + int16_t t[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___shift_right___15int32_t(a, + t); + int16_t fm[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS, + fm); + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(a, + &fm, + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], + coefficient); + uint8_t bytes[24U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector key[4U][16U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + memcpy(re, key[i0], (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[4U][16U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t ret0[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[4U][16U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[4U][16U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key(uint8_t public_key[1568U]) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(public_key)) + { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ lit; + lit.tag = core_option_Some; + memcpy(lit.f0, public_key, (size_t)1568U * sizeof (uint8_t)); + uu____0 = lit; + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _j, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, + ret0[i]); + } + memcpy(ret, + ret0, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U], + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[4U] +) +{ + uint64_t state[4U][5U][5U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_sha3_portable_incremental_shake128_init(state[i]); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + uint64_t uu____1[4U][5U][5U]; + memcpy(uu____1, state, (size_t)4U * sizeof (uint64_t [5U][5U])); + memcpy(ret, uu____1, (size_t)4U * sizeof (uint64_t [5U][5U])); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + out0 = + core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + int16_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + out0); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + out0 = + core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + int16_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + out0); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice a, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uu____0); + memcpy(result[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + int16_t s[272U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t xof_state[4U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0, + xof_state); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + void + (*uu____4)(int16_t x0[272U], libcrux_ml_kem_libcrux_polynomials_PortableVector x1[16U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[4U][16U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) + { + uu____4(uu____3[i_array_map], uu____5[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[4U][4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_libcrux_polynomials_PortableVector sampled[4U][16U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector sample[16U]; + memcpy(sample, + sampled[j], + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + if (transpose) + { + memcpy(A_transpose[j][i1], + sample, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + else + { + memcpy(A_transpose[i1][j], + sample, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U])); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +{ + uint8_t out[34U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +{ + uint8_t out[33U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +inline void +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(randomness, + uu____0); + memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + int16_t t[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___multiply_by_constant(re[0U][j + + step], + (int16_t)-1600, + t); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(re[0U][j], + &t, + uu____0); + memcpy(re[0U][j + step], uu____0, (size_t)16U * sizeof (int16_t)); + int16_t uu____1[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(re[0U][j], + &t, + uu____1); + memcpy(re[0U][j], uu____1, (size_t)16U * sizeof (int16_t)); + } +} + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t v[16U], + int16_t fer, + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(v, + fer, + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t a[16U], + int16_t b[16U], + int16_t zeta_r +) +{ + int16_t t[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector(b, + zeta_r, + t); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(a, + &t, + b); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(a, + &t, + a); + K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector + lit; + memcpy(lit.fst, a, (size_t)16U * sizeof (int16_t)); + memcpy(lit.snd, b, (size_t)16U * sizeof (int16_t)); + return lit; +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector + uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][j], + re[0U][j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + int16_t x[16U]; + memcpy(x, uu____0.fst, (size_t)16U * sizeof (int16_t)); + int16_t y[16U]; + memcpy(y, uu____0.snd, (size_t)16U * sizeof (int16_t)); + memcpy(re[0U][j], x, (size_t)16U * sizeof (int16_t)); + memcpy(re[0U][j + step_vec], y, (size_t)16U * sizeof (int16_t)); + } + } +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_3_step(re[0U][round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + uu____0); + memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_2_step(re[0U][round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + uu____0); + memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_1_step(re[0U][round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U], + uu____0); + memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U] +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(self[0U][i0], + uu____0); + memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re_as_ntt[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(i, + re_as_ntt[i]); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice), + uu____1); + memcpy(re_as_ntt[i0], + uu____1, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[4U][16U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + lit.snd = domain_separator; + return lit; +} + +void +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector out[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(out); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_multiply(&self[0U][i0], + &rhs[0U][i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0 + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0 + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0 + (size_t)3U], + uu____0); + memcpy(out[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, out, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self[0U], + int16_t [16U], + Eurydice_slice), + int16_t [16U], + size_t); + i++) + { + size_t i0 = i; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], + &rhs[0U][i0], + uu____0); + memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_standard_domain__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS, + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + int16_t coefficient_normal_form[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_standard_domain__libcrux_ml_kem_libcrux_polynomials_PortableVector(self[0U][j], + coefficient_normal_form); + int16_t uu____0[16U]; + int16_t ret[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(coefficient_normal_form, + &error[0U][j], + ret); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret, + uu____0); + memcpy(self[0U][j], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[4U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(i, + result[i]); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_element)[16U] = &row[j]; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(matrix_element, + &s_as_ntt[j], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[4U][4U][16U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[4U][16U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_as_ntt[4U][16U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____4[4U][16U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[4U][16U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t secret_key_serialized[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U], + uint8_t ret[3168U] +) +{ + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uint8_t sk[3168U], + uint8_t pk[1568U] +) +{ + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t lit; + memcpy(lit.sk, sk, (size_t)3168U * sizeof (uint8_t)); + memcpy(lit.pk, pk, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + uint8_t private_key[3168U]; + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2, + private_key); + uint8_t uu____3[3168U]; + memcpy(uu____3, private_key, (size_t)3168U * sizeof (uint8_t)); + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + uu____4); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + uint8_t (*self)[1568U] +) +{ + return self[0U]; +} + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t(i, + deserialized_pk[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, + uu____0); + memcpy(deserialized_pk[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + deserialized_pk, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(i, + error_1[i]); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice), + uu____1); + memcpy(error_1[i0], + uu____1, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[4U][16U]; + memcpy(uu____2, + error_1, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + lit.snd = domain_separator; + return lit; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_1_step(re[0U][round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U], + uu____0); + memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_2_step(re[0U][round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + uu____0); + memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_3_step(re[0U][round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + uu____0); + memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t a[16U], + int16_t b[16U], + int16_t zeta_r +) +{ + int16_t a_minus_b[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(b, + &a, + a_minus_b); + int16_t ret[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(a, + &b, + ret); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret, + a); + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_minus_b, + zeta_r, + b); + K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector + lit; + memcpy(lit.fst, a, (size_t)16U * sizeof (int16_t)); + memcpy(lit.snd, b, (size_t)16U * sizeof (int16_t)); + return lit; +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector + uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][j], + re[0U][j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + int16_t x[16U]; + memcpy(x, uu____0.fst, (size_t)16U * sizeof (int16_t)); + int16_t y[16U]; + memcpy(y, uu____0.snd, (size_t)16U * sizeof (int16_t)); + memcpy(re[0U][j], x, (size_t)16U * sizeof (int16_t)); + memcpy(re[0U][j + step_vec], y, (size_t)16U * sizeof (int16_t)); + } + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + int16_t coefficient_normal_form[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(self[0U][j], + (int16_t)1441, + coefficient_normal_form); + int16_t uu____0[16U]; + int16_t ret[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(coefficient_normal_form, + &error[0U][j], + ret); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret, + uu____0); + memcpy(self[0U][j], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[4U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(i, + result[i]); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_element)[16U] = &row[j]; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_element, + &r_as_ntt[j], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_decompress_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(uu____0); + int16_t ret0[16U]; + int16_t ret1[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(uu____0, + &v, + ret1); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant(ret1, + (int16_t)1665, + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( + uint8_t serialized[32U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + int16_t coefficient_compressed[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + coefficient_compressed); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_decompress_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(coefficient_compressed, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(error_2, + message, + result, + result); + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_compress___10int32_t(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)10, + (uint16_t)v[i0]); + v[i0] = uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_compress___10int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], + ret0); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t(ret0, + coefficient); + uint8_t bytes[20U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_compress___11int32_t(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)11, + (uint16_t)v[i0]); + v[i0] = uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_compress___11int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], + ret0); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t(ret0, + coefficient); + uint8_t bytes[22U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector input[4U][16U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + memcpy(re, + input[i0], + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_libcrux_polynomials_compress___4int32_t(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)4, + (uint16_t)v[i0]); + v[i0] = uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___4int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_compress___4int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + int16_t ret[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[i0], + ret); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___4int32_t(ret, + coefficient); + uint8_t bytes[8U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_libcrux_polynomials_compress___5int32_t(int16_t v[16U], int16_t ret[16U]) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)5, + (uint16_t)v[i0]); + v[i0] = uu____0; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___5int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_compress___5int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficients[16U]; + int16_t ret[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[i0], + ret); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___5int32_t(ret, + coefficients); + uint8_t bytes[10U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_libcrux_polynomials_PortableVector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[4U][4U][16U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_libcrux_polynomials_PortableVector r_as_ntt[4U][16U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[4U][16U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_2[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice), + error_2); + libcrux_ml_kem_libcrux_polynomials_PortableVector u[4U][16U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_libcrux_polynomials_PortableVector message_as_ring_element[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(uu____4, + message_as_ring_element); + libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element, + v); + uint8_t ciphertext[1568U] = { 0U }; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____5 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + (size_t)1408U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice c1 = uu____5.fst; + Eurydice_slice c2 = uu____5.snd; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[4U][16U]; + memcpy(uu____6, + u, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____6, + c1); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t(v, + c2); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1568U], + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + uint8_t uu____5[1568U]; + memcpy(uu____5, uu____4, (size_t)1568U * sizeof (uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + memcpy(lit.fst, uu____5, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1568U], + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + uint8_t (*uu____3)[1568U] = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + uint8_t (*uu____5)[1568U] = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate(uint8_t (*public_key)[1568U], uint8_t randomness[32U]) +{ + uint8_t (*uu____0)[1568U] = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___3168size_t( + uint8_t (*self)[3168U], + size_t mid +) +{ + return + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + self[0U], + uint8_t, + Eurydice_slice), + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); +} + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___10int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int32_t + decompressed = + (int32_t)v[i0] + * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v[i0] = (int16_t)decompressed; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___10int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___10int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + int16_t coefficient[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_10(bytes, + coefficient); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___11int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int32_t + decompressed = + (int32_t)v[i0] + * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); + decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); + v[i0] = (int16_t)decompressed; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___11int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___11int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + int16_t coefficient[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_11(bytes, + coefficient); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, + uu____0); + memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t(i, + u_as_ntt[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t(u_bytes, + uu____0); + memcpy(u_as_ntt[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___4int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int32_t + decompressed = + (int32_t)v[i0] + * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); + decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); + v[i0] = (int16_t)decompressed; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___4int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___4int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + int16_t coefficient[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_4(bytes, + coefficient); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___5int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) + { + size_t i0 = i; + int32_t + decompressed = + (int32_t)v[i0] + * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); + decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); + v[i0] = (int16_t)decompressed; + } + memcpy(ret, v, (size_t)16U * sizeof (int16_t)); +} + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___5int32_t( + int16_t v[16U], + int16_t ret[16U] +) +{ + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___5int32_t(v, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_5(bytes, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + int16_t uu____1[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___5int32_t(re[i0], + uu____1); + memcpy(re[i0], uu____1, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, + uu____0); + memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12(bytes, + uu____0); + memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[4U][16U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(i, + secret_as_ntt[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(secret_bytes, + uu____0); + memcpy(secret_as_ntt[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + secret_as_ntt, + (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector b[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient_normal_form[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(b[i0], + (int16_t)1441, + coefficient_normal_form); + int16_t uu____0[16U]; + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(self[0U][i0], + &coefficient_normal_form, + ret0); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret0, + uu____0); + memcpy(b[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, b, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(v, + result, + result); + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[i0], + coefficient); + int16_t coefficient_compressed[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress_1(coefficient, + coefficient_compressed); + uint8_t bytes[2U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[4U][16U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice), + v); + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[4U][16U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector message[16U]; + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&v, + secret_as_ntt, + u_as_ntt, + message); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) +{ + uint8_t out[1600U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + uint8_t (*self)[1568U] +) +{ + return Eurydice_array_to_slice((size_t)1568U, self[0U], uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + uint8_t (*private_key)[3168U], + uint8_t (*ciphertext)[1568U], + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___3168size_t(private_key, + (size_t)1536U); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext[0U], + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + uint8_t (*private_key)[3168U], + uint8_t (*ciphertext)[1568U], + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem1024_decapsulate( + uint8_t (*private_key)[3168U], + uint8_t (*ciphertext)[1568U], + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t(i, + deserialized_pk[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, + uu____0); + memcpy(deserialized_pk[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + deserialized_pk, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector key[2U][16U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + memcpy(re, key[i0], (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[2U][16U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t ret0[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[2U][16U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[2U][16U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key(uint8_t public_key[800U]) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(public_key)) + { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ lit; + lit.tag = core_option_Some; + memcpy(lit.f0, public_key, (size_t)800U * sizeof (uint8_t)); + uu____0 = lit; + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _j, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, + ret0[i]); + } + memcpy(ret, + ret0, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U], + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[2U] +) +{ + uint64_t state[2U][5U][5U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_sha3_portable_incremental_shake128_init(state[i]); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + uint64_t uu____1[2U][5U][5U]; + memcpy(uu____1, state, (size_t)2U * sizeof (uint64_t [5U][5U])); + memcpy(ret, uu____1, (size_t)2U * sizeof (uint64_t [5U][5U])); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + out0 = + core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + int16_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + out0); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + out0 = + core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + int16_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + out0); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +void +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + int16_t s[272U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t xof_state[2U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0, + xof_state); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + void + (*uu____4)(int16_t x0[272U], libcrux_ml_kem_libcrux_polynomials_PortableVector x1[16U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[2U][16U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) + { + uu____4(uu____3[i_array_map], uu____5[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[2U][2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_libcrux_polynomials_PortableVector sampled[2U][16U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector sample[16U]; + memcpy(sample, + sampled[j], + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + if (transpose) + { + memcpy(A_transpose[j][i1], + sample, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + else + { + memcpy(A_transpose[i1][j], + sample, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U])); +} + +void +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)192U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +inline void +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(randomness, + uu____0); + memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re_as_ntt[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(i, + re_as_ntt[i]); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice), + uu____1); + memcpy(re_as_ntt[i0], + uu____1, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[2U][16U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + lit.snd = domain_separator; + return lit; +} + +void +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self[0U], + int16_t [16U], + Eurydice_slice), + int16_t [16U], + size_t); + i++) + { + size_t i0 = i; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], + &rhs[0U][i0], + uu____0); + memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[2U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(i, + result[i]); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_element)[16U] = &row[j]; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(matrix_element, + &s_as_ntt[j], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[2U][2U][16U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[2U][16U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_as_ntt[2U][16U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____4[2U][16U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[2U][16U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t secret_key_serialized[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U], + uint8_t ret[1632U] +) +{ + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uint8_t sk[1632U], + uint8_t pk[800U] +) +{ + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t lit; + memcpy(lit.sk, sk, (size_t)1632U * sizeof (uint8_t)); + memcpy(lit.pk, pk, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + uint8_t private_key[1632U]; + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2, + private_key); + uint8_t uu____3[1632U]; + memcpy(uu____3, private_key, (size_t)1632U * sizeof (uint8_t)); + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + uu____4); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + uint8_t (*self)[800U] +) +{ + return self[0U]; +} + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t(i, + deserialized_pk[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, + uu____0); + memcpy(deserialized_pk[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + deserialized_pk, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(i, + error_1[i]); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice), + uu____1); + memcpy(error_1[i0], + uu____1, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[2U][16U]; + memcpy(uu____2, + error_1, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + lit.snd = domain_separator; + return lit; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[2U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(i, + result[i]); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_element)[16U] = &row[j]; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_element, + &r_as_ntt[j], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(error_2, + message, + result, + result); + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], + ret0); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t(ret0, + coefficient); + uint8_t bytes[20U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient[16U]; + int16_t ret0[16U]; + libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], + ret0); + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t(ret0, + coefficient); + uint8_t bytes[22U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector input[2U][16U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + memcpy(re, + input[i0], + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_libcrux_polynomials_PortableVector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[2U][2U][16U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_libcrux_polynomials_PortableVector r_as_ntt[2U][16U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[2U][16U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_2[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice), + error_2); + libcrux_ml_kem_libcrux_polynomials_PortableVector u[2U][16U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_libcrux_polynomials_PortableVector message_as_ring_element[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(uu____4, + message_as_ring_element); + libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element, + v); + uint8_t ciphertext[768U] = { 0U }; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____5 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + (size_t)640U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice c1 = uu____5.fst; + Eurydice_slice c2 = uu____5.snd; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[2U][16U]; + memcpy(uu____6, + u, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____6, + c1); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(v, + c2); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uint8_t (*public_key)[800U], + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____5[768U]; + memcpy(uu____5, uu____4, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + memcpy(lit.fst, uu____5, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uint8_t (*public_key)[800U], + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + uint8_t (*uu____3)[800U] = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + uint8_t (*uu____5)[800U] = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6); + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate(uint8_t (*public_key)[800U], uint8_t randomness[32U]) +{ + uint8_t (*uu____0)[800U] = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___1632size_t( + uint8_t (*self)[1632U], + size_t mid +) +{ + return + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + self[0U], + uint8_t, + Eurydice_slice), + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); +} + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, + uu____0); + memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t(i, + u_as_ntt[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(u_bytes, + uu____0); + memcpy(u_as_ntt[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, + uu____0); + memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[2U][16U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(i, + secret_as_ntt[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(secret_bytes, + uu____0); + memcpy(secret_as_ntt[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + secret_as_ntt, + (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(v, + result, + result); + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[2U][16U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice), + v); + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[2U][16U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector message[16U]; + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&v, + secret_as_ntt, + u_as_ntt, + message); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) +{ + uint8_t out[800U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + uint8_t (*self)[768U] +) +{ + return Eurydice_array_to_slice((size_t)768U, self[0U], uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + uint8_t (*private_key)[1632U], + uint8_t (*ciphertext)[768U], + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___1632size_t(private_key, + (size_t)768U); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext[0U], + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + uint8_t (*private_key)[1632U], + uint8_t (*ciphertext)[768U], + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_decapsulate( + uint8_t (*private_key)[1632U], + uint8_t (*ciphertext)[768U], + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t(i, + deserialized_pk[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, + uu____0); + memcpy(deserialized_pk[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + deserialized_pk, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector key[3U][16U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + memcpy(re, key[i0], (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[3U][16U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[3U][16U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[3U][16U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key(uint8_t public_key[1184U]) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(public_key)) + { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ lit; + lit.tag = core_option_Some; + memcpy(lit.f0, public_key, (size_t)1184U * sizeof (uint8_t)); + uu____0 = lit; + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _j, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, + ret0[i]); + } + memcpy(ret, + ret0, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U], + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[3U] +) +{ + uint64_t state[3U][5U][5U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_sha3_portable_incremental_shake128_init(state[i]); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + uint64_t uu____1[3U][5U][5U]; + memcpy(uu____1, state, (size_t)3U * sizeof (uint64_t [5U][5U])); + memcpy(ret, uu____1, (size_t)3U * sizeof (uint64_t [5U][5U])); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + out0 = + core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + int16_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + out0); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + out0 = + core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + int16_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + out0); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +void +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + int16_t s[272U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t xof_state[3U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0, + xof_state); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + void + (*uu____4)(int16_t x0[272U], libcrux_ml_kem_libcrux_polynomials_PortableVector x1[16U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[3U][16U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) + { + uu____4(uu____3[i_array_map], uu____5[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[3U][3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_libcrux_polynomials_PortableVector sampled[3U][16U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector sample[16U]; + memcpy(sample, + sampled[j], + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + if (transpose) + { + memcpy(A_transpose[j][i1], + sample, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + else + { + memcpy(A_transpose[i1][j], + sample, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U])); +} + +void +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector re_as_ntt[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(i, + re_as_ntt[i]); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice), + uu____1); + memcpy(re_as_ntt[i0], + uu____1, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[3U][16U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + lit.snd = domain_separator; + return lit; +} + +void +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self[0U], + int16_t [16U], + Eurydice_slice), + int16_t [16U], + size_t); + i++) + { + size_t i0 = i; + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], + &rhs[0U][i0], + uu____0); + memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[3U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(i, + result[i]); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_element)[16U] = &row[j]; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(matrix_element, + &s_as_ntt[j], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[3U][3U][16U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[3U][16U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_as_ntt[3U][16U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____4[3U][16U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[3U][16U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U], + uint8_t ret[2400U] +) +{ + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uint8_t sk[2400U], + uint8_t pk[1184U] +) +{ + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t lit; + memcpy(lit.sk, sk, (size_t)2400U * sizeof (uint8_t)); + memcpy(lit.pk, pk, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + uint8_t private_key[2400U]; + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2, + private_key); + uint8_t uu____3[2400U]; + memcpy(uu____3, private_key, (size_t)2400U * sizeof (uint8_t)); + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + uu____4); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + uint8_t (*self)[1184U] +) +{ + return self[0U]; +} + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t(i, + deserialized_pk[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, + uu____0); + memcpy(deserialized_pk[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + deserialized_pk, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(i, + error_1[i]); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice), + uu____1); + memcpy(error_1[i0], + uu____1, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[3U][16U]; + memcpy(uu____2, + error_1, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + lit.snd = domain_separator; + return lit; +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[3U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(i, + result[i]); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_element)[16U] = &row[j]; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_element, + &r_as_ntt[j], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(error_2, + message, + result, + result); + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector input[3U][16U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + Eurydice_slice), + libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; + memcpy(re, + input[i0], + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[3U][3U][16U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_libcrux_polynomials_PortableVector r_as_ntt[3U][16U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[3U][16U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_libcrux_polynomials_PortableVector error_2[16U]; + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice), + error_2); + libcrux_ml_kem_libcrux_polynomials_PortableVector u[3U][16U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_libcrux_polynomials_PortableVector message_as_ring_element[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(uu____4, + message_as_ring_element); + libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element, + v); + uint8_t ciphertext[1088U] = { 0U }; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____5 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + (size_t)960U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice c1 = uu____5.fst; + Eurydice_slice c2 = uu____5.snd; + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[3U][16U]; + memcpy(uu____6, + u, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____6, + c1); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(v, + c2); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1184U], + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + uint8_t uu____5[1088U]; + memcpy(uu____5, uu____4, (size_t)1088U * sizeof (uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + memcpy(lit.fst, uu____5, (size_t)1088U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1184U], + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + uint8_t (*uu____3)[1184U] = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + uint8_t (*uu____5)[1184U] = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate(uint8_t (*public_key)[1184U], uint8_t randomness[32U]) +{ + uint8_t (*uu____0)[1184U] = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___2400size_t( + uint8_t (*self)[2400U], + size_t mid +) +{ + return + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + self[0U], + uint8_t, + Eurydice_slice), + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); +} + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t(i, + u_as_ntt[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(u_bytes, + uu____0); + memcpy(u_as_ntt[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[3U][16U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(i, + secret_as_ntt[i]); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(secret_bytes, + uu____0); + memcpy(secret_as_ntt[i0], + uu____0, + (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + } + memcpy(ret, + secret_as_ntt, + (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); +} + +inline void +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0], + product); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(v, + result, + result); + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[3U][16U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice), + v); + libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[3U][16U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_libcrux_polynomials_PortableVector message[16U]; + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&v, + secret_as_ntt, + u_as_ntt, + message); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +{ + uint8_t out[1120U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + uint8_t (*self)[1088U] +) +{ + return Eurydice_array_to_slice((size_t)1088U, self[0U], uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + uint8_t (*private_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___2400size_t(private_key, + (size_t)1152U); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext[0U], + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + uint8_t (*private_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem768_decapsulate( + uint8_t (*private_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_ml_kem.h new file mode 100644 index 000000000..3a9a9bacb --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_ml_kem.h @@ -0,0 +1,2575 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_ml_kem_H +#define __libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "core.h" +#include "Eurydice.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) + +uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value); + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +); + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t x0, + uint64_t x1, + uint64_t x2, + uint64_t x3, + uint64_t x4 +); + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t x0, + uint64_t x1 +); + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate( + int32_t x0, + int32_t x1, + uint64_t x2, + uint64_t x3 +); + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t x0, + uint64_t x1, + uint64_t x2 +); + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t x0, + uint64_t x1 +); + +extern uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t x0, + uint64_t x1 +); + +#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_(x_0, x_1, x_2) + +extern void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_( + size_t x0, + uint64_t (*x1)[5U], + Eurydice_slice x2[1U] +); + +#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_(x_0, x_1, x_2) + +extern void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_( + size_t x0, + uint64_t (*x1)[5U], + Eurydice_slice x2[1U] +); + +#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full_(x_0, x_1, x_2) + +extern void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full_( + size_t x0, + uint64_t (*x1)[5U], + uint8_t x2[1U][200U] +); + +#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full_(x_0, x_1, x_2) + +extern void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full_( + size_t x0, + uint64_t (*x1)[5U], + uint8_t x2[1U][200U] +); + +extern void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice x0[1U], + size_t x1, + size_t x2, + Eurydice_slice x3[1U] +); + +typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s +{ + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + +extern K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice x0[1U], + size_t x1 +); + +extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); + +extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); + +#define libcrux_sha3_portable_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_shake256_(x_0, x_1, x_2) + +extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); + +typedef uint64_t libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t[5U][5U]; + +extern void libcrux_sha3_portable_incremental_shake128_init(uint64_t x0[5U][5U]); + +extern void +libcrux_sha3_portable_incremental_shake128_absorb_final( + uint64_t (*x0)[5U][5U], + Eurydice_slice x1 +); + +extern void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uint64_t (*x0)[5U][5U], + Eurydice_slice x1 +); + +extern void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uint64_t (*x0)[5U][5U], + Eurydice_slice x1 +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero( + void +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m256i x2, + core_core_arch_x86___m256i x3, + core_core_arch_x86___m256i x4 +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate( + int32_t x0, + int32_t x1, + core_core_arch_x86___m256i x2, + core_core_arch_x86___m256i x3 +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m256i x2 +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant( + core_core_arch_x86___m256i x0, + uint64_t x1 +); + +extern core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_(x_0, x_1, x_2) + +extern void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_( + size_t x0, + core_core_arch_x86___m256i (*x1)[5U], + Eurydice_slice x2[4U] +); + +#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_(x_0, x_1, x_2) + +extern void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_( + size_t x0, + core_core_arch_x86___m256i (*x1)[5U], + Eurydice_slice x2[4U] +); + +#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full_(x_0, x_1, x_2) + +extern void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full_( + size_t x0, + core_core_arch_x86___m256i (*x1)[5U], + uint8_t x2[4U][200U] +); + +#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full_(x_0, x_1, x_2) + +extern void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full_( + size_t x0, + core_core_arch_x86___m256i (*x1)[5U], + uint8_t x2[4U][200U] +); + +extern void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n( + Eurydice_slice x0[4U], + size_t x1, + size_t x2, + Eurydice_slice x3[4U] +); + +typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s +{ + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} +K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + +extern K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n( + Eurydice_slice x0[4U], + size_t x1 +); + +typedef core_core_arch_x86___m256i +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t[5U][5U]; + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_ml_kem_hash_functions_avx2_Simd256Hash; + +extern void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice x0, + Eurydice_slice x1, + Eurydice_slice x2, + Eurydice_slice x3, + Eurydice_slice x4, + Eurydice_slice x5, + Eurydice_slice x6, + Eurydice_slice x7 +); + +extern void +libcrux_sha3_avx2_x4_incremental_shake128_init(core_core_arch_x86___m256i x0[5U][5U]); + +extern void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + core_core_arch_x86___m256i (*x0)[5U][5U], + Eurydice_slice x1, + Eurydice_slice x2, + Eurydice_slice x3, + Eurydice_slice x4 +); + +extern void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + core_core_arch_x86___m256i (*x0)[5U][5U], + Eurydice_slice x1, + Eurydice_slice x2, + Eurydice_slice x3, + Eurydice_slice x4 +); + +extern void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + core_core_arch_x86___m256i (*x0)[5U][5U], + Eurydice_slice x1, + Eurydice_slice x2, + Eurydice_slice x3, + Eurydice_slice x4 +); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_ml_kem_hash_functions_neon_Simd128Hash[2U][2U]; + +extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); + +extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); + +#define libcrux_sha3_neon_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_shake256_(x_0, x_1, x_2) + +extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); + +extern void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice x0, + Eurydice_slice x1, + Eurydice_slice x2, + Eurydice_slice x3 +); + +extern void libcrux_sha3_neon_x2_incremental_shake128_init(uint64_t x0[2U][5U][5U]); + +extern void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uint64_t (*x0)[5U][5U], + Eurydice_slice x1, + Eurydice_slice x2 +); + +extern void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uint64_t (*x0)[5U][5U], + Eurydice_slice x1, + Eurydice_slice x2 +); + +extern void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uint64_t (*x0)[5U][5U], + Eurydice_slice x1, + Eurydice_slice x2 +); + +#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +extern bool libcrux_platform_platform_simd256_support(void); + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT ((size_t)16U) + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS ((int16_t)3329) + +typedef int16_t libcrux_ml_kem_libcrux_polynomials_PortableVector[16U]; + +void +libcrux_ml_kem_libcrux_polynomials___core__clone__Clone_for_libcrux_ml_kem__libcrux_polynomials__PortableVector__1__clone( + int16_t (*self)[16U], + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_zero(int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO( + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_to_i16_array(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___to_i16_array( + int16_t v[16U], + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___from_i16_array( + Eurydice_slice array, + int16_t ret[16U] +); + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) + +void +libcrux_ml_kem_libcrux_polynomials_add(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add( + int16_t lhs[16U], + int16_t (*rhs)[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_sub(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub( + int16_t lhs[16U], + int16_t (*rhs)[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_multiply_by_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___multiply_by_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_bitwise_and_with_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_cond_subtract_3329(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___cond_subtract_3329( + int16_t v[16U], + int16_t ret[16U] +); + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_MULTIPLIER ((int32_t)20159) + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_SHIFT) + +int16_t libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(int16_t value); + +void libcrux_ml_kem_libcrux_polynomials_barrett_reduce(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce( + int16_t v[16U], + int16_t ret[16U] +); + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT) + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +int16_t libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element(int32_t value); + +int16_t +libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); + +void +libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_by_constant( + int16_t v[16U], + int16_t c, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant( + int16_t v[16U], + int16_t r, + int16_t ret[16U] +); + +uint8_t libcrux_ml_kem_libcrux_polynomials_compress_message_coefficient(uint16_t fe); + +void libcrux_ml_kem_libcrux_polynomials_compress_1(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress_1( + int16_t v[16U], + int16_t ret[16U] +); + +uint32_t +libcrux_ml_kem_libcrux_polynomials_get_n_least_significant_bits(uint8_t n, uint32_t value); + +int16_t +libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient( + uint8_t coefficient_bits, + uint16_t fe +); + +void +libcrux_ml_kem_libcrux_polynomials_ntt_layer_1_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_1_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_ntt_layer_2_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_2_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_ntt_layer_3_step( + int16_t v[16U], + int16_t zeta, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_3_step( + int16_t a[16U], + int16_t zeta, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_1_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_1_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_2_step( + int16_t v[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_2_step( + int16_t a[16U], + int16_t zeta0, + int16_t zeta1, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_3_step( + int16_t v[16U], + int16_t zeta, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_3_step( + int16_t a[16U], + int16_t zeta, + int16_t ret[16U] +); + +typedef struct K___int16_t_int16_t_s +{ + int16_t fst; + int16_t snd; +} +K___int16_t_int16_t; + +K___int16_t_int16_t +libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +); + +void +libcrux_ml_kem_libcrux_polynomials_ntt_multiply( + int16_t (*lhs)[16U], + int16_t (*rhs)[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_multiply( + int16_t (*lhs)[16U], + int16_t (*rhs)[16U], + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_serialize_1(int16_t v[16U], uint8_t ret[2U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_1( + int16_t a[16U], + uint8_t ret[2U] +); + +void libcrux_ml_kem_libcrux_polynomials_deserialize_1(Eurydice_slice v, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_1( + Eurydice_slice a, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_serialize_4(int16_t v[16U], uint8_t ret[8U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_4( + int16_t a[16U], + uint8_t ret[8U] +); + +void libcrux_ml_kem_libcrux_polynomials_deserialize_4(Eurydice_slice bytes, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_4( + Eurydice_slice a, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_serialize_5(int16_t v[16U], uint8_t ret[10U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_5( + int16_t a[16U], + uint8_t ret[10U] +); + +void libcrux_ml_kem_libcrux_polynomials_deserialize_5(Eurydice_slice bytes, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_5( + Eurydice_slice a, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_serialize_10(int16_t v[16U], uint8_t ret[20U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10( + int16_t a[16U], + uint8_t ret[20U] +); + +void libcrux_ml_kem_libcrux_polynomials_deserialize_10(Eurydice_slice bytes, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_10( + Eurydice_slice a, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_serialize_11(int16_t v[16U], uint8_t ret[22U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11( + int16_t a[16U], + uint8_t ret[22U] +); + +void libcrux_ml_kem_libcrux_polynomials_deserialize_11(Eurydice_slice bytes, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_11( + Eurydice_slice a, + int16_t ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_serialize_12(int16_t v[16U], uint8_t ret[24U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_12( + int16_t a[16U], + uint8_t ret[24U] +); + +void libcrux_ml_kem_libcrux_polynomials_deserialize_12(Eurydice_slice bytes, int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12( + Eurydice_slice a, + int16_t ret[16U] +); + +size_t libcrux_ml_kem_libcrux_polynomials_rej_sample(Eurydice_slice a, Eurydice_slice result); + +size_t +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +extern bool libcrux_platform_platform_simd128_support(void); + +extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; + +#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) + +typedef libcrux_ml_kem_libcrux_polynomials_PortableVector +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector[16U]; + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_shift_right___15int32_t(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___shift_right___15int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t a[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[384U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector key[4U][16U], + uint8_t ret[1536U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key); + +typedef uint8_t libcrux_ml_kem_types_MlKemPublicKey____1568size_t[1568U]; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key(uint8_t public_key[1568U]); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _j, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t[4U]; + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U], + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[4U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + uint8_t ret[4U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + uint8_t ret[4U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice a, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + int16_t s[272U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][4U][16U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +void +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +void +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t v[16U], + int16_t fer, + int16_t ret[16U] +); + +typedef struct +K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector_s +{ + int16_t fst[16U]; + int16_t snd[16U]; +} +K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector; + +K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t a[16U], + int16_t b[16U], + int16_t zeta_r +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U] +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t_s +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector fst[4U][16U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_standard_domain__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[4U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s +{ + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} +K___uint8_t_1536size_t__uint8_t_1568size_t_; + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +); + +typedef uint8_t libcrux_ml_kem_types_MlKemPrivateKey____3168size_t[3168U]; + +void +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U], + uint8_t ret[3168U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s +{ + uint8_t sk[3168U]; + uint8_t pk[1568U]; +} +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uint8_t sk[3168U], + uint8_t pk[1568U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + uint8_t (*self)[1568U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +void +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t _layer +); + +K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t a[16U], + int16_t b[16U], + int16_t zeta_r +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + size_t layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[4U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_libcrux_traits_decompress_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( + uint8_t serialized[32U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void libcrux_ml_kem_libcrux_polynomials_compress___10int32_t(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[352U] +); + +void libcrux_ml_kem_libcrux_polynomials_compress___11int32_t(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[352U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[352U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector input[4U][16U], + Eurydice_slice out +); + +void libcrux_ml_kem_libcrux_polynomials_compress___4int32_t(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___4int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice serialized +); + +void libcrux_ml_kem_libcrux_polynomials_compress___5int32_t(int16_t v[16U], int16_t ret[16U]); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___5int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +); + +typedef uint8_t libcrux_ml_kem_types_MlKemCiphertext____1568size_t[1568U]; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s +{ + uint8_t fst[1568U]; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1568U], + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1568U], + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate(uint8_t (*public_key)[1568U], uint8_t randomness[32U]); + +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___3168size_t( + uint8_t (*self)[3168U], + size_t mid +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___10int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___10int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___11int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___11int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___4int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___4int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___5int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___5int32_t( + int16_t v[16U], + int16_t ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector b[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + uint8_t (*self)[1568U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + uint8_t (*private_key)[3168U], + uint8_t (*ciphertext)[1568U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + uint8_t (*private_key)[3168U], + uint8_t (*ciphertext)[1568U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem1024_decapsulate( + uint8_t (*private_key)[3168U], + uint8_t (*ciphertext)[1568U], + uint8_t ret[32U] +); + +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector key[2U][16U], + uint8_t ret[768U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key); + +typedef uint8_t libcrux_ml_kem_types_MlKemPublicKey____800size_t[800U]; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key(uint8_t public_key[800U]); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _j, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t[2U]; + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U], + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[2U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + uint8_t ret[2U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + uint8_t ret[2U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + int16_t s[272U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][2U][16U] +); + +void +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +void +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + Eurydice_slice randomness, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t_s +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector fst[2U][16U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[2U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[800U]; +} +K___uint8_t_768size_t__uint8_t_800size_t_; + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +); + +typedef uint8_t libcrux_ml_kem_types_MlKemPrivateKey____1632size_t[1632U]; + +void +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U], + uint8_t ret[1632U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s +{ + uint8_t sk[1632U]; + uint8_t pk[800U]; +} +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uint8_t sk[1632U], + uint8_t pk[800U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + uint8_t (*self)[800U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +void +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[2U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +void +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], + uint8_t ret[320U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector input[2U][16U], + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +); + +typedef uint8_t libcrux_ml_kem_types_MlKemCiphertext____768size_t[768U]; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uint8_t (*public_key)[800U], + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uint8_t (*public_key)[800U], + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate(uint8_t (*public_key)[800U], uint8_t randomness[32U]); + +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___1632size_t( + uint8_t (*self)[1632U], + size_t mid +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +void +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( + Eurydice_slice serialized, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] +); + +void +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + uint8_t (*self)[768U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + uint8_t (*private_key)[1632U], + uint8_t (*ciphertext)[768U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + uint8_t (*private_key)[1632U], + uint8_t (*ciphertext)[768U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem512_decapsulate( + uint8_t (*private_key)[1632U], + uint8_t (*ciphertext)[768U], + uint8_t ret[32U] +); + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector key[3U][16U], + uint8_t ret[1152U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key); + +typedef uint8_t libcrux_ml_kem_types_MlKemPublicKey____1184size_t[1184U]; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key(uint8_t public_key[1184U]); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _j, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t[3U]; + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U], + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[3U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + uint8_t ret[3U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + uint8_t ret[3U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + int16_t s[272U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][3U][16U] +); + +void +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t_s +{ + libcrux_ml_kem_libcrux_polynomials_PortableVector fst[3U][16U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[3U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s +{ + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} +K___uint8_t_1152size_t__uint8_t_1184size_t_; + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +); + +typedef uint8_t libcrux_ml_kem_types_MlKemPrivateKey____2400size_t[2400U]; + +void +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U], + uint8_t ret[2400U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s +{ + uint8_t sk[2400U]; + uint8_t pk[1184U]; +} +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uint8_t sk[2400U], + uint8_t pk[1184U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + uint8_t (*self)[1184U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +void +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + size_t _i, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[3U][16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +void +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector input[3U][16U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +); + +typedef uint8_t libcrux_ml_kem_types_MlKemCiphertext____1088size_t[1088U]; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s +{ + uint8_t fst[1088U]; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1184U], + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1184U], + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate(uint8_t (*public_key)[1184U], uint8_t randomness[32U]); + +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___2400size_t( + uint8_t (*self)[2400U], + size_t mid +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + size_t _, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] +); + +void +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( + libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], + libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + uint8_t (*self)[1088U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + uint8_t (*private_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + uint8_t (*private_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem768_decapsulate( + uint8_t (*private_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 45e6521cb..c13f46803 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -68,15 +68,16 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_message_error_reduce(&self, message: &Self, mut result: Self) -> Self { - for i in 0..VECTORS_IN_RING_ELEMENT { - let coefficient_normal_form = - Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); - result.coefficients[i] = Vector::barrett_reduce(Vector::add( - coefficient_normal_form, - &Vector::add(self.coefficients[i], &message.coefficients[i]), - )); - } - result + todo!() + // for i in 0..VECTORS_IN_RING_ELEMENT { + // let coefficient_normal_form = + // Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); + // result.coefficients[i] = Vector::barrett_reduce(Vector::add( + // coefficient_normal_form, + // &Vector::add(self.coefficients[i], &message.coefficients[i]), + // )); + // } + // result } #[inline(always)] From 2180172b034d8b640095300d38db5bb7f1760de3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 24 May 2024 09:34:53 +0200 Subject: [PATCH 07/94] wip --- libcrux-ml-kem/c/libcrux_ml_kem.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c index 6391cf86e..44fc6a20b 100644 --- a/libcrux-ml-kem/c/libcrux_ml_kem.c +++ b/libcrux-ml-kem/c/libcrux_ml_kem.c @@ -136,23 +136,24 @@ inline void libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]) { - /* int16_t ret0[16U]; */ + int16_t ret0[16U]; /* FIXME: `core_result_Result` seems not to be properly monomorphized here */ - /* core_result_Result dst; */ - /* Eurydice_slice_to_array2(&dst, */ - /* Eurydice_slice_subslice(array, */ - /* ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), */ - /* int16_t, */ - /* core_ops_range_Range__size_t, */ - /* Eurydice_slice), */ - /* Eurydice_slice, */ - /* int16_t [16U], */ - /* void *); */ - /* unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret0); */ - /* memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); */ + Result__int16_t_16size_t__core_array_TryFromSliceError dst; + + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + int16_t [16U], + void *); + unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); } void From d712003a7ed563677dc1019faa1d275771d949e1 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 24 May 2024 09:53:06 +0200 Subject: [PATCH 08/94] wip --- libcrux-ml-kem/c/LIST.md | 2 +- libcrux-ml-kem/c/libcrux_ml_kem.c | 29 ++++++++++++++++++------- libcrux-ml-kem/src/polynomial.rs | 35 ++++++++++++++++++++++--------- 3 files changed, 48 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/c/LIST.md b/libcrux-ml-kem/c/LIST.md index a34681d42..5fd2f26be 100644 --- a/libcrux-ml-kem/c/LIST.md +++ b/libcrux-ml-kem/c/LIST.md @@ -2,7 +2,7 @@ This file lists the changes I did to make progres extracting & compiling ml-kem For each problem in `libcrux_ml_kem.c`, I added a `FIXME` comment there as well. - - `src/polynomial.rs`: removed `add_message_error_reduce`, makes eurydice crash + - `src/polynomial.rs`: rewrote `add_message_error_reduce`, makes eurydice crash - `c/libcrux_ml_kem.c`: commented out `libcrux_ml_kem_libcrux_polynomials_from_i16_array`, contains a `core_result_Result` type what should have been monomorphized - `c/libcrux_ml_kem.c`: `libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector`: replace assignments with `memcpy`s (tried to assign array LHS) - `c/eurydice_glue.h` added `core_slice___Slice_T___split_at_mut` diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c index 44fc6a20b..6b8a3f7cf 100644 --- a/libcrux-ml-kem/c/libcrux_ml_kem.c +++ b/libcrux-ml-kem/c/libcrux_ml_kem.c @@ -135,14 +135,10 @@ unwrap__int16_t_16size_t__core_array_TryFromSliceError( inline void libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]) { - int16_t ret0[16U]; - - /* FIXME: `core_result_Result` seems not to be properly monomorphized here */ + /* FIXME: missed monomorphization */ /* core_result_Result dst; */ - Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(array, ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), @@ -4072,8 +4068,27 @@ libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vec libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] ) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + int16_t coefficient_normal_form[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(result[i0], + (int16_t)1441, + coefficient_normal_form); + int16_t tmp0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], + &message[0U][i0], + tmp0); + int16_t tmp[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(coefficient_normal_form, + &tmp0, + tmp); + int16_t uu____0[16U]; + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(tmp, + uu____0); + memcpy(result[i0], uu____0, (size_t)16U * sizeof (int16_t)); + } + memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); } inline void diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index c13f46803..dbc8407d0 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -68,16 +68,31 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_message_error_reduce(&self, message: &Self, mut result: Self) -> Self { - todo!() - // for i in 0..VECTORS_IN_RING_ELEMENT { - // let coefficient_normal_form = - // Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); - // result.coefficients[i] = Vector::barrett_reduce(Vector::add( - // coefficient_normal_form, - // &Vector::add(self.coefficients[i], &message.coefficients[i]), - // )); - // } - // result + for i in 0..VECTORS_IN_RING_ELEMENT { + let coefficient_normal_form = + Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); + + // FIXME: Eurydice crashes with: + // + // Warning 11: in top-level declaration libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: this expression is not Low*; the enclosing function cannot be translated into C*: let mutable ret(Mark.Present,(Mark.AtMost 2), ): int16_t[16size_t] = $any in + // libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add ((@9: libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] &(((@8: libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) @0; + // @0 + // Warning 11 is fatal, exiting. + // + // On the following code: + + // ```rust + // result.coefficients[i] = Vector::barrett_reduce(Vector::add( + // coefficient_normal_form, + // &Vector::add(self.coefficients[i], &message.coefficients[i]), + // )); + // ``` + + let tmp = Vector::add(self.coefficients[i], &message.coefficients[i]); + let tmp = Vector::add(coefficient_normal_form, &tmp); + result.coefficients[i] = Vector::barrett_reduce(tmp); + } + result } #[inline(always)] From 851106243ccf5799361b7fd51f31d1528d1c75ba Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 24 May 2024 15:14:30 +0200 Subject: [PATCH 09/94] update sha3 api to hide internal state --- libcrux-sha3/src/generic_keccak.rs | 4 +-- libcrux-sha3/src/lib.rs | 45 ++++++++++++++++++++++-------- 2 files changed, 35 insertions(+), 14 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 5e0105f6d..5964859c2 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -7,8 +7,8 @@ use crate::traits::*; #[cfg_attr(hax, hax_lib::opaque_type)] #[derive(Clone, Copy)] -pub struct KeccakState> { - pub st: [[T; 5]; 5], +pub(crate) struct KeccakState> { + st: [[T; 5]; 5], } impl> Index for KeccakState { diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 563dd4716..86557d392 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -178,7 +178,10 @@ pub mod portable { use super::*; use generic_keccak::{keccak, KeccakState}; - pub type KeccakState1 = KeccakState<1, u64>; + #[derive(Clone, Copy)] + pub struct KeccakState1 { + state: KeccakState<1, u64>, + } #[inline(always)] fn keccakx1(data: [&[u8]; 1], out: [&mut [u8]; 1]) { @@ -223,22 +226,24 @@ pub mod portable { /// Initialise the SHAKE state. pub fn shake128_init() -> KeccakState1 { - KeccakState1::new() + KeccakState1 { + state: KeccakState::<1, u64>::new(), + } } /// Absorb pub fn shake128_absorb_final(s: &mut KeccakState1, data0: &[u8]) { - absorb_final::<1, u64, 168, 0x1fu8>(s, [data0]); + absorb_final::<1, u64, 168, 0x1fu8>(&mut s.state, [data0]); } /// Squeeze three blocks pub fn shake128_squeeze_first_three_blocks(s: &mut KeccakState1, out0: &mut [u8]) { - squeeze_first_three_blocks::<1, u64, 168>(s, [out0]) + squeeze_first_three_blocks::<1, u64, 168>(&mut s.state, [out0]) } /// Squeeze another block pub fn shake128_squeeze_next_block(s: &mut KeccakState1, out0: &mut [u8]) { - squeeze_next_block::<1, u64, 168>(s, [out0]) + squeeze_next_block::<1, u64, 168>(&mut s.state, [out0]) } } } @@ -357,9 +362,15 @@ pub mod neon { }; #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - pub type KeccakState2 = KeccakState<2, core::arch::aarch64::uint64x2_t>; + pub struct KeccakState2 { + state: KeccakState<2, core::arch::aarch64::uint64x2_t>, + } + #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + pub type KeccakState2Internal = KeccakState<2, core::arch::aarch64::uint64x2_t>; #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] - pub type KeccakState2 = [crate::portable::KeccakState1; 2]; + pub struct KeccakState2 { + state: [crate::portable::KeccakState1; 2], + } pub fn shake128_init() -> KeccakState2 { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] @@ -372,7 +383,9 @@ pub mod neon { // [s0, s1] // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - KeccakState2::new() + KeccakState2 { + state: KeccakState2Internal::new(), + } } #[allow(unused_variables)] @@ -387,7 +400,10 @@ pub mod neon { // shake128_absorb_final(&mut s1, data1); // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - absorb_final::<2, core::arch::aarch64::uint64x2_t, 168, 0x1fu8>(s, [data0, data1]); + absorb_final::<2, core::arch::aarch64::uint64x2_t, 168, 0x1fu8>( + &mut s.state, + [data0, data1], + ); } #[allow(unused_variables)] @@ -407,7 +423,7 @@ pub mod neon { // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] squeeze_first_three_blocks::<2, core::arch::aarch64::uint64x2_t, 168>( - s, + &mut s.state, [out0, out1], ) } @@ -428,7 +444,10 @@ pub mod neon { // shake128_squeeze_next_block(&mut s1, out1); // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - squeeze_next_block::<2, core::arch::aarch64::uint64x2_t, 168>(s, [out0, out1]) + squeeze_next_block::<2, core::arch::aarch64::uint64x2_t, 168>( + &mut s.state, + [out0, out1], + ) } } } @@ -492,7 +511,9 @@ pub mod avx2 { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] pub type KeccakState4 = KeccakState<4, core::arch::x86_64::__m256i>; #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - pub type KeccakState4 = [crate::neon::x2::incremental::KeccakState2; 2]; + pub struct KeccakState4 { + state: [crate::neon::x2::incremental::KeccakState2; 2], + } #[cfg(not(any( all(feature = "simd256", target_arch = "x86_64"), all(feature = "simd128", target_arch = "aarch64") From 886f96524d2c436767d2b8f8155f7fabd16217d9 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 20 May 2024 18:16:47 +0200 Subject: [PATCH 10/94] add dummy intrinsics file for extraction of avx2 --- polynomials-avx2/src/arithmetic.rs | 26 +- polynomials-avx2/src/compress.rs | 14 +- polynomials-avx2/src/intrinsics.rs | 3 + polynomials-avx2/src/intrinsics_extraction.rs | 300 ++++++++++++++++++ polynomials-avx2/src/lib.rs | 11 +- polynomials-avx2/src/ntt.rs | 26 +- polynomials-avx2/src/sampling.rs | 6 +- polynomials-avx2/src/serialize.rs | 28 +- 8 files changed, 361 insertions(+), 53 deletions(-) create mode 100644 polynomials-avx2/src/intrinsics_extraction.rs diff --git a/polynomials-avx2/src/arithmetic.rs b/polynomials-avx2/src/arithmetic.rs index e84e34211..fca9c36a7 100644 --- a/polynomials-avx2/src/arithmetic.rs +++ b/polynomials-avx2/src/arithmetic.rs @@ -1,38 +1,38 @@ -use crate::intrinsics::*; +use crate::*; use libcrux_traits::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R}; #[inline(always)] -pub(crate) fn add(lhs: __m256i, rhs: __m256i) -> __m256i { +pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_add_epi16(lhs, rhs) } #[inline(always)] -pub(crate) fn sub(lhs: __m256i, rhs: __m256i) -> __m256i { +pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_sub_epi16(lhs, rhs) } #[inline(always)] -pub(crate) fn multiply_by_constant(vector: __m256i, constant: i16) -> __m256i { +pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { mm256_mullo_epi16(vector, mm256_set1_epi16(constant)) } #[inline(always)] -pub(crate) fn bitwise_and_with_constant(vector: __m256i, constant: i16) -> __m256i { +pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 { mm256_and_si256(vector, mm256_set1_epi16(constant)) } #[inline(always)] -pub(crate) fn shift_right(vector: __m256i) -> __m256i { +pub(crate) fn shift_right(vector: Vec256) -> Vec256 { mm256_srai_epi16::<{ SHIFT_BY }>(vector) } #[inline(always)] -pub(crate) fn shift_left(vector: __m256i) -> __m256i { +pub(crate) fn shift_left(vector: Vec256) -> Vec256 { mm256_slli_epi16::<{ SHIFT_BY }>(vector) } #[inline(always)] -pub(crate) fn cond_subtract_3329(vector: __m256i) -> __m256i { +pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); // Compute v_i - Q and crate a mask from the sign bit of each of these @@ -50,7 +50,7 @@ const BARRETT_MULTIPLIER: i16 = 20159; /// See Section 3.2 of the implementation notes document for an explanation /// of this code. #[inline(always)] -pub(crate) fn barrett_reduce(vector: __m256i) -> __m256i { +pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { let t = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); let t = mm256_add_epi16(t, mm256_set1_epi16(512)); @@ -62,7 +62,7 @@ pub(crate) fn barrett_reduce(vector: __m256i) -> __m256i { } #[inline(always)] -pub(crate) fn montgomery_multiply_by_constant(vector: __m256i, constant: i16) -> __m256i { +pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { let constant = mm256_set1_epi16(constant); let value_low = mm256_mullo_epi16(vector, constant); @@ -78,7 +78,7 @@ pub(crate) fn montgomery_multiply_by_constant(vector: __m256i, constant: i16) -> } #[inline(always)] -pub(crate) fn montgomery_multiply_by_constants(v: __m256i, c: __m256i) -> __m256i { +pub(crate) fn montgomery_multiply_by_constants(v: Vec256, c: Vec256) -> Vec256 { let value_low = mm256_mullo_epi16(v, c); let k = mm256_mullo_epi16( @@ -93,7 +93,7 @@ pub(crate) fn montgomery_multiply_by_constants(v: __m256i, c: __m256i) -> __m256 } #[inline(always)] -pub(crate) fn montgomery_reduce_i32s(v: __m256i) -> __m256i { +pub(crate) fn montgomery_reduce_i32s(v: Vec256) -> Vec256 { let k = mm256_mullo_epi16( v, mm256_set1_epi32(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32), @@ -110,7 +110,7 @@ pub(crate) fn montgomery_reduce_i32s(v: __m256i) -> __m256i { } #[inline(always)] -pub(crate) fn montgomery_multiply_m128i_by_constants(v: __m128i, c: __m128i) -> __m128i { +pub(crate) fn montgomery_multiply_m128i_by_constants(v: Vec128, c: Vec128) -> Vec128 { let value_low = mm_mullo_epi16(v, c); let k = mm_mullo_epi16( diff --git a/polynomials-avx2/src/compress.rs b/polynomials-avx2/src/compress.rs index 4dcf7f326..1c3d106a7 100644 --- a/polynomials-avx2/src/compress.rs +++ b/polynomials-avx2/src/compress.rs @@ -1,4 +1,4 @@ -use crate::intrinsics::*; +use crate::*; use libcrux_traits::FIELD_MODULUS; // Multiply the 32-bit numbers contained in |lhs| and |rhs|, and store only @@ -8,7 +8,7 @@ use libcrux_traits::FIELD_MODULUS; // // TODO: Optimize this implementation if performance numbers suggest doing so. #[inline(always)] -fn mulhi_mm256_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { +fn mulhi_mm256_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { let prod02 = mm256_mul_epu32(lhs, rhs); let prod13 = mm256_mul_epu32( mm256_shuffle_epi32::<0b11_11_01_01>(lhs), @@ -22,7 +22,7 @@ fn mulhi_mm256_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { } #[inline(always)] -pub(crate) fn compress_message_coefficient(vector: __m256i) -> __m256i { +pub(crate) fn compress_message_coefficient(vector: Vec256) -> Vec256 { let field_modulus_halved = mm256_set1_epi16((FIELD_MODULUS - 1) / 2); let field_modulus_quartered = mm256_set1_epi16((FIELD_MODULUS - 1) / 4); @@ -38,8 +38,8 @@ pub(crate) fn compress_message_coefficient(vector: __m256i) -> __m256i { #[inline(always)] pub(crate) fn compress_ciphertext_coefficient( - vector: __m256i, -) -> __m256i { + vector: Vec256, +) -> Vec256 { let field_modulus_halved = mm256_set1_epi32(((FIELD_MODULUS as i32) - 1) / 2); let compression_factor = mm256_set1_epi32(10_321_340); let coefficient_bits_mask = mm256_set1_epi32((1 << COEFFICIENT_BITS) - 1); @@ -103,8 +103,8 @@ pub(crate) fn compress_ciphertext_coefficient( #[inline(always)] pub(crate) fn decompress_ciphertext_coefficient( - vector: __m256i, -) -> __m256i { + vector: Vec256, +) -> Vec256 { let field_modulus = mm256_set1_epi32(FIELD_MODULUS as i32); let two_pow_coefficient_bits = mm256_set1_epi32(1 << COEFFICIENT_BITS); diff --git a/polynomials-avx2/src/intrinsics.rs b/polynomials-avx2/src/intrinsics.rs index 071f13ddd..83ba39995 100644 --- a/polynomials-avx2/src/intrinsics.rs +++ b/polynomials-avx2/src/intrinsics.rs @@ -3,6 +3,9 @@ pub(crate) use core::arch::x86::*; #[cfg(target_arch = "x86_64")] pub(crate) use core::arch::x86_64::*; +pub(crate) type Vec256 = __m256i; +pub(crate) type Vec128 = __m128i; + pub(crate) fn mm256_storeu_si256(output: &mut [i16], vector: __m256i) { debug_assert_eq!(output.len(), 16); unsafe { diff --git a/polynomials-avx2/src/intrinsics_extraction.rs b/polynomials-avx2/src/intrinsics_extraction.rs new file mode 100644 index 000000000..58b2da876 --- /dev/null +++ b/polynomials-avx2/src/intrinsics_extraction.rs @@ -0,0 +1,300 @@ +#![allow(unused_variables)] + +pub(crate) type Vec256 = u8; +pub(crate) type Vec128 = u8; + +pub(crate) fn mm256_storeu_si256(output: &mut [i16], vector: Vec256) { + debug_assert_eq!(output.len(), 16); + unimplemented!() +} + +pub(crate) fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { + debug_assert_eq!(output.len(), 8); + unimplemented!() +} + +pub(crate) fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { + debug_assert_eq!(output.len(), 16); + unimplemented!() +} + +pub(crate) fn mm_loadu_si128(input: &[u8]) -> Vec128 { + debug_assert_eq!(input.len(), 16); + unimplemented!() +} + +pub(crate) fn mm256_loadu_si256(input: &[i16]) -> Vec256 { + debug_assert_eq!(input.len(), 16); + unimplemented!() +} + +pub(crate) fn mm256_setzero_si256() -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm_set_epi8( + byte15: u8, + byte14: u8, + byte13: u8, + byte12: u8, + byte11: u8, + byte10: u8, + byte9: u8, + byte8: u8, + byte7: u8, + byte6: u8, + byte5: u8, + byte4: u8, + byte3: u8, + byte2: u8, + byte1: u8, + byte0: u8, +) -> Vec128 { + unimplemented!() +} + +pub(crate) fn mm256_set_epi8( + byte31: i8, + byte30: i8, + byte29: i8, + byte28: i8, + byte27: i8, + byte26: i8, + byte25: i8, + byte24: i8, + byte23: i8, + byte22: i8, + byte21: i8, + byte20: i8, + byte19: i8, + byte18: i8, + byte17: i8, + byte16: i8, + byte15: i8, + byte14: i8, + byte13: i8, + byte12: i8, + byte11: i8, + byte10: i8, + byte9: i8, + byte8: i8, + byte7: i8, + byte6: i8, + byte5: i8, + byte4: i8, + byte3: i8, + byte2: i8, + byte1: i8, + byte0: i8, +) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_set1_epi16(constant: i16) -> Vec256 { + unimplemented!() +} +pub(crate) fn mm256_set_epi16( + input15: i16, + input14: i16, + input13: i16, + input12: i16, + input11: i16, + input10: i16, + input9: i16, + input8: i16, + input7: i16, + input6: i16, + input5: i16, + input4: i16, + input3: i16, + input2: i16, + input1: i16, + input0: i16, +) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm_set1_epi16(constant: i16) -> Vec128 { + unimplemented!() +} + +pub(crate) fn mm256_set1_epi32(constant: i32) -> Vec256 { + unimplemented!() +} +pub(crate) fn mm256_set_epi32( + input7: i32, + input6: i32, + input5: i32, + input4: i32, + input3: i32, + input2: i32, + input1: i32, + input0: i32, +) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} +pub(crate) fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +pub(crate) fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +pub(crate) fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +pub(crate) fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} + +pub(crate) fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} + +pub(crate) fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} + +pub(crate) fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_srai_epi16(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unimplemented!() +} +pub(crate) fn mm256_srai_epi32(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unimplemented!() +} + +pub(crate) fn mm256_srli_epi16(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unimplemented!() +} +pub(crate) fn mm256_srli_epi32(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unimplemented!() +} + +pub(crate) fn mm256_srli_epi64(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); + unimplemented!() +} + +pub(crate) fn mm256_slli_epi16(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unimplemented!() +} + +pub(crate) fn mm256_slli_epi32(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unimplemented!() +} + +pub(crate) fn mm_shuffle_epi8(vector: Vec128, control: Vec128) -> Vec128 { + unimplemented!() +} +pub(crate) fn mm256_shuffle_epi8(vector: Vec256, control: Vec256) -> Vec256 { + unimplemented!() +} +pub(crate) fn mm256_shuffle_epi32(vector: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +pub(crate) fn mm256_permute4x64_epi64(vector: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +pub(crate) fn mm256_unpackhi_epi64(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_unpacklo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { + unimplemented!() +} +pub(crate) fn mm256_castsi128_si256(vector: Vec128) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} +pub(crate) fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { + debug_assert!(CONTROL == 0 || CONTROL == 1); + unimplemented!() +} + +pub(crate) fn mm256_inserti128_si256( + vector: Vec256, + vector_i128: Vec128, +) -> Vec256 { + debug_assert!(CONTROL == 0 || CONTROL == 1); + unimplemented!() +} + +pub(crate) fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +pub(crate) fn mm_movemask_epi8(vector: Vec128) -> i32 { + unimplemented!() +} + +pub(crate) fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { + unimplemented!() +} + +pub(crate) fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { + unimplemented!() +} diff --git a/polynomials-avx2/src/lib.rs b/polynomials-avx2/src/lib.rs index e24519afd..71166566b 100644 --- a/polynomials-avx2/src/lib.rs +++ b/polynomials-avx2/src/lib.rs @@ -1,10 +1,17 @@ -use crate::intrinsics::*; use libcrux_traits::Operations; #[cfg(test)] mod debug; +// When extracting F* or C, we don't want to extract this file. +#[cfg(not(any(eurydice, hax)))] mod intrinsics; +#[cfg(not(any(eurydice, hax)))] +pub(crate) use crate::intrinsics::*; +#[cfg(any(eurydice, hax))] +mod intrinsics_extraction; +#[cfg(any(eurydice, hax))] +pub(crate) use intrinsics_extraction::*; mod arithmetic; mod compress; @@ -15,7 +22,7 @@ mod serialize; #[derive(Clone, Copy)] pub struct SIMD256Vector { - elements: __m256i, + elements: Vec256, } #[inline(always)] diff --git a/polynomials-avx2/src/ntt.rs b/polynomials-avx2/src/ntt.rs index 238a3f433..d99a1b28b 100644 --- a/polynomials-avx2/src/ntt.rs +++ b/polynomials-avx2/src/ntt.rs @@ -1,15 +1,13 @@ -use crate::intrinsics::*; - -use crate::arithmetic; +use crate::*; #[inline(always)] pub(crate) fn ntt_layer_1_step( - vector: __m256i, + vector: Vec256, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, -) -> __m256i { +) -> Vec256 { let zetas = mm256_set_epi16( -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0, @@ -24,7 +22,7 @@ pub(crate) fn ntt_layer_1_step( } #[inline(always)] -pub(crate) fn ntt_layer_2_step(vector: __m256i, zeta0: i16, zeta1: i16) -> __m256i { +pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 { let zetas = mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0, @@ -39,7 +37,7 @@ pub(crate) fn ntt_layer_2_step(vector: __m256i, zeta0: i16, zeta1: i16) -> __m25 } #[inline(always)] -pub(crate) fn ntt_layer_3_step(vector: __m256i, zeta: i16) -> __m256i { +pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { let rhs = mm256_extracti128_si256::<1>(vector); let rhs = arithmetic::montgomery_multiply_m128i_by_constants(rhs, mm_set1_epi16(zeta)); @@ -56,12 +54,12 @@ pub(crate) fn ntt_layer_3_step(vector: __m256i, zeta: i16) -> __m256i { #[inline(always)] pub(crate) fn inv_ntt_layer_1_step( - vector: __m256i, + vector: Vec256, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, -) -> __m256i { +) -> Vec256 { let lhs = mm256_shuffle_epi32::<0b11_11_01_01>(vector); let rhs = mm256_shuffle_epi32::<0b10_10_00_00>(vector); @@ -84,7 +82,7 @@ pub(crate) fn inv_ntt_layer_1_step( } #[inline(always)] -pub(crate) fn inv_ntt_layer_2_step(vector: __m256i, zeta0: i16, zeta1: i16) -> __m256i { +pub(crate) fn inv_ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 { let lhs = mm256_permute4x64_epi64::<0b11_11_01_01>(vector); let rhs = mm256_permute4x64_epi64::<0b10_10_00_00>(vector); @@ -105,7 +103,7 @@ pub(crate) fn inv_ntt_layer_2_step(vector: __m256i, zeta0: i16, zeta1: i16) -> _ } #[inline(always)] -pub(crate) fn inv_ntt_layer_3_step(vector: __m256i, zeta: i16) -> __m256i { +pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { let lhs = mm256_extracti128_si256::<1>(vector); let rhs = mm256_castsi256_si128(vector); @@ -123,13 +121,13 @@ pub(crate) fn inv_ntt_layer_3_step(vector: __m256i, zeta: i16) -> __m256i { #[inline(always)] pub(crate) fn ntt_multiply( - lhs: __m256i, - rhs: __m256i, + lhs: Vec256, + rhs: Vec256, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, -) -> __m256i { +) -> Vec256 { // Compute the first term of the product let shuffle_with = mm256_set_epi8( 15, 14, 11, 10, 7, 6, 3, 2, 13, 12, 9, 8, 5, 4, 1, 0, 15, 14, 11, 10, 7, 6, 3, 2, 13, 12, diff --git a/polynomials-avx2/src/sampling.rs b/polynomials-avx2/src/sampling.rs index e7bd1f1c2..b4de11b48 100644 --- a/polynomials-avx2/src/sampling.rs +++ b/polynomials-avx2/src/sampling.rs @@ -1,6 +1,8 @@ -use crate::intrinsics::*; +use crate::{ + serialize::{deserialize_12, serialize_1}, + *, +}; -use crate::serialize::{deserialize_12, serialize_1}; use libcrux_traits::FIELD_MODULUS; const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ diff --git a/polynomials-avx2/src/serialize.rs b/polynomials-avx2/src/serialize.rs index f2e544b9b..09234a55b 100644 --- a/polynomials-avx2/src/serialize.rs +++ b/polynomials-avx2/src/serialize.rs @@ -1,9 +1,7 @@ -use crate::intrinsics::*; - -use crate::{portable, SIMD256Vector}; +use crate::*; #[inline(always)] -pub(crate) fn serialize_1(vector: __m256i) -> [u8; 2] { +pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // We care only about the least significant bit in each lane, // move it to the most significant position to make it easier to work with. let lsb_to_msb = mm256_slli_epi16::<15>(vector); @@ -37,7 +35,7 @@ pub(crate) fn serialize_1(vector: __m256i) -> [u8; 2] { } #[inline(always)] -pub(crate) fn deserialize_1(bytes: &[u8]) -> __m256i { +pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { // We need to take each bit from the 2 bytes of input and put them // into their own 16-bit lane. Ideally, we'd load the two bytes into the vector, // duplicate them, and right-shift the 0th element by 0 bits, @@ -99,7 +97,7 @@ pub(crate) fn deserialize_1(bytes: &[u8]) -> __m256i { } #[inline(always)] -pub(crate) fn serialize_4(vector: __m256i) -> [u8; 8] { +pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { let mut serialized = [0u8; 16]; // If |vector| is laid out as follows: @@ -162,7 +160,7 @@ pub(crate) fn serialize_4(vector: __m256i) -> [u8; 8] { } #[inline(always)] -pub(crate) fn deserialize_4(bytes: &[u8]) -> __m256i { +pub(crate) fn deserialize_4(bytes: &[u8]) -> Vec256 { let shift_lsbs_to_msbs = mm256_set_epi16( 1 << 0, 1 << 4, @@ -208,7 +206,7 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> __m256i { } #[inline(always)] -pub(crate) fn serialize_5(vector: __m256i) -> [u8; 10] { +pub(crate) fn serialize_5(vector: Vec256) -> [u8; 10] { let mut serialized = [0u8; 32]; let adjacent_2_combined = mm256_madd_epi16( @@ -256,7 +254,7 @@ pub(crate) fn serialize_5(vector: __m256i) -> [u8; 10] { } #[inline(always)] -pub(crate) fn deserialize_5(bytes: &[u8]) -> __m256i { +pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { let coefficients = mm_set_epi8( bytes[9], bytes[8], bytes[8], bytes[7], bytes[7], bytes[6], bytes[6], bytes[5], bytes[4], bytes[3], bytes[3], bytes[2], bytes[2], bytes[1], bytes[1], bytes[0], @@ -298,7 +296,7 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> __m256i { } #[inline(always)] -pub(crate) fn serialize_10(vector: __m256i) -> [u8; 20] { +pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { let mut serialized = [0u8; 32]; let adjacent_2_combined = mm256_madd_epi16( @@ -347,7 +345,7 @@ pub(crate) fn serialize_10(vector: __m256i) -> [u8; 20] { } #[inline(always)] -pub(crate) fn deserialize_10(bytes: &[u8]) -> __m256i { +pub(crate) fn deserialize_10(bytes: &[u8]) -> Vec256 { let shift_lsbs_to_msbs = mm256_set_epi16( 1 << 0, 1 << 2, @@ -389,21 +387,21 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> __m256i { } #[inline(always)] -pub(crate) fn serialize_11(vector: __m256i) -> [u8; 22] { +pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { let input = portable::from_i16_array(crate::to_i16_array(SIMD256Vector { elements: vector })); portable::serialize_11(input) } #[inline(always)] -pub(crate) fn deserialize_11(bytes: &[u8]) -> __m256i { +pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 { let output = portable::deserialize_11(bytes); crate::from_i16_array(&portable::to_i16_array(output)).elements } #[inline(always)] -pub(crate) fn serialize_12(vector: __m256i) -> [u8; 24] { +pub(crate) fn serialize_12(vector: Vec256) -> [u8; 24] { let mut serialized = [0u8; 32]; let adjacent_2_combined = mm256_madd_epi16( @@ -450,7 +448,7 @@ pub(crate) fn serialize_12(vector: __m256i) -> [u8; 24] { } #[inline(always)] -pub(crate) fn deserialize_12(bytes: &[u8]) -> __m256i { +pub(crate) fn deserialize_12(bytes: &[u8]) -> Vec256 { let shift_lsbs_to_msbs = mm256_set_epi16( 1 << 0, 1 << 4, From 35d28a023570efb85e4939352cad47591c6d438a Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 20 May 2024 18:22:46 +0200 Subject: [PATCH 11/94] F* extraction of poly-avx2 --- libcrux-ml-kem/hax.py | 30 +- .../Libcrux_polynomials_avx2.Arithmetic.fst | 159 ++ .../Libcrux_polynomials_avx2.Compress.fst | 192 ++ ...polynomials_avx2.Intrinsics_extraction.fst | 549 +++++ .../Libcrux_polynomials_avx2.Ntt.fst | 192 ++ .../Libcrux_polynomials_avx2.Portable.fst | 429 ++++ .../Libcrux_polynomials_avx2.Sampling.fst | 2111 +++++++++++++++++ .../Libcrux_polynomials_avx2.Serialize.fst | 557 +++++ .../extraction/Libcrux_polynomials_avx2.fst | 412 ++++ 9 files changed, 4624 insertions(+), 7 deletions(-) create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Intrinsics_extraction.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst create mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 3b98428b3..7acbbdfec 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -31,22 +31,38 @@ class extractAction(argparse.Action): def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform and sha3 interfaces - include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" - interface_include = "+!**" + # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" + # interface_include = "+!**" + # cargo_hax_into = [ + # "cargo", + # "hax", + # "into", + # "-i", + # include_str, + # "fstar", + # "--interfaces", + # interface_include, + # ] + # hax_env = {} + # shell( + # cargo_hax_into, + # cwd="../libcrux-sha3", + # env=hax_env, + # ) + + # Extract avx2 + # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" + # interface_include = "+!**" cargo_hax_into = [ "cargo", "hax", "into", - "-i", - include_str, "fstar", - "--interfaces", - interface_include, ] hax_env = {} shell( cargo_hax_into, - cwd="../libcrux-sha3", + cwd="../polynomials-avx2", env=hax_env, ) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst new file mode 100644 index 000000000..cd19825be --- /dev/null +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst @@ -0,0 +1,159 @@ +module Libcrux_polynomials_avx2.Arithmetic +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let v_BARRETT_MULTIPLIER: i16 = 20159s + +let add (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs + +let bitwise_and_with_constant (vector: u8) (constant: i16) : u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 vector + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) + +let multiply_by_constant (vector: u8) (constant: i16) : u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) + +let shift_left (v_SHIFT_BY: i32) (vector: u8) : u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi16 v_SHIFT_BY vector + +let shift_right (v_SHIFT_BY: i32) (vector: u8) : u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 v_SHIFT_BY vector + +/// See Section 3.2 of the implementation notes document for an explanation +/// of this code. +let barrett_reduce (vector: u8) : u8 = + let t:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: u8) + in + let t:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 t + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 512s <: u8) + in + let quotient:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 10l t in + let quotient_times_field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 quotient + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS + + <: + u8) + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector quotient_times_field_modulus + +let cond_subtract_3329_ (vector: u8) : u8 = + let field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS + in + let vv_minus_field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector field_modulus + in + let sign_mask:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 15l vv_minus_field_modulus + in + let conditional_add_field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 sign_mask field_modulus + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 vv_minus_field_modulus + conditional_add_field_modulus + +let montgomery_multiply_by_constant (vector: u8) (constant: i16) : u8 = + let constant:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant in + let value_low:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector constant + in + let k:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + u8) + in + let k_times_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS + + <: + u8) + in + let value_high:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector constant + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus + +let montgomery_multiply_by_constants (v c: u8) : u8 = + let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v c in + let k:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + u8) + in + let k_times_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS + + <: + u8) + in + let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 v c in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus + +let montgomery_reduce_i32s (v: u8) : u8 = + let k:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i32) + <: + u8) + in + let k_times_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS + <: + i16) + <: + i32) + <: + u8) + in + let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srli_epi32 16l v in + let result:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus + in + let result:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l result in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi32 16l result + +let sub (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 lhs rhs + +let montgomery_multiply_m128i_by_constants (v c: u8) : u8 = + let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 v c in + let k:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 value_low + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + u8) + in + let k_times_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 k + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 Libcrux_traits.v_FIELD_MODULUS + <: + u8) + in + let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 v c in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 value_high k_times_modulus diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst new file mode 100644 index 000000000..252e284a9 --- /dev/null +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst @@ -0,0 +1,192 @@ +module Libcrux_polynomials_avx2.Compress +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) : u8 = + let field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS + <: + i16) + <: + i32) + in + let two_pow_coefficient_bits:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (1l <=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_castsi128_si256 (vector: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_castsi256_si128 (vector: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_cmpgt_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_cvtepi16_epi32 (vector: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_loadu_si256 (input: t_Slice i16) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + match Core.Slice.impl__len input, sz 16 <: (usize & usize) with + | left_val, right_val -> + if ~.(left_val =. right_val <: bool) + then + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in + Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind + left_val + right_val + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_madd_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_mul_epu32 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_mulhi_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_mullo_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_mullo_epi32 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_packs_epi32 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_permutevar8x32_epi32 (vector control: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_set1_epi16 (constant: i16) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_set1_epi32 (constant: i32) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_set_epi16 + (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: + i16) + : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_set_epi8 + (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + i8) + : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_setzero_si256 (_: Prims.unit) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_shuffle_epi8 (vector control: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_sllv_epi32 (vector counts: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 64l <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 64" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_storeu_si256 (output: t_Slice i16) (vector: u8) : t_Slice i16 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + match Core.Slice.impl__len output, sz 16 <: (usize & usize) with + | left_val, right_val -> + if ~.(left_val =. right_val <: bool) + then + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in + Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind + left_val + right_val + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + let hax_temp_output:Prims.unit = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + in + output + +let mm256_sub_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_unpackhi_epi32 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_unpackhi_epi64 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_unpacklo_epi32 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm256_xor_si256 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_add_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_loadu_si128 (input: t_Slice u8) : u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + match Core.Slice.impl__len input, sz 16 <: (usize & usize) with + | left_val, right_val -> + if ~.(left_val =. right_val <: bool) + then + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in + Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind + left_val + right_val + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_movemask_epi8 (vector: u8) : i32 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_mulhi_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_mullo_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_packs_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_set1_epi16 (constant: i16) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_set_epi8 + (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + u8) + : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_shuffle_epi8 (vector control: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + +let mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) : t_Slice u8 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + match Core.Slice.impl__len output, sz 16 <: (usize & usize) with + | left_val, right_val -> + if ~.(left_val =. right_val <: bool) + then + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in + Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind + left_val + right_val + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + let hax_temp_output:Prims.unit = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + in + output + +let mm_storeu_si128 (output: t_Slice i16) (vector: u8) : t_Slice i16 = + let _:Prims.unit = + if true + then + let _:Prims.unit = + match Core.Slice.impl__len output, sz 8 <: (usize & usize) with + | left_val, right_val -> + if ~.(left_val =. right_val <: bool) + then + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in + Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind + left_val + right_val + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + let hax_temp_output:Prims.unit = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) + in + output + +let mm_sub_epi16 (lhs rhs: u8) : u8 = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" + <: + Rust_primitives.Hax.t_Never) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst new file mode 100644 index 000000000..5b788b5ad --- /dev/null +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst @@ -0,0 +1,192 @@ +module Libcrux_polynomials_avx2.Ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let ntt_multiply__PERMUTE_WITH: i32 = 216l + +let inv_ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = + let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in + let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in + let rhs:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) + 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s + <: + u8) + in + let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in + let sum_times_zetas:u8 = + Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 + 0s 0s zeta1 zeta1 0s 0s zeta0 zeta0 0s 0s + <: + u8) + in + let sum:u8 = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce sum in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 204l sum sum_times_zetas + +let inv_ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = + let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 245l vector in + let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 160l vector in + let rhs:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s + 1s 1s (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s + <: + u8) + in + let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in + let sum_times_zetas:u8 = + Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s + 0s 0s zeta0 zeta0 zeta0 zeta0 0s 0s 0s 0s + <: + u8) + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 240l sum sum_times_zetas + +let inv_ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = + let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in + let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in + let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in + let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in + let upper_coefficients:u8 = + Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) + in + let combined:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l + combined + upper_coefficients + +let ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = + let zetas:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 + <: + i16) (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) + (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 + in + let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in + let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in + let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs + +let ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = + let zetas:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 + <: + i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 + (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 + zeta0 + in + let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 238l vector in + let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in + let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 68l vector in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs + +let ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = + let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in + let rhs:u8 = + Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) + in + let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in + let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in + let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in + let combined:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l + combined + upper_coefficients + +let ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = + let shuffle_with:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y + 12y 9y 8y 5y 4y 1y 0y 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y + in + let lhs_shuffled:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 lhs shuffle_with + in + let lhs_shuffled:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l lhs_shuffled + in + let lhs_evens:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 lhs_shuffled + in + let lhs_evens:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_evens + in + let lhs_odds:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l lhs_shuffled + in + let lhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_odds in + let rhs_shuffled:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs shuffle_with + in + let rhs_shuffled:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l rhs_shuffled + in + let rhs_evens:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 rhs_shuffled + in + let rhs_evens:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_evens + in + let rhs_odds:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l rhs_shuffled + in + let rhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_odds in + let left:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_evens rhs_evens + in + let right:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_odds rhs_odds + in + let right:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s right in + let right:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 right + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast ( + zeta3 <: i16) + <: + i32) + <: + i32) + (cast (zeta3 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) + (cast (zeta2 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) + (cast (zeta1 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) + (cast (zeta0 <: i16) <: i32) + <: + u8) + in + let products_left:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi32 left right + in + let products_left:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_left in + let rhs_adjacent_swapped:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y + 5y 4y 7y 6y 1y 0y 3y 2y 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y + <: + u8) + in + let products_right:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 lhs rhs_adjacent_swapped + in + let products_right:u8 = + Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_right + in + let products_right:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l products_right + in + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 170l products_left products_right diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst new file mode 100644 index 000000000..541e25541 --- /dev/null +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst @@ -0,0 +1,429 @@ +module Libcrux_polynomials_avx2.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +unfold +let t_FieldElement = i16 + +type t_PortableVector = { f_elements:t_Array i16 (sz 16) } + +let from_i16_array (array: t_Array i16 (sz 16)) : t_PortableVector = + { f_elements = array } <: t_PortableVector + +let serialize_11_ (v: t_PortableVector) : t_Array u8 (sz 22) = + let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (cast (v.f_elements.[ sz 0 ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + (((cast ((v.f_elements.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (((cast ((v.f_elements.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast (((v.f_elements.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (((cast ((v.f_elements.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (((cast ((v.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (((cast ((v.f_elements.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast (((v.f_elements.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (((cast ((v.f_elements.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (((cast ((v.f_elements.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast ((v.f_elements.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 11) + (cast (v.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (((cast ((v.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (((cast ((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 14) + (cast (((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (((cast ((v.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (((cast ((v.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 17) + (((cast ((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (cast (((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (((cast ((v.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 20) + (((cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 21) + (cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 3l <: i16) <: u8) + in + result + +let to_i16_array (v: t_PortableVector) : t_Array i16 (sz 16) = v.f_elements + +let zero (_: Prims.unit) : t_PortableVector = + { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector + +let deserialize_11_ (bytes: t_Slice u8) : t_PortableVector = + let result:t_PortableVector = zero () in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 0) + ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 2) + (((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 3) + ((((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 4) + ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 5) + (((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 6) + ((((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 7) + (((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 8) + ((((cast (bytes.[ sz 11 +! sz 1 <: usize ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 10) + (((((cast (bytes.[ sz 11 +! sz 4 <: usize ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 11) + ((((cast (bytes.[ sz 11 +! sz 5 <: usize ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 12) + ((((cast (bytes.[ sz 11 +! sz 6 <: usize ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 13) + (((((cast (bytes.[ sz 11 +! sz 8 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 14) + ((((cast (bytes.[ sz 11 +! sz 9 <: usize ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 15) + (((cast (bytes.[ sz 11 +! sz 10 <: usize ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + t_PortableVector + in + result diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst new file mode 100644 index 000000000..65ce23750 --- /dev/null +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst @@ -0,0 +1,2111 @@ +module Libcrux_polynomials_avx2.Sampling +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = + let list = + [ + (let list = + [ + 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [ + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + (let list = + [2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list); + let list = + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 256); + Rust_primitives.Hax.array_of_list 256 list + +let rejection_sample (input: t_Slice u8) (output: t_Slice i16) : (t_Slice i16 & usize) = + let field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS + in + let potential_coefficients:u8 = Libcrux_polynomials_avx2.Serialize.deserialize_12_ input in + let compare_with_field_modulus:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cmpgt_epi16 field_modulus + potential_coefficients + in + let good:t_Array u8 (sz 2) = + Libcrux_polynomials_avx2.Serialize.serialize_1_ compare_with_field_modulus + in + let lower_shuffles:t_Array u8 (sz 16) = + v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] <: u8) <: usize ] + in + let lower_shuffles:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles + + <: + t_Slice u8) + in + let lower_coefficients:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 potential_coefficients + in + let lower_coefficients:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 lower_coefficients lower_shuffles + in + let output:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range output + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + <: + Core.Ops.Range.t_Range usize) + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + lower_coefficients + <: + t_Slice i16) + in + let sampled_count:usize = + cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize + in + let upper_shuffles:t_Array u8 (sz 16) = + v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] <: u8) <: usize ] + in + let upper_shuffles:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles + + <: + t_Slice u8) + in + let upper_coefficients:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l potential_coefficients + in + let upper_coefficients:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 upper_coefficients upper_shuffles + in + let output:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range output + ({ + Core.Ops.Range.f_start = sampled_count; + Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { + Core.Ops.Range.f_start = sampled_count; + Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + upper_coefficients + <: + t_Slice i16) + in + let hax_temp_output:usize = + sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) + in + output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst new file mode 100644 index 000000000..f951730a4 --- /dev/null +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst @@ -0,0 +1,557 @@ +module Libcrux_polynomials_avx2.Serialize +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let deserialize_1_ (bytes: t_Slice u8) : u8 = + let coefficients:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) + <: + i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) + in + let shift_lsb_to_msb:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s <>! 8l <: i32) <: u8) + in + serialized + +let serialize_10_ (vector: u8) : t_Array u8 (sz 20) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let adjacent_2_combined:u8 = + Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 vector + (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s < true); + f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); + f_ZERO = (fun (_: Prims.unit) -> zero ()); + f_to_i16_array_pre = (fun (v: t_SIMD256Vector) -> true); + f_to_i16_array_post = (fun (v: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); + f_to_i16_array = (fun (v: t_SIMD256Vector) -> to_i16_array v); + f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); + f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> true); + f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); + f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_add + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + { f_elements = Libcrux_polynomials_avx2.Arithmetic.add lhs.f_elements rhs.f_elements } + <: + t_SIMD256Vector); + f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_sub_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_sub + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + { f_elements = Libcrux_polynomials_avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } + <: + t_SIMD256Vector); + f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); + f_multiply_by_constant_post = (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> true); + f_multiply_by_constant + = + (fun (v: t_SIMD256Vector) (c: i16) -> + { f_elements = Libcrux_polynomials_avx2.Arithmetic.multiply_by_constant v.f_elements c } + <: + t_SIMD256Vector); + f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); + f_bitwise_and_with_constant_post + = + (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); + f_bitwise_and_with_constant + = + (fun (vector: t_SIMD256Vector) (constant: i16) -> + { + f_elements + = + Libcrux_polynomials_avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant + } + <: + t_SIMD256Vector); + f_shift_right_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); + f_shift_right_post + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_shift_right + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> + { + f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements + } + <: + t_SIMD256Vector); + f_shift_left_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); + f_shift_left_post + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_shift_left + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> + { f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_left v_SHIFT_BY vector.f_elements } + <: + t_SIMD256Vector); + f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); + f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_cond_subtract_3329_ + = + (fun (vector: t_SIMD256Vector) -> + { f_elements = Libcrux_polynomials_avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } + <: + t_SIMD256Vector); + f_barrett_reduce_pre = (fun (vector: t_SIMD256Vector) -> true); + f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_barrett_reduce + = + (fun (vector: t_SIMD256Vector) -> + { f_elements = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce vector.f_elements } + <: + t_SIMD256Vector); + f_montgomery_multiply_by_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); + f_montgomery_multiply_by_constant_post + = + (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); + f_montgomery_multiply_by_constant + = + (fun (vector: t_SIMD256Vector) (constant: i16) -> + { + f_elements + = + Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements + constant + } + <: + t_SIMD256Vector); + f_compress_1_pre = (fun (vector: t_SIMD256Vector) -> true); + f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_compress_1_ + = + (fun (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_polynomials_avx2.Compress.compress_message_coefficient vector.f_elements + } + <: + t_SIMD256Vector); + f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); + f_compress_post + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_compress + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_polynomials_avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS + vector.f_elements + } + <: + t_SIMD256Vector); + f_decompress_ciphertext_coefficient_pre + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); + f_decompress_ciphertext_coefficient_post + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_decompress_ciphertext_coefficient + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_polynomials_avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS + vector.f_elements + } + <: + t_SIMD256Vector); + f_ntt_layer_1_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); + f_ntt_layer_1_step_post + = + (fun + (vector: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: t_SIMD256Vector) + -> + true); + f_ntt_layer_1_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + { + f_elements + = + Libcrux_polynomials_avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3 + } + <: + t_SIMD256Vector); + f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); + f_ntt_layer_2_step_post + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + f_ntt_layer_2_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 } + <: + t_SIMD256Vector); + f_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); + f_ntt_layer_3_step_post + = + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + f_ntt_layer_3_step + = + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } + <: + t_SIMD256Vector); + f_inv_ntt_layer_1_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); + f_inv_ntt_layer_1_step_post + = + (fun + (vector: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: t_SIMD256Vector) + -> + true); + f_inv_ntt_layer_1_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + { + f_elements + = + Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_1_step vector.f_elements + zeta0 + zeta1 + zeta2 + zeta3 + } + <: + t_SIMD256Vector); + f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); + f_inv_ntt_layer_2_step_post + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + f_inv_ntt_layer_2_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + { + f_elements + = + Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 + } + <: + t_SIMD256Vector); + f_inv_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); + f_inv_ntt_layer_3_step_post + = + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + f_inv_ntt_layer_3_step + = + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + { f_elements = Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } + <: + t_SIMD256Vector); + f_ntt_multiply_pre + = + (fun + (lhs: t_SIMD256Vector) + (rhs: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_ntt_multiply_post + = + (fun + (lhs: t_SIMD256Vector) + (rhs: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: t_SIMD256Vector) + -> + true); + f_ntt_multiply + = + (fun + (lhs: t_SIMD256Vector) + (rhs: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + { + f_elements + = + Libcrux_polynomials_avx2.Ntt.ntt_multiply lhs.f_elements + rhs.f_elements + zeta0 + zeta1 + zeta2 + zeta3 + } + <: + t_SIMD256Vector); + f_serialize_1_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_1_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> true); + f_serialize_1_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_polynomials_avx2.Serialize.serialize_1_ vector.f_elements); + f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_1_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); + f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); + f_serialize_4_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_polynomials_avx2.Serialize.serialize_4_ vector.f_elements); + f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_4_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); + f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); + f_serialize_5_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_polynomials_avx2.Serialize.serialize_5_ vector.f_elements); + f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_5_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); + f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); + f_serialize_10_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_polynomials_avx2.Serialize.serialize_10_ vector.f_elements); + f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_10_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector + ); + f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); + f_serialize_11_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_polynomials_avx2.Serialize.serialize_11_ vector.f_elements); + f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_11_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector + ); + f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); + f_serialize_12_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_polynomials_avx2.Serialize.serialize_12_ vector.f_elements); + f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_12_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector + ); + f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); + f_rej_sample_post + = + (fun (input: t_Slice u8) (output: t_Slice i16) (out1: (t_Slice i16 & usize)) -> true); + f_rej_sample + = + fun (input: t_Slice u8) (output: t_Slice i16) -> + let tmp0, out:(t_Slice i16 & usize) = + Libcrux_polynomials_avx2.Sampling.rejection_sample input output + in + let output:t_Slice i16 = tmp0 in + let hax_temp_output:usize = out in + output, hax_temp_output <: (t_Slice i16 & usize) + } From 5232b2974bb9ff92f118f14bf2fe20cda445cd39 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 22 May 2024 10:39:42 +0200 Subject: [PATCH 12/94] move neon hash functions into sha3 for ml-kem --- libcrux-ml-kem/src/hash_functions.rs | 145 +--------------------- libcrux-sha3/src/lib.rs | 172 ++++++++++++++++++++++++++- 2 files changed, 170 insertions(+), 147 deletions(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index b2619ec68..3cd52e24f 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -368,52 +368,13 @@ pub(crate) mod neon { fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - let mut out = [[0u8; LEN]; K]; - match K { - 2 => { - let (out0, out1) = out.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - } - 3 => { - let mut extra = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - x2::shake256(&input[2], &input[2], &mut out2[0], &mut extra); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - x2::shake256(&input[2], &input[3], &mut out2[0], &mut out3[0]); - } - _ => unreachable!(), - } - out + x2::shake256xN(input) } fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); - let mut state = [ - x2::incremental::shake128_init(), - x2::incremental::shake128_init(), - ]; + let state = x2::incremental::shake128_absorb_finalxN(input); - match K { - 2 => { - x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); - } - 3 => { - x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); - x2::incremental::shake128_absorb_final(&mut state[1], &input[2], &input[2]); - } - _ => { - x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); - x2::incremental::shake128_absorb_final(&mut state[1], &input[2], &input[3]); - } - } - // _ => unreachable!("This function is only called with 2, 3, 4"), Self { shake128_state: state, } @@ -421,110 +382,12 @@ pub(crate) mod neon { fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - - let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { - 2 => { - let (out0, out1) = out.split_at_mut(1); - x2::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], - ); - } - 3 => { - let mut extra = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x2::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], - ); - x2::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state[1], - &mut out2[0], - &mut extra, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x2::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], - ); - x2::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state[1], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!(), - } - out + x2::incremental::shake128_squeeze3xN(&mut self.shake128_state) } fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - - let mut out = [[0u8; BLOCK_SIZE]; K]; - match K { - 2 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - x2::incremental::shake128_squeeze_next_block( - &mut self.shake128_state[0], - &mut out0, - &mut out1, - ); - out[0] = out0; - out[1] = out1; - } - 3 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - let mut out2 = [0u8; BLOCK_SIZE]; - let mut out3 = [0u8; BLOCK_SIZE]; - x2::incremental::shake128_squeeze_next_block( - &mut self.shake128_state[0], - &mut out0, - &mut out1, - ); - x2::incremental::shake128_squeeze_next_block( - &mut self.shake128_state[1], - &mut out2, - &mut out3, - ); - out[0] = out0; - out[1] = out1; - out[2] = out2; - } - 4 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - let mut out2 = [0u8; BLOCK_SIZE]; - let mut out3 = [0u8; BLOCK_SIZE]; - x2::incremental::shake128_squeeze_next_block( - &mut self.shake128_state[0], - &mut out0, - &mut out1, - ); - x2::incremental::shake128_squeeze_next_block( - &mut self.shake128_state[1], - &mut out2, - &mut out3, - ); - out[0] = out0; - out[1] = out1; - out[2] = out2; - out[3] = out3; - } - _ => unreachable!(), - } - out + x2::incremental::shake128_squeezexN(&mut self.shake128_state) } } } diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 86557d392..b0ea0b729 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -354,6 +354,40 @@ pub mod neon { keccakx2::<136, 0x1fu8>([input0, input1], [out0, out1]); } + /// Run up to 4 SHAKE256 operations in parallel. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[allow(non_snake_case)] + pub fn shake256xN( + input: &[[u8; 33]; N], + ) -> [[u8; LEN]; N] { + debug_assert!(N == 2 || N == 3 || N == 4); + + let mut out = [[0u8; LEN]; N]; + match N { + 2 => { + let (out0, out1) = out.split_at_mut(1); + shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + } + 3 => { + let mut extra = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + shake256(&input[2], &input[2], &mut out2[0], &mut extra); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + shake256(&input[2], &input[3], &mut out2[0], &mut out3[0]); + } + _ => unreachable!("Only 2, 3, or 4 are supported for N"), + } + out + } + /// An incremental API to perform 2 operations in parallel pub mod incremental { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] @@ -406,8 +440,36 @@ pub mod neon { ); } + /// Perform up to 4 absorbs at the same time, using two [`KeccakState2`]. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[allow(unused_variables, non_snake_case)] + pub fn shake128_absorb_finalxN( + input: [[u8; 34]; N], + ) -> [KeccakState2; 2] { + debug_assert!(N == 2 || N == 3 || N == 4); + let mut state = [shake128_init(), shake128_init()]; + + match N { + 2 => { + shake128_absorb_final(&mut state[0], &input[0], &input[1]); + } + 3 => { + shake128_absorb_final(&mut state[0], &input[0], &input[1]); + shake128_absorb_final(&mut state[1], &input[2], &input[2]); + } + 4 => { + shake128_absorb_final(&mut state[0], &input[0], &input[1]); + shake128_absorb_final(&mut state[1], &input[2], &input[3]); + } + _ => unreachable!("This function can only called be called with N = 2, 3, 4"), + } + + state + } + #[allow(unused_variables)] - pub fn shake128_squeeze_first_three_blocks( + fn shake128_squeeze_first_three_blocks( s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8], @@ -428,12 +490,63 @@ pub mod neon { ) } + /// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState2`]. + /// Each block is of size `LEN`. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[allow(unused_variables, non_snake_case)] + pub fn shake128_squeeze3xN( + state: &mut [KeccakState2; 2], + ) -> [[u8; LEN]; N] { + debug_assert!(N == 2 || N == 3 || N == 4); + + let mut out = [[0u8; LEN]; N]; + match N { + 2 => { + let (out0, out1) = out.split_at_mut(1); + shake128_squeeze_first_three_blocks( + &mut state[0], + &mut out0[0], + &mut out1[0], + ); + } + 3 => { + let mut extra = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + shake128_squeeze_first_three_blocks( + &mut state[0], + &mut out0[0], + &mut out1[0], + ); + shake128_squeeze_first_three_blocks( + &mut state[1], + &mut out2[0], + &mut extra, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + shake128_squeeze_first_three_blocks( + &mut state[0], + &mut out0[0], + &mut out1[0], + ); + shake128_squeeze_first_three_blocks( + &mut state[1], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function can only called be called with N = 2, 3, 4"), + } + out + } + #[allow(unused_variables)] - pub fn shake128_squeeze_next_block( - s: &mut KeccakState2, - out0: &mut [u8], - out1: &mut [u8], - ) { + fn shake128_squeeze_next_block(s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with @@ -449,6 +562,53 @@ pub mod neon { [out0, out1], ) } + + /// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState2`]. + /// Each block is of size `LEN`. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[allow(unused_variables, non_snake_case)] + pub fn shake128_squeezexN( + state: &mut [KeccakState2; 2], + ) -> [[u8; LEN]; N] { + debug_assert!(N == 2 || N == 3 || N == 4); + + let mut out = [[0u8; LEN]; N]; + match N { + 2 => { + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + shake128_squeeze_next_block(&mut state[0], &mut out0, &mut out1); + out[0] = out0; + out[1] = out1; + } + 3 => { + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + let mut out2 = [0u8; LEN]; + let mut out3 = [0u8; LEN]; + shake128_squeeze_next_block(&mut state[0], &mut out0, &mut out1); + shake128_squeeze_next_block(&mut state[1], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; + } + 4 => { + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + let mut out2 = [0u8; LEN]; + let mut out3 = [0u8; LEN]; + shake128_squeeze_next_block(&mut state[0], &mut out0, &mut out1); + shake128_squeeze_next_block(&mut state[1], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; + } + _ => unreachable!("This function is only called with N = 2, 3, 4"), + } + out + } } } } From ec4959c28fcb21a5da3cbb0ec3cb009d90a4cf93 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 22 May 2024 11:03:17 +0200 Subject: [PATCH 13/94] inline hashing and avx2 hax extraction --- libcrux-ml-kem/src/hash_functions.rs | 197 ++++++++++++++++++++- libcrux-sha3/src/lib.rs | 245 ++++++++++++++++++++++++++- 2 files changed, 435 insertions(+), 7 deletions(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 3cd52e24f..5bcfa6101 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -59,24 +59,28 @@ pub(crate) mod portable { } impl Hash for PortableHash { + #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; portable::sha512(&mut digest, input); digest } + #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; portable::sha256(&mut digest, input); digest } + #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; portable::shake256(&mut digest, input); digest } + #[inline(always)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); @@ -87,6 +91,7 @@ pub(crate) mod portable { out } + #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); @@ -99,6 +104,7 @@ pub(crate) mod portable { } } + #[inline(always)] fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); @@ -109,6 +115,7 @@ pub(crate) mod portable { out } + #[inline(always)] fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); @@ -138,26 +145,31 @@ pub(crate) mod avx2 { } impl Hash for Simd256Hash { + #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; portable::sha512(&mut digest, input); digest } + #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; portable::sha256(&mut digest, input); digest } + #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; portable::shake256(&mut digest, input); digest } + #[inline(always)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); +<<<<<<< HEAD let mut out = [[0u8; LEN]; K]; match K { @@ -209,12 +221,69 @@ pub(crate) mod avx2 { _ => unreachable!(), } out +||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) + let mut out = [[0u8; LEN]; K]; + + match K { + 2 => { + let mut dummy_out0 = [0u8; LEN]; + let mut dummy_out1 = [0u8; LEN]; + let (out0, out1) = out.split_at_mut(1); + x4::shake256( + &input[0], + &input[1], + &input[0], + &input[0], + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::shake256( + &input[0], + &input[1], + &input[2], + &input[0], + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::shake256( + &input[0], + &input[1], + &input[2], + &input[3], + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function is only called with 2, 3, 4"), + } + out +======= + x4::shake256xN(input) +>>>>>>> 92257b7 (inline hashing and avx2 hax extraction) } + #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); - let mut state = x4::incremental::shake128_init(); + let state = x4::incremental::shake128_absorb_finalxN(input); +<<<<<<< HEAD match K { 2 => { x4::incremental::shake128_absorb_final( @@ -233,13 +302,36 @@ pub(crate) mod avx2 { } _ => unreachable!(), } +||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) + match K { + 2 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[0], &input[0], + ); + } + 3 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[0], + ); + } + 4 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[3], + ); + } + _ => unreachable!("This function is only called with 2, 3, 4"), + } +======= +>>>>>>> 92257b7 (inline hashing and avx2 hax extraction) Self { shake128_state: state, } } + #[inline(always)] fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); +<<<<<<< HEAD let mut out = [[0u8; THREE_BLOCKS]; K]; match K { @@ -282,10 +374,58 @@ pub(crate) mod avx2 { _ => unreachable!(), } out +||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) + + let mut out = [[0u8; THREE_BLOCKS]; K]; + match K { + 2 => { + let mut dummy_out0 = [0u8; THREE_BLOCKS]; + let mut dummy_out1 = [0u8; THREE_BLOCKS]; + let (out0, out1) = out.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; THREE_BLOCKS]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function is only called with 2, 3, 4"), + } + out +======= + x4::incremental::shake128_squeeze3xN(&mut self.shake128_state) +>>>>>>> 92257b7 (inline hashing and avx2 hax extraction) } + #[inline(always)] fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); +<<<<<<< HEAD let mut dummy_out0 = [0u8; BLOCK_SIZE]; let mut dummy_out1 = [0u8; BLOCK_SIZE]; @@ -329,6 +469,53 @@ pub(crate) mod avx2 { _ => unreachable!(), } out +||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) + + let mut dummy_out0 = [0u8; BLOCK_SIZE]; + let mut dummy_out1 = [0u8; BLOCK_SIZE]; + + let mut out = [[0u8; BLOCK_SIZE]; K]; + + match K { + 2 => { + let (out0, out1) = out.split_at_mut(1); + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function is only called with 2, 3, 4"), + } + out +======= + x4::incremental::shake128_squeezexN(&mut self.shake128_state) +>>>>>>> 92257b7 (inline hashing and avx2 hax extraction) } } } @@ -347,30 +534,34 @@ pub(crate) mod neon { } impl Hash for Simd128Hash { + #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; libcrux_sha3::neon::sha512(&mut digest, input); digest } + #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; libcrux_sha3::neon::sha256(&mut digest, input); digest } + #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; libcrux_sha3::neon::shake256(&mut digest, input); digest } + #[inline(always)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x2::shake256xN(input) } + #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); let state = x2::incremental::shake128_absorb_finalxN(input); @@ -380,11 +571,13 @@ pub(crate) mod neon { } } + #[inline(always)] fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); x2::incremental::shake128_squeeze3xN(&mut self.shake128_state) } + #[inline(always)] fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); x2::incremental::shake128_squeezexN(&mut self.shake128_state) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index b0ea0b729..d491e0110 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -189,31 +189,37 @@ pub mod portable { } /// A portable SHA3 224 implementation. + #[inline(always)] pub fn sha224(digest: &mut [u8], data: &[u8]) { keccakx1::<144, 0x06u8>([data], [digest]); } /// A portable SHA3 256 implementation. + #[inline(always)] pub fn sha256(digest: &mut [u8], data: &[u8]) { keccakx1::<136, 0x06u8>([data], [digest]); } /// A portable SHA3 384 implementation. + #[inline(always)] pub fn sha384(digest: &mut [u8], data: &[u8]) { keccakx1::<104, 0x06u8>([data], [digest]); } /// A portable SHA3 512 implementation. + #[inline(always)] pub fn sha512(digest: &mut [u8], data: &[u8]) { keccakx1::<72, 0x06u8>([data], [digest]); } /// A portable SHAKE128 implementation. + #[inline(always)] pub fn shake128(digest: &mut [u8; LEN], data: &[u8]) { keccakx1::<168, 0x1fu8>([data], [digest]); } /// A portable SHAKE256 implementation. + #[inline(always)] pub fn shake256(digest: &mut [u8; LEN], data: &[u8]) { keccakx1::<136, 0x1fu8>([data], [digest]); } @@ -225,6 +231,7 @@ pub mod portable { use super::*; /// Initialise the SHAKE state. + #[inline(always)] pub fn shake128_init() -> KeccakState1 { KeccakState1 { state: KeccakState::<1, u64>::new(), @@ -232,16 +239,19 @@ pub mod portable { } /// Absorb + #[inline(always)] pub fn shake128_absorb_final(s: &mut KeccakState1, data0: &[u8]) { absorb_final::<1, u64, 168, 0x1fu8>(&mut s.state, [data0]); } /// Squeeze three blocks + #[inline(always)] pub fn shake128_squeeze_first_three_blocks(s: &mut KeccakState1, out0: &mut [u8]) { squeeze_first_three_blocks::<1, u64, 168>(&mut s.state, [out0]) } /// Squeeze another block + #[inline(always)] pub fn shake128_squeeze_next_block(s: &mut KeccakState1, out0: &mut [u8]) { squeeze_next_block::<1, u64, 168>(&mut s.state, [out0]) } @@ -267,6 +277,7 @@ pub mod neon { /// A portable SHA3 224 implementation. #[allow(unused_variables)] + #[inline(always)] pub fn sha224(digest: &mut [u8], data: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -279,6 +290,7 @@ pub mod neon { /// A portable SHA3 256 implementation. #[allow(unused_variables)] + #[inline(always)] pub fn sha256(digest: &mut [u8], data: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -291,6 +303,7 @@ pub mod neon { /// A portable SHA3 384 implementation. #[allow(unused_variables)] + #[inline(always)] pub fn sha384(digest: &mut [u8], data: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -303,6 +316,7 @@ pub mod neon { /// A portable SHA3 512 implementation. #[allow(unused_variables)] + #[inline(always)] pub fn sha512(digest: &mut [u8], data: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -315,6 +329,7 @@ pub mod neon { /// A portable SHAKE128 implementation. #[allow(unused_variables)] + #[inline(always)] pub fn shake128(digest: &mut [u8; LEN], data: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -327,6 +342,7 @@ pub mod neon { /// A portable SHAKE256 implementation. #[allow(unused_variables)] + #[inline(always)] pub fn shake256(digest: &mut [u8; LEN], data: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -346,6 +362,7 @@ pub mod neon { /// /// Writes the two results into `out0` and `out1` #[allow(unused_variables)] + #[inline(always)] pub fn shake256(input0: &[u8], input1: &[u8], out0: &mut [u8], out1: &mut [u8]) { // TODO: make argument ordering consistent #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] @@ -358,6 +375,7 @@ pub mod neon { /// /// **PANICS** when `N` is not 2, 3, or 4. #[allow(non_snake_case)] + #[inline(always)] pub fn shake256xN( input: &[[u8; 33]; N], ) -> [[u8; LEN]; N] { @@ -406,6 +424,8 @@ pub mod neon { state: [crate::portable::KeccakState1; 2], } + /// Initialise the `KeccakState2`. + #[inline(always)] pub fn shake128_init() -> KeccakState2 { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -422,8 +442,9 @@ pub mod neon { } } + #[inline(always)] #[allow(unused_variables)] - pub fn shake128_absorb_final(s: &mut KeccakState2, data0: &[u8], data1: &[u8]) { + fn shake128_absorb_final(s: &mut KeccakState2, data0: &[u8], data1: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with @@ -440,10 +461,12 @@ pub mod neon { ); } - /// Perform up to 4 absorbs at the same time, using two [`KeccakState2`]. + /// Initialise the state and perform up to 4 absorbs at the same time, + /// using two [`KeccakState2`]. /// /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] + #[inline(always)] pub fn shake128_absorb_finalxN( input: [[u8; 34]; N], ) -> [KeccakState2; 2] { @@ -469,6 +492,7 @@ pub mod neon { } #[allow(unused_variables)] + #[inline(always)] fn shake128_squeeze_first_three_blocks( s: &mut KeccakState2, out0: &mut [u8], @@ -495,6 +519,7 @@ pub mod neon { /// /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] + #[inline(always)] pub fn shake128_squeeze3xN( state: &mut [KeccakState2; 2], ) -> [[u8; LEN]; N] { @@ -546,6 +571,7 @@ pub mod neon { } #[allow(unused_variables)] + #[inline(always)] fn shake128_squeeze_next_block(s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -568,6 +594,7 @@ pub mod neon { /// /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] + #[inline(always)] pub fn shake128_squeezexN( state: &mut [KeccakState2; 2], ) -> [[u8; LEN]; N] { @@ -629,6 +656,7 @@ pub mod avx2 { /// Perform 4 SHAKE256 operations in parallel #[allow(unused_variables)] // TODO: decide if we want to fall back here + #[inline(always)] pub fn shake256( input0: &[u8], input1: &[u8], @@ -661,6 +689,68 @@ pub mod avx2 { ); } + /// Run up to 4 SHAKE256 operations in parallel. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[allow(unused_variables, non_snake_case)] + #[inline(always)] + pub fn shake256xN( + input: &[[u8; 33]; N], + ) -> [[u8; LEN]; N] { + debug_assert!(N == 2 || N == 3 || N == 4); + let mut out = [[0u8; LEN]; N]; + + match N { + 2 => { + let mut dummy_out0 = [0u8; LEN]; + let mut dummy_out1 = [0u8; LEN]; + let (out0, out1) = out.split_at_mut(1); + shake256( + &input[0], + &input[1], + &input[0], + &input[0], + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + shake256( + &input[0], + &input[1], + &input[2], + &input[0], + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + shake256( + &input[0], + &input[1], + &input[2], + &input[3], + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + out + } + /// An incremental API to perform 4 operations in parallel pub mod incremental { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] @@ -680,6 +770,8 @@ pub mod avx2 { )))] pub type KeccakState4 = [crate::portable::KeccakState1; 4]; + /// Initialise the [`KeccakState4`]. + #[inline(always)] pub fn shake128_init() -> KeccakState4 { #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] unimplemented!("The target architecture does not support neon instructions."); @@ -703,8 +795,9 @@ pub mod avx2 { KeccakState4::new() } + #[inline(always)] #[allow(unused_variables)] // TODO: decide if we want to fall back here - pub fn shake128_absorb_final( + fn shake128_absorb_final( s: &mut KeccakState4, data0: &[u8], data1: &[u8], @@ -742,8 +835,41 @@ pub mod avx2 { ); } + /// Initialise the state and perform up to 4 absorbs at the same time, + /// using two [`KeccakState4`]. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[inline(always)] + #[allow(unused_variables, non_snake_case)] + pub fn shake128_absorb_finalxN(input: [[u8; 34]; N]) -> KeccakState4 { + debug_assert!(N == 2 || N == 3 || N == 4); + let mut state = shake128_init(); + + match N { + 2 => { + shake128_absorb_final( + &mut state, &input[0], &input[1], &input[0], &input[0], + ); + } + 3 => { + shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[0], + ); + } + 4 => { + shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[3], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + + state + } + + #[inline(always)] #[allow(unused_variables)] // TODO: decide if we want to fall back here - pub fn shake128_squeeze_first_three_blocks( + fn shake128_squeeze_first_three_blocks( s: &mut KeccakState4, out0: &mut [u8], out1: &mut [u8], @@ -781,8 +907,63 @@ pub mod avx2 { ); } + /// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState4`]. + /// Each block is of size `LEN`. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[inline(always)] + #[allow(unused_variables, non_snake_case)] + pub fn shake128_squeeze3xN( + state: &mut KeccakState4, + ) -> [[u8; LEN]; N] { + debug_assert!(N == 2 || N == 3 || N == 4); + + let mut out = [[0u8; LEN]; N]; + match N { + 2 => { + let mut dummy_out0 = [0u8; LEN]; + let mut dummy_out1 = [0u8; LEN]; + let (out0, out1) = out.split_at_mut(1); + shake128_squeeze_first_three_blocks( + state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + shake128_squeeze_first_three_blocks( + state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + shake128_squeeze_first_three_blocks( + state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + out + } + + #[inline(always)] #[allow(unused_variables)] // TODO: decide if we want to fall back here - pub fn shake128_squeeze_next_block( + fn shake128_squeeze_next_block( s: &mut KeccakState4, out0: &mut [u8], out1: &mut [u8], @@ -819,6 +1000,60 @@ pub mod avx2 { [out0, out1, out2, out3], ); } + + /// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState4`]. + /// Each block is of size `LEN`. + /// + /// **PANICS** when `N` is not 2, 3, or 4. + #[allow(unused_variables, non_snake_case)] + #[inline(always)] + pub fn shake128_squeezexN( + state: &mut KeccakState4, + ) -> [[u8; LEN]; N] { + debug_assert!(N == 2 || N == 3 || N == 4); + + let mut out = [[0u8; LEN]; N]; + match N { + 2 => { + let mut dummy_out0 = [0u8; LEN]; + let mut dummy_out1 = [0u8; LEN]; + let (out0, out1) = out.split_at_mut(1); + shake128_squeeze_next_block( + state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + shake128_squeeze_next_block( + state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + shake128_squeeze_next_block( + state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function is only called with 2, 3, 4"), + } + out + } } } } From b46607b79a8a3176d0ff886fbf6d387442a78980 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 22 May 2024 11:07:40 +0200 Subject: [PATCH 14/94] changes for F* extraction --- libcrux-ml-kem/src/ind_cpa.rs | 11 ++++++++--- libcrux-ml-kem/src/sampling.rs | 6 ++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 7195c7a81..6e2ab6ae6 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -321,13 +321,18 @@ pub(crate) fn encrypt< let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; - let (c1, c2) = ciphertext.split_at_mut(C1_LEN); // c_1 := Encode_{du}(Compress_q(u,d_u)) - compress_then_serialize_u::(u, c1); + compress_then_serialize_u::( + u, + &mut ciphertext[0..C1_LEN], + ); // c_2 := Encode_{dv}(Compress_q(v,d_v)) - compress_then_serialize_ring_element_v::(v, c2); + compress_then_serialize_ring_element_v::( + v, + &mut ciphertext[C1_LEN..], + ); ciphertext } diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 8e9d88e78..4a0476b50 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -53,8 +53,10 @@ fn sample_from_uniform_distribution_next Date: Wed, 22 May 2024 11:11:44 +0200 Subject: [PATCH 15/94] updated F* --- .../extraction/Libcrux_ml_kem.Constants.fsti | 10 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 145 +++++ .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 148 +++++ ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 283 +++++++++ .../Libcrux_ml_kem.Hash_functions.fst | 127 ---- .../Libcrux_ml_kem.Hash_functions.fsti | 74 ++- ..._ml_kem.fst => Libcrux_ml_kem.Ind_cca.fst} | 397 ++++++++----- ...l_kem.fsti => Libcrux_ml_kem.Ind_cca.fsti} | 51 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 289 ++++++---- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 27 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 314 ++++++++++ .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 60 ++ .../extraction/Libcrux_ml_kem.Matrix.fst | 172 +++--- .../extraction/Libcrux_ml_kem.Matrix.fsti | 33 +- ...r1024.fst => Libcrux_ml_kem.Mlkem1024.fst} | 27 +- ...024.fsti => Libcrux_ml_kem.Mlkem1024.fsti} | 37 +- ...ber512.fst => Libcrux_ml_kem.Mlkem512.fst} | 26 +- ...r512.fsti => Libcrux_ml_kem.Mlkem512.fsti} | 37 +- ...ber768.fst => Libcrux_ml_kem.Mlkem768.fst} | 27 +- ...r768.fsti => Libcrux_ml_kem.Mlkem768.fsti} | 37 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 473 ++++++++++++--- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 68 ++- .../extraction/Libcrux_ml_kem.Polynomial.fst | 545 ++---------------- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 111 +--- .../extraction/Libcrux_ml_kem.Sampling.fst | 336 ++++++----- .../extraction/Libcrux_ml_kem.Sampling.fsti | 11 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 406 ++++++------- .../extraction/Libcrux_ml_kem.Serialize.fsti | 11 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 6 - .../extraction/Libcrux_ml_kem.Types.fsti | 23 +- .../extraction/Libcrux_polynomials_avx2.fst | 4 +- 31 files changed, 2612 insertions(+), 1703 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fst rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.fst => Libcrux_ml_kem.Ind_cca.fst} (53%) rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.fsti => Libcrux_ml_kem.Ind_cca.fsti} (82%) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.Kyber1024.fst => Libcrux_ml_kem.Mlkem1024.fst} (59%) rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.Kyber1024.fsti => Libcrux_ml_kem.Mlkem1024.fsti} (80%) rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.Kyber512.fst => Libcrux_ml_kem.Mlkem512.fst} (59%) rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.Kyber512.fsti => Libcrux_ml_kem.Mlkem512.fsti} (80%) rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.Kyber768.fst => Libcrux_ml_kem.Mlkem768.fst} (59%) rename libcrux-ml-kem/proofs/fstar/extraction/{Libcrux_ml_kem.Kyber768.fsti => Libcrux_ml_kem.Mlkem768.fsti} (80%) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 1595f5594..775204a6c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -17,10 +17,14 @@ let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 -/// Field modulus: 3329 -let v_FIELD_MODULUS: i32 = 3329l +/// SHA3 512 digest size +let v_G_DIGEST_SIZE: usize = sz 64 +/// SHA3 256 digest size let v_H_DIGEST_SIZE: usize = sz 32 -/// PKE message size +/// The size of an ML-KEM shared secret. let v_SHARED_SECRET_SIZE: usize = sz 32 + +/// Field modulus: 3329 +let v__FIELD_MODULUS: i16 = 3329s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti new file mode 100644 index 000000000..a1c8ed093 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -0,0 +1,145 @@ +module Libcrux_ml_kem.Hash_functions.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// The state. +/// It's only used for SHAKE128. +/// All other functions don't actually use any members. +type t_Simd256Hash = { + f_shake128_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = + { + f_G_pre = (fun (input: t_Slice u8) -> true); + f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> true); + f_G + = + (fun (input: t_Slice u8) -> + let digest:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let digest:t_Array u8 (sz 64) = Libcrux_sha3.Portable.sha512 digest input in + digest); + f_H_pre = (fun (input: t_Slice u8) -> true); + f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> true); + f_H + = + (fun (input: t_Slice u8) -> + let digest:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let digest:t_Array u8 (sz 32) = Libcrux_sha3.Portable.sha256 digest input in + digest); + f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> true); + f_PRF_post = (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> true); + f_PRF + = + (fun (v_LEN: usize) (input: t_Slice u8) -> + let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 v_LEN digest input in + digest); + f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); + f_PRFxN_post + = + (fun + (v_LEN: usize) + (input: t_Array (t_Array u8 (sz 33)) v_K) + (out: t_Array (t_Array u8 v_LEN) v_K) + -> + true); + f_PRFxN + = + (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Libcrux_sha3.Avx2.X4.shake256xN v_LEN v_K input); + f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); + f_shake128_init_absorb_post + = + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_Simd256Hash) -> true); + f_shake128_init_absorb + = + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_finalxN v_K input + in + { f_shake128_state = state } <: t_Simd256Hash); + f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); + f_shake128_squeeze_three_blocks_post + = + (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); + f_shake128_squeeze_three_blocks + = + (fun (self: t_Simd256Hash) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let tmp0, out:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) + Core.Core_arch.X86.t____m256i & + t_Array (t_Array u8 (sz 504)) v_K) = + Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze3xN (sz 504) v_K self.f_shake128_state + in + let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in + self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)); + f_shake128_squeeze_block_pre = (fun (self: t_Simd256Hash) -> true); + f_shake128_squeeze_block_post + = + (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); + f_shake128_squeeze_block + = + fun (self: t_Simd256Hash) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let tmp0, out:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i & + t_Array (t_Array u8 (sz 168)) v_K) = + Libcrux_sha3.Avx2.X4.Incremental.shake128_squeezexN (sz 168) v_K self.f_shake128_state + in + let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in + self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti new file mode 100644 index 000000000..9b65ef28b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -0,0 +1,148 @@ +module Libcrux_ml_kem.Hash_functions.Neon +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// The state. +/// It's only used for SHAKE128. +/// All other functions don't actually use any members. +type t_Simd128Hash = { + f_shake128_state:t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) + (sz 2) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = + { + f_G_pre = (fun (input: t_Slice u8) -> true); + f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> true); + f_G + = + (fun (input: t_Slice u8) -> + let digest:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let digest:t_Array u8 (sz 64) = Libcrux_sha3.Neon.sha512 digest input in + digest); + f_H_pre = (fun (input: t_Slice u8) -> true); + f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> true); + f_H + = + (fun (input: t_Slice u8) -> + let digest:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let digest:t_Array u8 (sz 32) = Libcrux_sha3.Neon.sha256 digest input in + digest); + f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> true); + f_PRF_post = (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> true); + f_PRF + = + (fun (v_LEN: usize) (input: t_Slice u8) -> + let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Neon.shake256 v_LEN digest input in + digest); + f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); + f_PRFxN_post + = + (fun + (v_LEN: usize) + (input: t_Array (t_Array u8 (sz 33)) v_K) + (out: t_Array (t_Array u8 v_LEN) v_K) + -> + true); + f_PRFxN + = + (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + Libcrux_sha3.Neon.X2.shake256xN v_LEN v_K input); + f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); + f_shake128_init_absorb_post + = + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_Simd128Hash) -> true); + f_shake128_init_absorb + = + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let state:t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) + (sz 2) = + Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_finalxN v_K input + in + { f_shake128_state = state } <: t_Simd128Hash); + f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); + f_shake128_squeeze_three_blocks_post + = + (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); + f_shake128_squeeze_three_blocks + = + (fun (self: t_Simd128Hash) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let tmp0, out:(t_Array + (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) (sz 2) & + t_Array (t_Array u8 (sz 504)) v_K) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze3xN (sz 504) v_K self.f_shake128_state + in + let self:t_Simd128Hash = { self with f_shake128_state = tmp0 } <: t_Simd128Hash in + let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in + self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)); + f_shake128_squeeze_block_pre = (fun (self: t_Simd128Hash) -> true); + f_shake128_squeeze_block_post + = + (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); + f_shake128_squeeze_block + = + fun (self: t_Simd128Hash) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let tmp0, out:(t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) + (sz 2) & + t_Array (t_Array u8 (sz 168)) v_K) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeezexN (sz 168) v_K self.f_shake128_state + in + let self:t_Simd128Hash = { self with f_shake128_state = tmp0 } <: t_Simd128Hash in + let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in + self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti new file mode 100644 index 000000000..8e0d569e7 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -0,0 +1,283 @@ +module Libcrux_ml_kem.Hash_functions.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// The state. +/// It's only used for SHAKE128. +/// All other functions don't actually use any members. +type t_PortableHash (v_K: usize) = { + f_shake128_state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K) v_K = + { + f_G_pre = (fun (input: t_Slice u8) -> true); + f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> true); + f_G + = + (fun (input: t_Slice u8) -> + let digest:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let digest:t_Array u8 (sz 64) = Libcrux_sha3.Portable.sha512 digest input in + digest); + f_H_pre = (fun (input: t_Slice u8) -> true); + f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> true); + f_H + = + (fun (input: t_Slice u8) -> + let digest:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let digest:t_Array u8 (sz 32) = Libcrux_sha3.Portable.sha256 digest input in + digest); + f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> true); + f_PRF_post = (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> true); + f_PRF + = + (fun (v_LEN: usize) (input: t_Slice u8) -> + let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 v_LEN digest input in + digest); + f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); + f_PRFxN_post + = + (fun + (v_LEN: usize) + (input: t_Array (t_Array u8 (sz 33)) v_K) + (out1: t_Array (t_Array u8 v_LEN) v_K) + -> + true); + f_PRFxN + = + (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + out + (fun out i -> + let out:t_Array (t_Array u8 v_LEN) v_K = out in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + i + (Libcrux_sha3.Portable.shake256 v_LEN + (out.[ i ] <: t_Array u8 v_LEN) + (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 33)) <: t_Slice u8) + <: + t_Array u8 v_LEN) + <: + t_Array (t_Array u8 v_LEN) v_K) + in + out); + f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); + f_shake128_init_absorb_post + = + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_PortableHash v_K) -> true); + f_shake128_init_absorb + = + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = + Rust_primitives.Hax.repeat (Libcrux_sha3.Portable.Incremental.shake128_init () + <: + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + v_K + in + let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + state + (fun state i -> + let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = + state + in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + i + (Libcrux_sha3.Portable.Incremental.shake128_absorb_final (state.[ i ] + <: + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + <: + t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K) + in + { f_shake128_state = state } <: t_PortableHash v_K); + f_shake128_squeeze_three_blocks_pre = (fun (self: t_PortableHash v_K) -> true); + f_shake128_squeeze_three_blocks_post + = + (fun + (self: t_PortableHash v_K) + (out1: (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K)) + -> + true); + f_shake128_squeeze_three_blocks + = + (fun (self: t_PortableHash v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 504) <: t_Array u8 (sz 504) + ) + v_K + in + let out, self:(t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (out, self <: (t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K)) + (fun temp_0_ i -> + let out, self:(t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K) = temp_0_ in + let i:usize = i in + let tmp0, tmp1:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 & + t_Array u8 (sz 504)) = + Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ i ] + <: + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + (out.[ i ] <: t_Array u8 (sz 504)) + in + let self:t_PortableHash v_K = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self + .f_shake128_state + i + tmp0 + } + <: + t_PortableHash v_K + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i tmp1 + in + out, self <: (t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K)) + in + let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in + self, hax_temp_output <: (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K)); + f_shake128_squeeze_block_pre = (fun (self: t_PortableHash v_K) -> true); + f_shake128_squeeze_block_post + = + (fun + (self: t_PortableHash v_K) + (out1: (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K)) + -> + true); + f_shake128_squeeze_block + = + fun (self: t_PortableHash v_K) -> + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) + v_K + in + let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K)) + (fun temp_0_ i -> + let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K) = temp_0_ in + let i:usize = i in + let tmp0, tmp1:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 & + t_Array u8 (sz 168)) = + Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ + i ] + <: + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + (out.[ i ] <: t_Array u8 (sz 168)) + in + let self:t_PortableHash v_K = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + i + tmp0 + } + <: + t_PortableHash v_K + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i tmp1 + in + out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K)) + in + let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in + self, hax_temp_output <: (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fst deleted file mode 100644 index ab33c84ba..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fst +++ /dev/null @@ -1,127 +0,0 @@ -module Libcrux_ml_kem.Hash_functions -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let free_state (xof_state: Libcrux_sha3.X4.t_Shake128StateX4) = - let _:Prims.unit = Libcrux_sha3.X4.impl__Shake128StateX4__free_memory xof_state in - () - -let v_H (input: t_Slice u8) = Libcrux_sha3.sha256 input - -let v_G (input: t_Slice u8) = Libcrux_sha3.sha512 input - -let v_PRF (v_LEN: usize) (input: t_Slice u8) = Libcrux_sha3.shake256 v_LEN input - -let squeeze_block (v_K: usize) (xof_state: Libcrux_sha3.X4.t_Shake128StateX4) = - let tmp0, out1:(Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_sha3.X4.impl__Shake128StateX4__squeeze_blocks (sz 168) v_K xof_state - in - let xof_state:Libcrux_sha3.X4.t_Shake128StateX4 = tmp0 in - let (output: t_Array (t_Array u8 (sz 168)) v_K):t_Array (t_Array u8 (sz 168)) v_K = out1 in - let out:t_Array (t_Array u8 (sz 168)) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) v_K - in - let out:t_Array (t_Array u8 (sz 168)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - out - (fun out i -> - let out:t_Array (t_Array u8 (sz 168)) v_K = out in - let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (output.[ i ] <: t_Array u8 (sz 168)) - <: - t_Array (t_Array u8 (sz 168)) v_K) - in - let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in - xof_state, hax_temp_output - <: - (Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 168)) v_K) - -let squeeze_three_blocks (v_K: usize) (xof_state: Libcrux_sha3.X4.t_Shake128StateX4) = - let tmp0, out1:(Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_sha3.X4.impl__Shake128StateX4__squeeze_blocks (sz 504) v_K xof_state - in - let xof_state:Libcrux_sha3.X4.t_Shake128StateX4 = tmp0 in - let (output: t_Array (t_Array u8 (sz 504)) v_K):t_Array (t_Array u8 (sz 504)) v_K = out1 in - let out:t_Array (t_Array u8 (sz 504)) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 504) <: t_Array u8 (sz 504)) v_K - in - let out:t_Array (t_Array u8 (sz 504)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - out - (fun out i -> - let out:t_Array (t_Array u8 (sz 504)) v_K = out in - let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (output.[ i ] <: t_Array u8 (sz 504)) - <: - t_Array (t_Array u8 (sz 504)) v_K) - in - let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in - xof_state, hax_temp_output - <: - (Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 504)) v_K) - -let absorb (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_K =. sz 2 <: bool) || (v_K =. sz 3 <: bool) || (v_K =. sz 4 <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: K == 2 || K == 3 || K == 4" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - let state:Libcrux_sha3.X4.t_Shake128StateX4 = Libcrux_sha3.X4.impl__Shake128StateX4__new () in - let (data: t_Array (t_Slice u8) v_K):t_Array (t_Slice u8) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.unsize (let list = [0uy] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice u8) - v_K - in - let data:t_Array (t_Slice u8) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - data - (fun data i -> - let data:t_Array (t_Slice u8) v_K = data in - let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize data - i - (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) - <: - t_Array (t_Slice u8) v_K) - in - let state:Libcrux_sha3.X4.t_Shake128StateX4 = - Libcrux_sha3.X4.impl__Shake128StateX4__absorb_final v_K state data - in - state diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 78f3192cc..6c37b4454 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -3,31 +3,55 @@ module Libcrux_ml_kem.Hash_functions open Core open FStar.Mul +/// Abstraction for the hashing, to pick the fastest version depending on the +/// platform features available. +/// There are 3 instantiations of this trait right now, using the libcrux-sha3 crate. +/// - AVX2 +/// - NEON +/// - Portable +class t_Hash (v_Self: Type) (v_K: usize) = { + f_G_pre:t_Slice u8 -> bool; + f_G_post:t_Slice u8 -> t_Array u8 (sz 64) -> bool; + f_G:x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); + f_H_pre:t_Slice u8 -> bool; + f_H_post:t_Slice u8 -> t_Array u8 (sz 32) -> bool; + f_H:x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); + f_PRF_pre:v_LEN: usize -> t_Slice u8 -> bool; + f_PRF_post:v_LEN: usize -> t_Slice u8 -> t_Array u8 v_LEN -> bool; + f_PRF:v_LEN: usize -> x0: t_Slice u8 + -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); + f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> bool; + f_PRFxN_post:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> t_Array (t_Array u8 v_LEN) v_K + -> bool; + f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K + -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) + (f_PRFxN_pre v_LEN x0) + (fun result -> f_PRFxN_post v_LEN x0 result); + f_shake128_init_absorb_pre:t_Array (t_Array u8 (sz 34)) v_K -> bool; + f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> bool; + f_shake128_init_absorb:x0: t_Array (t_Array u8 (sz 34)) v_K + -> Prims.Pure v_Self + (f_shake128_init_absorb_pre x0) + (fun result -> f_shake128_init_absorb_post x0 result); + f_shake128_squeeze_three_blocks_pre:v_Self -> bool; + f_shake128_squeeze_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + -> bool; + f_shake128_squeeze_three_blocks:x0: v_Self + -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + (f_shake128_squeeze_three_blocks_pre x0) + (fun result -> f_shake128_squeeze_three_blocks_post x0 result); + f_shake128_squeeze_block_pre:v_Self -> bool; + f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> bool; + f_shake128_squeeze_block:x0: v_Self + -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) + (f_shake128_squeeze_block_pre x0) + (fun result -> f_shake128_squeeze_block_post x0 result) +} + +/// The SHA3 block size. let v_BLOCK_SIZE: usize = sz 168 +/// The size of 3 SHA3 blocks. let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 - -/// Free the memory of the state. -/// **NOTE:** That this needs to be done manually for now. -val free_state (xof_state: Libcrux_sha3.X4.t_Shake128StateX4) - : Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) - -val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) - -val v_PRF (v_LEN: usize) (input: t_Slice u8) - : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) - -val squeeze_block (v_K: usize) (xof_state: Libcrux_sha3.X4.t_Shake128StateX4) - : Prims.Pure (Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 168)) v_K) - Prims.l_True - (fun _ -> Prims.l_True) - -val squeeze_three_blocks (v_K: usize) (xof_state: Libcrux_sha3.X4.t_Shake128StateX4) - : Prims.Pure (Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 504)) v_K) - Prims.l_True - (fun _ -> Prims.l_True) - -val absorb (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) - : Prims.Pure Libcrux_sha3.X4.t_Shake128StateX4 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst similarity index 53% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.fst rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index c0f4a994a..9b5b0ea1c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -1,10 +1,14 @@ -module Libcrux_ml_kem +module Libcrux_ml_kem.Ind_cca #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul let serialize_kem_secret_key - (v_SERIALIZED_KEY_LEN: usize) + (v_K v_SERIALIZED_KEY_LEN: usize) + (#v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key public_key implicit_rejection_value: t_Slice u8) = let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in @@ -71,7 +75,7 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.v_H public_key + (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H v_K public_key <: t_Array u8 (sz 32)) <: @@ -106,16 +110,86 @@ let serialize_kem_secret_key in out +let validate_public_key_generic + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE + v_K + (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + in + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + deserialized_pk + (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + in + public_key =. public_key_serialized + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Rust_primitives.Hax.Control_flow_monad.Mexception.run (if + true && true && (Libcrux_platform.Platform.simd256_support () <: bool) + then + let! hoist2:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow_Break + (validate_public_key_generic v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key) + <: + Core.Ops.Control_flow.t_ControlFlow bool Rust_primitives.Hax.t_Never + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist2) + <: + Core.Ops.Control_flow.t_ControlFlow bool bool + else + Core.Ops.Control_flow.ControlFlow_Continue + (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) + then + validate_public_key_generic v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + <: + bool + else + validate_public_key_generic v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + <: + bool) + <: + Core.Ops.Control_flow.t_ControlFlow bool bool) + let decapsulate_generic (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Libcrux_ml_kem.Types.impl_12__split_at v_SECRET_KEY_SIZE secret_key v_CPA_SECRET_KEY_SIZE + Libcrux_ml_kem.Types.impl_12__split_at v_SECRET_KEY_SIZE private_key v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at secret_key v_PUBLIC_KEY_SIZE @@ -153,7 +227,7 @@ let decapsulate_generic t_Slice u8) in let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_G v_K (Rust_primitives.unsize to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) @@ -181,7 +255,7 @@ let decapsulate_generic t_Slice u8) in let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.v_PRF (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_PRF v_K (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE @@ -201,33 +275,65 @@ let decapsulate_generic let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - if Libcrux_platform.Platform.simd256_support () - then - decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE secret_key ciphertext - else - if Libcrux_platform.Platform.simd128_support () - then - decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE secret_key ciphertext - else - decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE secret_key ciphertext + Rust_primitives.Hax.Control_flow_monad.Mexception.run (if + true && true && (Libcrux_platform.Platform.simd256_support () <: bool) + then + let! hoist3:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow_Break + (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext) + <: + Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) Rust_primitives.Hax.t_Never + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist3) + <: + Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)) + else + Core.Ops.Control_flow.ControlFlow_Continue + (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) + then + let! hoist4:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow_Break + (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext) + <: + Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) Rust_primitives.Hax.t_Never + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist4) + <: + Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)) + else + Core.Ops.Control_flow.ControlFlow_Continue + (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext + <: + t_Array u8 (sz 32)) + <: + Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32))) + <: + Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) + (Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)))) let encapsulate_generic (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = @@ -247,8 +353,8 @@ let encapsulate_generic Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.v_H (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice - v_PUBLIC_KEY_SIZE + (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H v_K + (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -262,7 +368,7 @@ let encapsulate_generic t_Slice u8) in let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_G v_K (Rust_primitives.unsize to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) @@ -292,63 +398,72 @@ let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = - if Libcrux_platform.Platform.simd256_support () - then - encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN - v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness - else - if Libcrux_platform.Platform.simd128_support () - then - encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN - v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness - else - encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN - v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness - -let validate_public_key_generic - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE - v_K - (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } + Rust_primitives.Hax.Control_flow_monad.Mexception.run (if + true && true && (Libcrux_platform.Platform.simd256_support () <: bool) + then + let! hoist5:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow_Break + (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + public_key randomness) <: - Core.Ops.Range.t_RangeTo usize ] + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Rust_primitives.Hax.t_Never + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist5) <: - t_Slice u8) - in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - deserialized_pk - (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } - <: - Core.Ops.Range.t_RangeFrom usize ] + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + else + Core.Ops.Control_flow.ControlFlow_Continue + (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) + then + let! hoist6:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow_Break + (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + public_key randomness) + <: + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Rust_primitives.Hax.t_Never + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist6) + <: + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + else + Core.Ops.Control_flow.ControlFlow_Continue + (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + public_key randomness + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))) + <: + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))) <: - t_Slice u8) - in - public_key =. public_key_serialized - -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - if Libcrux_platform.Platform.simd256_support () - then validate_public_key_generic v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE public_key - else validate_public_key_generic v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE public_key + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)))) let generate_keypair_generic (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (ind_cpa_keypair_randomness implicit_rejection_value: t_Slice u8) = let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & @@ -362,7 +477,8 @@ let generate_keypair_generic ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_kem_secret_key v_PRIVATE_KEY_SIZE + serialize_kem_secret_key v_K + v_PRIVATE_KEY_SIZE (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) (Rust_primitives.unsize public_key <: t_Slice u8) implicit_rejection_value @@ -381,51 +497,68 @@ let generate_keypair usize) (randomness: t_Array u8 (sz 64)) = - let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - if Libcrux_platform.Platform.simd256_support () - then - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value - else - if Libcrux_platform.Platform.simd128_support () - then - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value - else - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + if true && true && Libcrux_platform.Platform.simd256_support () + then + let! hoist7:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow_Break + (generate_keypair_generic v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + ind_cpa_keypair_randomness + implicit_rejection_value) + <: + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Rust_primitives.Hax.t_Never + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist7) + <: + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + else + Core.Ops.Control_flow.ControlFlow_Continue + (if false && false && Libcrux_platform.Platform.simd128_support () + then + generate_keypair_generic v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + ind_cpa_keypair_randomness + implicit_rejection_value + else + generate_keypair_generic v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + ind_cpa_keypair_randomness + implicit_rejection_value) + <: + Core.Ops.Control_flow.t_ControlFlow + (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti similarity index 82% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.fsti rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 04d135f5d..0b669d301 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -1,8 +1,10 @@ -module Libcrux_ml_kem +module Libcrux_ml_kem.Ind_cca #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul +/// An ML-KEM shared secret. +/// A byte array of size [`SHARED_SECRET_SIZE`]. unfold let t_MlKemSharedSecret = t_Array u8 (sz 32) @@ -16,31 +18,47 @@ let v_KEY_GENERATION_SEED_SIZE: usize = /// Serialize the secret key. val serialize_kem_secret_key - (v_SERIALIZED_KEY_LEN: usize) + (v_K v_SERIALIZED_KEY_LEN: usize) + (#v_Hasher: Type) + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key public_key implicit_rejection_value: t_Slice u8) : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) +val validate_public_key_generic + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + val decapsulate_generic (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) val encapsulate_generic (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) @@ -56,23 +74,12 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -val validate_public_key_generic - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - val generate_keypair_generic (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (ind_cpa_keypair_randomness implicit_rejection_value: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 40d746788..97b66b4f4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -39,20 +39,24 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = let sample_ring_element_cbd (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) = let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let domain_separator, error_1_, prf_input:(u8 & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - t_Array u8 (sz 33)) = + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K @@ -61,63 +65,78 @@ let sample_ring_element_cbd Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, error_1_, prf_input - <: - (u8 & t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - t_Array u8 (sz 33))) + (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> - let domain_separator, error_1_, prf_input:(u8 & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - t_Array u8 (sz 33)) = - temp_0_ - in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in let i:usize = i in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input - (sz 32) - domain_separator + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] + <: + t_Array u8 (sz 33)) + (sz 32) + domain_separator + <: + t_Array u8 (sz 33)) in let domain_separator:u8 = domain_separator +! 1uy in - let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) - in + domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + in + let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array + (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = + Libcrux_ml_kem.Hash_functions.f_PRFxN v_K v_ETA2_RANDOMNESS_SIZE prf_inputs + in + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + error_1_ + (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ - i - (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 - (Rust_primitives.unsize prf_output <: t_Slice u8) - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + error_1_ in - domain_separator, error_1_, prf_input + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ + i + (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) + <: + t_Slice u8) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: - (u8 & t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - t_Array u8 (sz 33))) - in - let hax_temp_output:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - error_1_ + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in - prf_input, domain_separator, hax_temp_output + error_1_, domain_separator <: - (t_Array u8 (sz 33) & u8 & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) = let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K @@ -126,41 +145,63 @@ let sample_vector_cbd_then_ntt Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, prf_input, re_as_ntt - <: - (u8 & t_Array u8 (sz 33) & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> - let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - temp_0_ - in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in let i:usize = i in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input - (sz 32) - domain_separator + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] + <: + t_Array u8 (sz 33)) + (sz 32) + domain_separator + <: + t_Array u8 (sz 33)) in let domain_separator:u8 = domain_separator +! 1uy in - let (prf_output: t_Array u8 v_ETA_RANDOMNESS_SIZE):t_Array u8 v_ETA_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.v_PRF v_ETA_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) + domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + in + let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array + (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = + Libcrux_ml_kem.Hash_functions.f_PRFxN v_K v_ETA_RANDOMNESS_SIZE prf_inputs + in + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + re_as_ntt + (fun re_as_ntt i -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt in - let r:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA - (Rust_primitives.unsize prf_output <: t_Slice u8) + let i:usize = i in + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt + i + (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA + (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) + <: + t_Slice u8) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt i - (Libcrux_ml_kem.Ntt.ntt_binomially_sampled_ring_element r + (Libcrux_ml_kem.Ntt.ntt_binomially_sampled_ring_element (re_as_ntt.[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - domain_separator, prf_input, re_as_ntt - <: - (u8 & t_Array u8 (sz 33) & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + re_as_ntt) in re_as_ntt, domain_separator <: @@ -171,9 +212,9 @@ let compress_then_serialize_u (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (out: t_Slice u8) = - let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let out:t_Array u8 v_OUT_LEN = + let out, hax_temp_output:t_Slice u8 = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Iter.Traits.Collect.f_into_iter input <: @@ -189,7 +230,7 @@ let compress_then_serialize_u )) out (fun out temp_1_ -> - let out:t_Array u8 v_OUT_LEN = out in + let out:t_Slice u8 = out in let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = temp_1_ in @@ -221,7 +262,7 @@ let compress_then_serialize_u <: t_Slice u8) <: - t_Array u8 v_OUT_LEN) + t_Slice u8) in out @@ -232,10 +273,12 @@ let deserialize_then_decompress_u (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun temp_0_ -> + let _:usize = temp_0_ in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate @@ -259,14 +302,19 @@ let deserialize_then_decompress_u u_as_ntt in let i, u_bytes:(usize & t_Slice u8) = temp_1_ in - let u:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR - u_bytes + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt + i + (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR + u_bytes + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i - (Libcrux_ml_kem.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR u + (Libcrux_ml_kem.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR + (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -277,8 +325,11 @@ let deserialize_then_decompress_u let encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: t_Slice u8) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) @@ -309,18 +360,17 @@ let encrypt u8) = sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy in - let tmp0, tmp1, out:(t_Array u8 (sz 33) & u8 & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = + let error_1_, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator in - let prf_input:t_Array u8 (sz 33) = tmp0 in - let domain_separator:u8 = tmp1 in - let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = out in let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator in let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE + Libcrux_ml_kem.Hash_functions.f_PRF v_K + v_ETA2_RANDOMNESS_SIZE (Rust_primitives.unsize prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -340,26 +390,34 @@ let encrypt error_2_ message_as_ring_element in - let c1:t_Array u8 v_C1_LEN = - compress_then_serialize_u v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u - in - let c2:t_Array u8 v_C2_LEN = - Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR - v_C2_LEN - v - in - let (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE):t_Array u8 v_CIPHERTEXT_SIZE = - into_padded_array v_CIPHERTEXT_SIZE (Rust_primitives.unsize c1 <: t_Slice u8) + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize) + (compress_then_serialize_u v_K + v_C1_LEN + v_U_COMPRESSION_FACTOR + v_BLOCK_LEN + u + (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + <: + t_Slice u8) in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } - <: - Core.Ops.Range.t_RangeFrom usize ] + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR + v_C2_LEN + v + (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Core.Array.impl_23__as_slice v_C2_LEN c2 <: t_Slice u8) <: t_Slice u8) in @@ -372,10 +430,12 @@ let deserialize_secret_key (secret_key: t_Slice u8) = let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun temp_0_ -> + let _:usize = temp_0_ in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate @@ -550,11 +610,14 @@ let serialize_public_key let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) = - let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.v_G key_generation_seed in + let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G v_K key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index cc1e41340..ca613d980 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -10,13 +10,12 @@ val into_padded_array (v_LEN: usize) (slice: t_Slice u8) /// Sample a vector of ring elements from a centered binomial distribution. val sample_ring_element_cbd (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) - : Prims.Pure - (t_Array u8 (sz 33) & u8 & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) Prims.l_True (fun _ -> Prims.l_True) @@ -24,8 +23,9 @@ val sample_ring_element_cbd /// convert them into their NTT representations. val sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) @@ -38,7 +38,8 @@ val compress_then_serialize_u (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. @@ -89,8 +90,9 @@ val deserialize_then_decompress_u val encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_Slice u8) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) @@ -186,8 +188,9 @@ val serialize_public_key val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_generation_seed: t_Slice u8) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst new file mode 100644 index 000000000..68da4db0b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -0,0 +1,314 @@ +module Libcrux_ml_kem.Invert_ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let inv_ntt_layer_int_vec_step_reduce + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (a b: v_Vector) + (zeta_r: i16) + = + let a_minus_b:v_Vector = Libcrux_traits.f_sub b a in + let a:v_Vector = Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add a b <: v_Vector) in + let b:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer a_minus_b zeta_r in + a, b <: (v_Vector & v_Vector) + +let invert_ntt_at_layer_1_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer: usize) + = + let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i -! sz 1 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + round + (Libcrux_traits.f_inv_ntt_layer_1_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ + round ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize + ] + <: + i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 2 <: usize + ] + <: + i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 3 <: usize + ] + <: + i16) + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let zeta_i:usize = zeta_i -! sz 3 in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + in + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let invert_ntt_at_layer_2_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer: usize) + = + let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i -! sz 1 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + round + (Libcrux_traits.f_inv_ntt_layer_2_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ + round ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize + ] + <: + i16) + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let zeta_i:usize = zeta_i -! sz 1 in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + in + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let invert_ntt_at_layer_3_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer: usize) + = + let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i -! sz 1 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + round + (Libcrux_traits.f_inv_ntt_layer_3_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ + round ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + in + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let invert_ntt_at_layer_4_plus + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (layer: usize) + = + let step:usize = sz 1 <>! layer <: usize + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i -! sz 1 in + let offset:usize = (round *! step <: usize) *! sz 2 in + let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset_vec; + Core.Ops.Range.f_end = offset_vec +! step_vec <: usize + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + re + (fun re j -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let j:usize = j in + let x, y:(v_Vector & v_Vector) = + inv_ntt_layer_int_vec_step_reduce (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ + j ] + <: + v_Vector) + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + j + x + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + (j +! step_vec <: usize) + y + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + re) + in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + in + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let invert_ntt_montgomery + (v_K: usize) + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + = + let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_1_ zeta_i re (sz 1) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_2_ zeta_i re (sz 2) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_3_ zeta_i re (sz 3) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_4_plus zeta_i re (sz 4) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_4_plus zeta_i re (sz 5) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_4_plus zeta_i re (sz 6) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + invert_ntt_at_layer_4_plus zeta_i re (sz 7) + in + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + = + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + <: + (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti new file mode 100644 index 000000000..a000597eb --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -0,0 +1,60 @@ +module Libcrux_ml_kem.Invert_ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val inv_ntt_layer_int_vec_step_reduce + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (a b: v_Vector) + (zeta_r: i16) + : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_1_ + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_2_ + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_3_ + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_4_plus + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (layer: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val invert_ntt_montgomery + (v_K: usize) + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 43ac4b277..f12b7df16 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -13,10 +13,12 @@ let compute_As_plus_e t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate @@ -91,10 +93,10 @@ let compute_As_plus_e let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce (error_as_ntt.[ i ] + (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -102,49 +104,6 @@ let compute_As_plus_e in result -let compute_message - (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (secret_as_ntt u_as_ntt: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - = - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () - in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - result - (fun result i -> - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let i:usize = i in - let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply (secret_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K result product - in - result) - in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Ntt.invert_ntt_montgomery v_K result - in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__subtract_reduce v result - in - result - let compute_ring_element_v (v_K: usize) (#v_Vector: Type) @@ -180,7 +139,7 @@ let compute_ring_element_v result) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Ntt.invert_ntt_montgomery v_K result + Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce error_2_ message result @@ -196,10 +155,12 @@ let compute_vector_u (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate @@ -274,7 +235,7 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Ntt.invert_ntt_montgomery v_K + (Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -282,10 +243,10 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_error_reduce (error_1_.[ i ] + (Libcrux_ml_kem.Polynomial.impl__add_error_reduce (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (error_1_.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -293,22 +254,72 @@ let compute_vector_u in result -let sample_matrix_A +let compute_message (v_K: usize) (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (secret_as_ntt u_as_ntt: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + = + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Polynomial.impl__ZERO () + in + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let i:usize = i in + let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Polynomial.impl__ntt_multiply (secret_as_ntt.[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K result product + in + result) + in + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K result + in + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Polynomial.impl__subtract_reduce v result + in + result + +let sample_matrix_A + (v_K: usize) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (seed: t_Array u8 (sz 34)) (transpose: bool) = let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K + Core.Array.from_fn v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -368,21 +379,28 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Iter.Traits.Collect.f_into_iter sampled + <: + Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) <: - Core.Ops.Range.t_Range usize) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) <: - Core.Ops.Range.t_Range usize) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) v_A_transpose - (fun v_A_transpose j -> + (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A_transpose in - let j:usize = j in + let j, sample:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_1_ + in if transpose then let v_A_transpose:t_Array @@ -395,9 +413,7 @@ let sample_matrix_A t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K ) i - (sampled.[ j ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + sample <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in @@ -413,9 +429,7 @@ let sample_matrix_A t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K ) j - (sampled.[ j ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + sample <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 15f8cb746..959f17ca0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -16,21 +16,6 @@ val compute_As_plus_e Prims.l_True (fun _ -> Prims.l_True) -/// The following functions compute various expressions involving -/// vectors and matrices. The computation of these expressions has been -/// abstracted away into these functions in order to save on loop iterations. -/// Compute v − InverseNTT(sᵀ ◦ NTT(u)) -val compute_message - (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (secret_as_ntt u_as_ntt: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True - (fun _ -> Prims.l_True) - /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message val compute_ring_element_v (v_K: usize) @@ -54,10 +39,26 @@ val compute_vector_u Prims.l_True (fun _ -> Prims.l_True) -val sample_matrix_A +/// The following functions compute various expressions involving +/// vectors and matrices. The computation of these expressions has been +/// abstracted away into these functions in order to save on loop iterations. +/// Compute v − InverseNTT(sᵀ ◦ NTT(u)) +val compute_message (v_K: usize) (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} + (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (secret_as_ntt u_as_ntt: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val sample_matrix_A + (v_K: usize) + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (seed: t_Array u8 (sz 34)) (transpose: bool) : Prims.Pure diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst similarity index 59% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber1024.fst rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index 7d512c222..c7a2eaafa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -1,25 +1,19 @@ -module Libcrux_ml_kem.Kyber1024 +module Libcrux_ml_kem.Mlkem1024 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul let decapsulate - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) secret_key ciphertext - -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) - (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if - Libcrux_ml_kem.validate_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.validate_public_key (sz 4) (sz 1536) (sz 1568) public_key.Libcrux_ml_kem.Types.f_value @@ -32,8 +26,15 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) + (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.generate_keypair (sz 4) + Libcrux_ml_kem.Ind_cca.generate_keypair (sz 4) (sz 1536) (sz 3168) (sz 1568) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti similarity index 80% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber1024.fsti rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 608268fbc..34785554b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -1,4 +1,4 @@ -module Libcrux_ml_kem.Kyber1024 +module Libcrux_ml_kem.Mlkem1024 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -62,22 +62,37 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ +/// An ML-KEM 1024 Ciphertext unfold let t_MlKem1024Ciphertext = Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) +/// An ML-KEM 1024 Private key unfold let t_MlKem1024PrivateKey = Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) -unfold -let t_MlKem1024PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) - /// Decapsulate ML-KEM 1024 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// An ML-KEM 1024 Public key +unfold +let t_MlKem1024PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. val encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) @@ -85,14 +100,14 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) +/// Am ML-KEM 1024 Key pair +unfold +let t_MlKem1024KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) /// Generate ML-KEM 1024 Key Pair +/// Generate an ML-KEM key pair. The input is a byte array of size +/// [`KEY_GENERATION_SEED_SIZE`]. +/// This function returns an [`MlKem1024KeyPair`]. val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst similarity index 59% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber512.fst rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 3f26eaa91..520065dfa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -1,25 +1,18 @@ -module Libcrux_ml_kem.Kyber512 +module Libcrux_ml_kem.Mlkem512 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul let decapsulate - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) - (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) secret_key ciphertext - -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) - (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if - Libcrux_ml_kem.validate_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.validate_public_key (sz 2) (sz 768) (sz 800) public_key.Libcrux_ml_kem.Types.f_value @@ -30,8 +23,15 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 8 else Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) + (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.generate_keypair (sz 2) + Libcrux_ml_kem.Ind_cca.generate_keypair (sz 2) (sz 768) (sz 1632) (sz 800) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti similarity index 80% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber512.fsti rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index 15bf68470..da84a9270 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -1,4 +1,4 @@ -module Libcrux_ml_kem.Kyber512 +module Libcrux_ml_kem.Mlkem512 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -62,22 +62,37 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +/// An ML-KEM 512 Ciphertext unfold let t_MlKem512Ciphertext = Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) +/// An ML-KEM 512 Private key unfold let t_MlKem512PrivateKey = Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) -unfold -let t_MlKem512PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) - /// Decapsulate ML-KEM 512 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// An ML-KEM 512 Public key +unfold +let t_MlKem512PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. val encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) @@ -85,14 +100,14 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) +/// Am ML-KEM 512 Key pair +unfold +let t_MlKem512KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) /// Generate ML-KEM 512 Key Pair +/// Generate an ML-KEM key pair. The input is a byte array of size +/// [`KEY_GENERATION_SEED_SIZE`]. +/// This function returns an [`MlKem512KeyPair`]. val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst similarity index 59% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber768.fst rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 3a5a5d92c..dd9dd13cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -1,25 +1,19 @@ -module Libcrux_ml_kem.Kyber768 +module Libcrux_ml_kem.Mlkem768 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul let decapsulate - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) secret_key ciphertext - -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) - (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if - Libcrux_ml_kem.validate_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.validate_public_key (sz 3) (sz 1152) (sz 1184) public_key.Libcrux_ml_kem.Types.f_value @@ -32,8 +26,15 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) + (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.generate_keypair (sz 3) + Libcrux_ml_kem.Ind_cca.generate_keypair (sz 3) (sz 1152) (sz 2400) (sz 1184) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti similarity index 80% rename from libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber768.fsti rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index d9cfee6b4..06774d878 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Kyber768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -1,4 +1,4 @@ -module Libcrux_ml_kem.Kyber768 +module Libcrux_ml_kem.Mlkem768 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -62,22 +62,37 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ +/// An ML-KEM 768 Ciphertext unfold let t_MlKem768Ciphertext = Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) +/// An ML-KEM 768 Private key unfold let t_MlKem768PrivateKey = Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) -unfold -let t_MlKem768PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) - /// Decapsulate ML-KEM 768 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (secret_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// An ML-KEM 768 Public key +unfold +let t_MlKem768PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. val encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) @@ -85,14 +100,14 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) +/// Am ML-KEM 768 Key pair +unfold +let t_MlKem768KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) /// Generate ML-KEM 768 Key Pair +/// Generate an ML-KEM key pair. The input is a byte array of size +/// [`KEY_GENERATION_SEED_SIZE`]. +/// This function returns an [`MlKem768KeyPair`]. val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 96bd2a256..228560bc0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -3,131 +3,440 @@ module Libcrux_ml_kem.Ntt open Core open FStar.Mul -let invert_ntt_montgomery - (v_K: usize) +let ntt_layer_int_vec_step (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (a b: v_Vector) + (zeta_r: i16) + = + let t:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer b zeta_r in + let b:v_Vector = Libcrux_traits.f_sub a t in + let a:v_Vector = Libcrux_traits.f_add a t in + a, b <: (v_Vector & v_Vector) + +let ntt_at_layer_1_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer v__initial_coefficient_bound: usize) = - let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_1_ zeta_i re (sz 1) - in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_2_ zeta_i re (sz 2) + let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + round + (Libcrux_traits.f_ntt_layer_1_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round + ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize + ] + <: + i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 2 <: usize + ] + <: + i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 3 <: usize + ] + <: + i16) + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let zeta_i:usize = zeta_i +! sz 3 in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_3_plus zeta_i re (sz 3) + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let ntt_at_layer_2_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer v__initial_coefficient_bound: usize) + = + let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + round + (Libcrux_traits.f_ntt_layer_2_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round + ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize + ] + <: + i16) + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let zeta_i:usize = zeta_i +! sz 1 in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_3_plus zeta_i re (sz 4) + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let ntt_at_layer_3_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer v__initial_coefficient_bound: usize) + = + let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + round + (Libcrux_traits.f_ntt_layer_3_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round + ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_3_plus zeta_i re (sz 5) + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let ntt_at_layer_4_plus + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (layer v__initial_coefficient_bound: usize) + = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.(layer >=. sz 4 <: bool) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: layer >= 4" + <: + Rust_primitives.Hax.t_Never) + in + () in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_3_plus zeta_i re (sz 6) + let step:usize = sz 1 <>! layer <: usize + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in + let offset:usize = (round *! step <: usize) *! sz 2 in + let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset_vec; + Core.Ops.Range.f_end = offset_vec +! step_vec <: usize + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + re + (fun re j -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let j:usize = j in + let x, y:(v_Vector & v_Vector) = + ntt_layer_int_vec_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] + <: + v_Vector) + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] + <: + v_Vector) + (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + j + x + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + (j +! step_vec <: usize) + y + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + re) + in + re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.invert_ntt_at_layer_3_plus zeta_i re (sz 7) + zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +let ntt_at_layer_7_ + (#v_Vector: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + = + let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in + let re, hax_temp_output:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = step + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + re + (fun re j -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let j:usize = j in + let t:v_Vector = + Libcrux_traits.f_multiply_by_constant (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! + step + <: + usize ] + <: + v_Vector) + (-1600s) + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + (j +! step <: usize) + (Libcrux_traits.f_sub (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector + ) + t + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + j + (Libcrux_traits.f_add (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector + ) + t + <: + v_Vector) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + re) in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + re -let ntt_vector_u - (v_VECTOR_U_COMPRESSION_FACTOR: usize) +let ntt_binomially_sampled_ring_element (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let zeta_i:usize = sz 0 in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 7) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = ntt_at_layer_7_ re in + let zeta_i:usize = sz 1 in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 6) (sz 3) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 6) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 5) (sz 3) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 5) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 4) (sz 3) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 4) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_3_ zeta_i re (sz 3) (sz 3) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 3) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_2_ zeta_i re (sz 2) (sz 3) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_2_ zeta_i re (sz 2) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_1_ zeta_i re (sz 1) (sz 3) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_1_ zeta_i re (sz 1) (sz 3328) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + = + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + <: + (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + re -let ntt_binomially_sampled_ring_element +let ntt_vector_u + (v_VECTOR_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.ntt_at_layer_7_ re + let zeta_i:usize = sz 0 in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 7) (sz 3328) in - let zeta_i:usize = sz 1 in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 6) (sz 3) + let zeta_i:usize = tmp0 in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 6) (sz 3328) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 5) (sz 3) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 5) (sz 3328) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 4) (sz 3) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_4_plus zeta_i re (sz 4) (sz 3328) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_3_plus zeta_i re (sz 3) (sz 3) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_3_ zeta_i re (sz 3) (sz 3328) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_2_ zeta_i re (sz 2) (sz 3) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_2_ zeta_i re (sz 2) (sz 3328) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - let tmp0, out:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - Libcrux_ml_kem.Polynomial.ntt_at_layer_1_ zeta_i re (sz 1) (sz 3) + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + ntt_at_layer_1_ zeta_i re (sz 1) (sz 3328) in let zeta_i:usize = tmp0 in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = out in - Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in + let _:Prims.unit = () in + let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + = + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + <: + (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 4adc978ce..8d23fbd07 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -3,24 +3,54 @@ module Libcrux_ml_kem.Ntt open Core open FStar.Mul -/// Use the Gentleman-Sande butterfly to invert, in-place, the NTT representation -/// of a `KyberPolynomialRingElement`. The coefficients of the output -/// ring element are in the Montgomery domain. -val invert_ntt_montgomery - (v_K: usize) +val ntt_layer_int_vec_step (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} + (a b: v_Vector) + (zeta_r: i16) + : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +val ntt_at_layer_1_ + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer v__initial_coefficient_bound: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -/// Use the Cooley–Tukey butterfly to compute an in-place NTT representation -/// of a `KyberPolynomialRingElement`. -/// This function operates on the ring element that partly constitutes -/// the ciphertext. -val ntt_vector_u - (v_VECTOR_U_COMPRESSION_FACTOR: usize) +val ntt_at_layer_2_ + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer v__initial_coefficient_bound: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_at_layer_3_ + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (v__layer v__initial_coefficient_bound: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_at_layer_4_plus + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (zeta_i: usize) + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (layer v__initial_coefficient_bound: usize) + : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_at_layer_7_ (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -28,11 +58,6 @@ val ntt_vector_u Prims.l_True (fun _ -> Prims.l_True) -/// Use the Cooley–Tukey butterfly to compute an in-place NTT representation -/// of a `KyberPolynomialRingElement`. -/// This function operates only on those which were produced by binomial -/// sampling, and thus those which have small coefficients. The small -/// coefficients let us skip the first round of Montgomery reductions. val ntt_binomially_sampled_ring_element (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} @@ -40,3 +65,12 @@ val ntt_binomially_sampled_ring_element : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +val ntt_vector_u + (v_VECTOR_U_COMPRESSION_FACTOR: usize) + (#v_Vector: Type) + {| i1: Libcrux_traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 34cf069b5..3644f27f6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -3,53 +3,21 @@ module Libcrux_ml_kem.Polynomial open Core open FStar.Mul -let inv_ntt_layer_int_vec_step - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (a b: v_Vector) - (zeta_r: i32) - = - let a_minus_b:v_Vector = Libcrux_traits.f_sub b a in - let a:v_Vector = Libcrux_traits.f_add a b in - let b:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer a_minus_b zeta_r in - a, b <: (v_Vector & v_Vector) - -let ntt_layer_7_int_vec_step - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (a b: v_Vector) - = - let t:v_Vector = Libcrux_traits.f_multiply_by_constant b (-1600l) in - let b:v_Vector = Libcrux_traits.f_sub a t in - let a:v_Vector = Libcrux_traits.f_add a t in - a, b <: (v_Vector & v_Vector) - -let ntt_layer_int_vec_step - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (a b: v_Vector) - (zeta_r: i32) - = - let t:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer b zeta_r in - let b:v_Vector = Libcrux_traits.f_sub a t in - let a:v_Vector = Libcrux_traits.f_add a t in - a, b <: (v_Vector & v_Vector) - let impl__ZERO (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (_: Prims.unit) = - { f_coefficients = Rust_primitives.Hax.repeat (Libcrux_traits.f_ZERO () <: v_Vector) (sz 32) } + { f_coefficients = Rust_primitives.Hax.repeat (Libcrux_traits.f_ZERO () <: v_Vector) (sz 16) } <: t_PolynomialRingElement v_Vector let impl__add_error_reduce (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) - (self result: t_PolynomialRingElement v_Vector) + (self error: t_PolynomialRingElement v_Vector) = - let result:t_PolynomialRingElement v_Vector = + let self, hax_temp_output:t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT @@ -58,28 +26,23 @@ let impl__add_error_reduce Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - result - (fun result j -> - let result:t_PolynomialRingElement v_Vector = result in + self + (fun self j -> + let self:t_PolynomialRingElement v_Vector = self in let j:usize = j in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_reduce (Libcrux_traits.f_multiply_by_constant (result - .f_coefficients.[ j ] - <: - v_Vector) - 1441l - <: - v_Vector) + Libcrux_traits.f_montgomery_multiply_by_constant (self.f_coefficients.[ j ] <: v_Vector) + 1441s in - let result:t_PolynomialRingElement v_Vector = + let self:t_PolynomialRingElement v_Vector = { - result with + self with f_coefficients = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients j (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form - (self.f_coefficients.[ j ] <: v_Vector) + (error.f_coefficients.[ j ] <: v_Vector) <: v_Vector) <: @@ -88,9 +51,9 @@ let impl__add_error_reduce <: t_PolynomialRingElement v_Vector in - result) + self) in - result + self let impl__add_message_error_reduce (#v_Vector: Type) @@ -111,13 +74,10 @@ let impl__add_message_error_reduce let result:t_PolynomialRingElement v_Vector = result in let i:usize = i in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_reduce (Libcrux_traits.f_multiply_by_constant (result - .f_coefficients.[ i ] - <: - v_Vector) - 1441l + Libcrux_traits.f_montgomery_multiply_by_constant (result.f_coefficients.[ i ] <: v_Vector) + 1441s in let result:t_PolynomialRingElement v_Vector = { @@ -146,9 +106,9 @@ let impl__add_message_error_reduce let impl__add_standard_error_reduce (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) - (self result: t_PolynomialRingElement v_Vector) + (self error: t_PolynomialRingElement v_Vector) = - let result:t_PolynomialRingElement v_Vector = + let self, hax_temp_output:t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT @@ -157,22 +117,22 @@ let impl__add_standard_error_reduce Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - result - (fun result j -> - let result:t_PolynomialRingElement v_Vector = result in + self + (fun self j -> + let self:t_PolynomialRingElement v_Vector = self in let j:usize = j in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_to_standard_domain (result.f_coefficients.[ j ] <: v_Vector) + Libcrux_traits.f_to_standard_domain (self.f_coefficients.[ j ] <: v_Vector) in - let result:t_PolynomialRingElement v_Vector = + let self:t_PolynomialRingElement v_Vector = { - result with + self with f_coefficients = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients j (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form - (self.f_coefficients.[ j ] <: v_Vector) + (error.f_coefficients.[ j ] <: v_Vector) <: v_Vector) <: @@ -181,9 +141,9 @@ let impl__add_standard_error_reduce <: t_PolynomialRingElement v_Vector in - result) + self) in - result + self let impl__add_to_ring_element (#v_Vector: Type) @@ -191,7 +151,7 @@ let impl__add_to_ring_element (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = - let self:t_PolynomialRingElement v_Vector = + let self, hax_temp_output:t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -219,17 +179,17 @@ let impl__add_to_ring_element <: v_Vector) <: - t_Array v_Vector (sz 32) + t_Array v_Vector (sz 16) } <: t_PolynomialRingElement v_Vector) in self -let impl__from_i32_array +let impl__from_i16_array (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) - (a: t_Array i32 (sz 256)) + (a: t_Slice i16) = let result:t_PolynomialRingElement v_Vector = impl__ZERO () in let result:t_PolynomialRingElement v_Vector = @@ -251,29 +211,22 @@ let impl__from_i32_array = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients i - (Libcrux_traits.f_from_i32_array (Core.Result.impl__unwrap (Core.Convert.f_try_into (a.[ - { - Core.Ops.Range.f_start - = - i *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i32) - <: - Core.Result.t_Result (t_Array i32 (sz 8)) Core.Array.t_TryFromSliceError) + (Libcrux_traits.f_from_i16_array (a.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize + } + <: + Core.Ops.Range.t_Range usize ] <: - t_Array i32 (sz 8)) + t_Slice i16) <: v_Vector) <: - t_Array v_Vector (sz 32) + t_Array v_Vector (sz 16) } <: t_PolynomialRingElement v_Vector) @@ -307,16 +260,26 @@ let impl__ntt_multiply i (Libcrux_traits.f_ntt_multiply (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 2 *! i <: usize) <: usize ] <: i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 2 *! i <: usize) <: usize) +! sz 1 + (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 + <: + usize ] + <: + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 + <: + usize ] + <: + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize ] <: - i32) + i16) <: v_Vector) <: - t_Array v_Vector (sz 32) + t_Array v_Vector (sz 16) } <: t_PolynomialRingElement v_Vector) @@ -328,7 +291,7 @@ let impl__poly_barrett_reduce (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) (self: t_PolynomialRingElement v_Vector) = - let self:t_PolynomialRingElement v_Vector = + let self, hax_temp_output:t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT @@ -349,7 +312,7 @@ let impl__poly_barrett_reduce i (Libcrux_traits.f_barrett_reduce (self.f_coefficients.[ i ] <: v_Vector) <: v_Vector) <: - t_Array v_Vector (sz 32) + t_Array v_Vector (sz 16) } <: t_PolynomialRingElement v_Vector) @@ -375,13 +338,8 @@ let impl__subtract_reduce let b:t_PolynomialRingElement v_Vector = b in let i:usize = i in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_reduce (Libcrux_traits.f_multiply_by_constant (b - .f_coefficients.[ i ] - <: - v_Vector) - 1441l - <: - v_Vector) + Libcrux_traits.f_montgomery_multiply_by_constant (b.f_coefficients.[ i ] <: v_Vector) + 1441s in let b:t_PolynomialRingElement v_Vector = { @@ -405,382 +363,3 @@ let impl__subtract_reduce b) in b - -let invert_ntt_at_layer_1_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer: usize) - = - let zeta_i:usize = zeta_i -! sz 1 in - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 32 - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - (re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - round - (Libcrux_traits.f_inv_ntt_layer_1_step (re.f_coefficients.[ round ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] <: i32) - <: - v_Vector) - } - <: - t_PolynomialRingElement v_Vector - in - let zeta_i:usize = zeta_i -! sz 2 in - re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - in - let zeta_i:usize = zeta_i +! sz 1 in - let hax_temp_output:t_PolynomialRingElement v_Vector = re in - zeta_i, hax_temp_output <: (usize & t_PolynomialRingElement v_Vector) - -let invert_ntt_at_layer_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer: usize) - = - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 32 - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - (re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - round - (Libcrux_traits.f_inv_ntt_layer_2_step (re.f_coefficients.[ round ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - <: - v_Vector) - } - <: - t_PolynomialRingElement v_Vector - in - re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - in - let hax_temp_output:t_PolynomialRingElement v_Vector = re in - zeta_i, hax_temp_output <: (usize & t_PolynomialRingElement v_Vector) - -let invert_ntt_at_layer_3_plus - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (layer: usize) - = - let step:usize = sz 1 <>! layer <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - (re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in - let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let re:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - re - (fun re j -> - let re:t_PolynomialRingElement v_Vector = re in - let j:usize = j in - let x, y:(v_Vector & v_Vector) = - inv_ntt_layer_int_vec_step (re.f_coefficients.[ j ] <: v_Vector) - (re.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - j - x - } - <: - t_PolynomialRingElement v_Vector - in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - (j +! step_vec <: usize) - y - } - <: - t_PolynomialRingElement v_Vector - in - re) - in - re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - in - let hax_temp_output:t_PolynomialRingElement v_Vector = re in - zeta_i, hax_temp_output <: (usize & t_PolynomialRingElement v_Vector) - -let ntt_at_layer_1_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer v__initial_coefficient_bound: usize) - = - let zeta_i:usize = zeta_i +! sz 1 in - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 32 - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - (re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - round - (Libcrux_traits.f_ntt_layer_1_step (re.f_coefficients.[ round ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] <: i32) - <: - v_Vector) - } - <: - t_PolynomialRingElement v_Vector - in - let zeta_i:usize = zeta_i +! sz 2 in - re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - in - let zeta_i:usize = zeta_i -! sz 1 in - let hax_temp_output:t_PolynomialRingElement v_Vector = re in - zeta_i, hax_temp_output <: (usize & t_PolynomialRingElement v_Vector) - -let ntt_at_layer_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer v__initial_coefficient_bound: usize) - = - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 32 - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - (re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - round - (Libcrux_traits.f_ntt_layer_2_step (re.f_coefficients.[ round ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - <: - v_Vector) - } - <: - t_PolynomialRingElement v_Vector - in - re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - in - let hax_temp_output:t_PolynomialRingElement v_Vector = re in - zeta_i, hax_temp_output <: (usize & t_PolynomialRingElement v_Vector) - -let ntt_at_layer_3_plus - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (layer v__initial_coefficient_bound: usize) - = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.(layer >=. sz 3 <: bool) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: layer >= 3" - <: - Rust_primitives.Hax.t_Never) - in - () - in - let step:usize = sz 1 <>! layer <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - (re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in - let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let re:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - re - (fun re j -> - let re:t_PolynomialRingElement v_Vector = re in - let j:usize = j in - let x, y:(v_Vector & v_Vector) = - ntt_layer_int_vec_step (re.f_coefficients.[ j ] <: v_Vector) - (re.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - j - x - } - <: - t_PolynomialRingElement v_Vector - in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - (j +! step_vec <: usize) - y - } - <: - t_PolynomialRingElement v_Vector - in - re) - in - re, zeta_i <: (t_PolynomialRingElement v_Vector & usize)) - in - let hax_temp_output:t_PolynomialRingElement v_Vector = re in - zeta_i, hax_temp_output <: (usize & t_PolynomialRingElement v_Vector) - -let ntt_at_layer_7_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) - (re: t_PolynomialRingElement v_Vector) - = - let step:usize = v_VECTORS_IN_RING_ELEMENT /! sz 2 in - let re:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = step - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - re - (fun re j -> - let re:t_PolynomialRingElement v_Vector = re in - let j:usize = j in - let x, y:(v_Vector & v_Vector) = - ntt_layer_7_int_vec_step (re.f_coefficients.[ j ] <: v_Vector) - (re.f_coefficients.[ j +! step <: usize ] <: v_Vector) - in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients j x - } - <: - t_PolynomialRingElement v_Vector - in - let re:t_PolynomialRingElement v_Vector = - { - re with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re.f_coefficients - (j +! step <: usize) - y - } - <: - t_PolynomialRingElement v_Vector - in - re) - in - re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index fe0c5ce7c..3e4da8720 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -3,51 +3,31 @@ module Libcrux_ml_kem.Polynomial open Core open FStar.Mul -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 128) = +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = let list = [ - (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; - 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l); - (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l; - (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l; - 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l; - (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l; - 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l; - (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l); - (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l; - (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l); - (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l + (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; + 962s; (-1202s); (-1474s); 1468s; 573s; (-1325s); 264s; 383s; (-829s); 1458s; (-1602s); (-130s); + (-681s); 1017s; 732s; 608s; (-1542s); 411s; (-205s); (-1571s); 1223s; 652s; (-552s); 1015s; + (-1293s); 1491s; (-282s); (-1544s); 516s; (-8s); (-320s); (-666s); (-1618s); (-1162s); 126s; + 1469s; (-853s); (-90s); (-271s); 830s; 107s; (-1421s); (-247s); (-951s); (-398s); 961s; + (-1508s); (-725s); 448s; (-1065s); 677s; (-1275s); (-1103s); 430s; 555s; 843s; (-1251s); 871s; + 1550s; 105s; 422s; 587s; 177s; (-235s); (-291s); (-460s); 1574s; 1653s; (-246s); 778s; 1159s; + (-147s); (-777s); 1483s; (-602s); 1119s; (-1590s); 644s; (-872s); 349s; 418s; 329s; (-156s); + (-75s); 817s; 1097s; 603s; 610s; 1322s; (-1285s); (-1465s); 384s; (-1215s); (-136s); 1218s; + (-1335s); (-874s); 220s; (-1187s); (-1659s); (-1185s); (-1530s); (-1278s); 794s; (-1510s); + (-854s); (-870s); 478s; (-108s); (-308s); 996s; 991s; 958s; (-1460s); 1522s; 1628s ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); Rust_primitives.Hax.array_of_list 128 list -val inv_ntt_layer_int_vec_step - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (a b: v_Vector) - (zeta_r: i32) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val ntt_layer_7_int_vec_step - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (a b: v_Vector) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val ntt_layer_int_vec_step - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (a b: v_Vector) - (zeta_r: i32) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) - let v_VECTORS_IN_RING_ELEMENT: usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR type t_PolynomialRingElement (v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} = { - f_coefficients:t_Array v_Vector (sz 32) + f_coefficients:t_Array v_Vector (sz 16) } val impl__ZERO: #v_Vector: Type -> {| i1: Libcrux_traits.t_Operations v_Vector |} -> Prims.unit @@ -56,7 +36,7 @@ val impl__ZERO: #v_Vector: Type -> {| i1: Libcrux_traits.t_Operations v_Vector | val impl__add_error_reduce (#v_Vector: Type) {| i2: Libcrux_traits.t_Operations v_Vector |} - (self result: t_PolynomialRingElement v_Vector) + (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_message_error_reduce @@ -68,7 +48,7 @@ val impl__add_message_error_reduce val impl__add_standard_error_reduce (#v_Vector: Type) {| i2: Libcrux_traits.t_Operations v_Vector |} - (self result: t_PolynomialRingElement v_Vector) + (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise @@ -80,10 +60,10 @@ val impl__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__from_i32_array +val impl__from_i16_array (#v_Vector: Type) {| i2: Libcrux_traits.t_Operations v_Vector |} - (a: t_Array i32 (sz 256)) + (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) /// Given two `KyberPolynomialRingElement`s in their NTT representations, @@ -123,60 +103,3 @@ val impl__subtract_reduce {| i2: Libcrux_traits.t_Operations v_Vector |} (self b: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val invert_ntt_at_layer_1_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer: usize) - : Prims.Pure (usize & t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val invert_ntt_at_layer_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer: usize) - : Prims.Pure (usize & t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val invert_ntt_at_layer_3_plus - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (layer: usize) - : Prims.Pure (usize & t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Represents an intermediate polynomial splitting step in the NTT. All -/// resulting coefficients are in the normal domain since the zetas have been -/// multiplied by MONTGOMERY_R. -val ntt_at_layer_1_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer v__initial_coefficient_bound: usize) - : Prims.Pure (usize & t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val ntt_at_layer_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (v__layer v__initial_coefficient_bound: usize) - : Prims.Pure (usize & t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val ntt_at_layer_3_plus - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (zeta_i: usize) - (re: t_PolynomialRingElement v_Vector) - (layer v__initial_coefficient_bound: usize) - : Prims.Pure (usize & t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -val ntt_at_layer_7_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (re: t_PolynomialRingElement v_Vector) - : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 1ac23de3a..7c18a83f4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -4,14 +4,14 @@ open Core open FStar.Mul let sample_from_uniform_distribution_next + (#v_Vector: Type) (v_K v_N: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) - (out: t_Array (t_Array i32 (sz 256)) v_K) + (out: t_Array (t_Array i16 (sz 272)) v_K) = - let done:bool = true in - let done, out, sampled_coefficients:(bool & t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K - ) = + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K @@ -20,127 +20,136 @@ let sample_from_uniform_distribution_next Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (done, out, sampled_coefficients - <: - (bool & t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K)) + (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> - let done, out, sampled_coefficients:(bool & t_Array (t_Array i32 (sz 256)) v_K & - t_Array usize v_K) = + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - let out, sampled_coefficients:(t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks - (Rust_primitives.unsize (randomness.[ i ] <: t_Array u8 v_N) <: t_Slice u8) - (sz 3) - <: - Core.Slice.Iter.t_Chunks u8) - <: - Core.Slice.Iter.t_Chunks u8) - (out, sampled_coefficients <: (t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K) - ) - (fun temp_0_ bytes -> - let out, sampled_coefficients:(t_Array (t_Array i32 (sz 256)) v_K & - t_Array usize v_K) = - temp_0_ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_N /! sz 24 <: usize + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (fun temp_0_ r -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let r:usize = r in + if + (sampled_coefficients.[ i ] <: usize) <. + Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + <: + bool + then + let tmp0, out1:(t_Slice i16 & usize) = + Libcrux_traits.f_rej_sample ((randomness.[ i ] <: t_Array u8 v_N).[ { + Core.Ops.Range.f_start = r *! sz 24 <: usize; + Core.Ops.Range.f_end = (r *! sz 24 <: usize) +! sz 24 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + ((out.[ i ] <: t_Array i16 (sz 272)).[ { + Core.Ops.Range.f_start = sampled_coefficients.[ i ] <: usize; + Core.Ops.Range.f_end + = + (sampled_coefficients.[ i ] <: usize) +! sz 16 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) in - let bytes:t_Slice u8 = bytes in - let b1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in - let b2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in - let b3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in - let d1:i32 = ((b2 &. 15l <: i32) <>! 4l <: i32) in - let out, sampled_coefficients:(t_Array (t_Array i32 (sz 256)) v_K & - t_Array usize v_K) = - if - d1 <. Libcrux_ml_kem.Constants.v_FIELD_MODULUS && - (sampled_coefficients.[ i ] <: usize) <. - Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT - then - let out:t_Array (t_Array i32 (sz 256)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (out.[ i ] - <: - t_Array i32 (sz 256)) - (sampled_coefficients.[ i ] <: usize) - d1 + let out:t_Array (t_Array i16 (sz 272)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_range (out.[ i ] <: - t_Array i32 (sz 256)) - in - out, - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_coefficients - i - ((sampled_coefficients.[ i ] <: usize) +! sz 1 <: usize) - <: - (t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K) - else - out, sampled_coefficients - <: - (t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K) + t_Array i16 (sz 272)) + ({ + Core.Ops.Range.f_start = sampled_coefficients.[ i ] <: usize; + Core.Ops.Range.f_end + = + (sampled_coefficients.[ i ] <: usize) +! sz 16 <: usize + } + <: + Core.Ops.Range.t_Range usize) + tmp0 + <: + t_Array i16 (sz 272)) in - if - d2 <. Libcrux_ml_kem.Constants.v_FIELD_MODULUS && - (sampled_coefficients.[ i ] <: usize) <. - Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT - then - let out:t_Array (t_Array i32 (sz 256)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (out.[ i ] - <: - t_Array i32 (sz 256)) - (sampled_coefficients.[ i ] <: usize) - d2 - <: - t_Array i32 (sz 256)) - in - let sampled_coefficients:t_Array usize v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_coefficients - i - ((sampled_coefficients.[ i ] <: usize) +! sz 1 <: usize) - in - out, sampled_coefficients - <: - (t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K) - else - out, sampled_coefficients - <: - (t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K)) - in + let sampled:usize = out1 in + let sampled_coefficients:t_Array usize v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_coefficients + i + ((sampled_coefficients.[ i ] <: usize) +! sampled <: usize) + in + out, sampled_coefficients + <: + (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) + else + out, sampled_coefficients + <: + (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + <: + (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + in + let done:bool = true in + let done, sampled_coefficients:(bool & t_Array usize v_K) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + (done, sampled_coefficients <: (bool & t_Array usize v_K)) + (fun temp_0_ i -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let i:usize = i in if - (sampled_coefficients.[ i ] <: usize) <. + (sampled_coefficients.[ i ] <: usize) >=. Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT - then - false, out, sampled_coefficients - <: - (bool & t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K) - else - done, out, sampled_coefficients <: - (bool & t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K)) + bool + then + let sampled_coefficients:t_Array usize v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_coefficients + i + Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + in + done, sampled_coefficients <: (bool & t_Array usize v_K) + else false, sampled_coefficients <: (bool & t_Array usize v_K)) in let hax_temp_output:bool = done in sampled_coefficients, out, hax_temp_output <: - (t_Array usize v_K & t_Array (t_Array i32 (sz 256)) v_K & bool) + (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) let sample_from_binomial_distribution_2_ (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (randomness: t_Slice u8) = - let sampled_i32s:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in - let sampled_i32s:t_Array i32 (sz 256) = + let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in + let sampled_i16s:t_Array i16 (sz 256) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - sampled_i32s - (fun sampled_i32s temp_1_ -> - let sampled_i32s:t_Array i32 (sz 256) = sampled_i32s in + sampled_i16s + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u32: u32):u32 = (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. @@ -167,44 +176,45 @@ let sample_from_binomial_distribution_2_ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) - sampled_i32s - (fun sampled_i32s outcome_set -> - let sampled_i32s:t_Array i32 (sz 256) = sampled_i32s in + sampled_i16s + (fun sampled_i16s outcome_set -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let outcome_set:u32 = outcome_set in - let outcome_1_:i32 = - cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i32 + let outcome_1_:i16 = + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i16 in - let outcome_2_:i32 = + let outcome_2_:i16 = cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) <: - i32 + i16 in let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in - let sampled_i32s:t_Array i32 (sz 256) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i32s + let sampled_i16s:t_Array i16 (sz 256) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s ((sz 8 *! chunk_number <: usize) +! offset <: usize) - (outcome_1_ -! outcome_2_ <: i32) + (outcome_1_ -! outcome_2_ <: i16) in - sampled_i32s)) + sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i32_array sampled_i32s + Libcrux_ml_kem.Polynomial.impl__from_i16_array (Rust_primitives.unsize sampled_i16s <: t_Slice i16 + ) let sample_from_binomial_distribution_3_ (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (randomness: t_Slice u8) = - let sampled_i32s:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in - let sampled_i32s:t_Array i32 (sz 256) = + let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in + let sampled_i16s:t_Array i16 (sz 256) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - sampled_i32s - (fun sampled_i32s temp_1_ -> - let sampled_i32s:t_Array i32 (sz 256) = sampled_i32s in + sampled_i16s + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u24: u32):u32 = ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. @@ -226,27 +236,28 @@ let sample_from_binomial_distribution_3_ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) - sampled_i32s - (fun sampled_i32s outcome_set -> - let sampled_i32s:t_Array i32 (sz 256) = sampled_i32s in + sampled_i16s + (fun sampled_i16s outcome_set -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let outcome_set:i32 = outcome_set in - let outcome_1_:i32 = - cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i32 + let outcome_1_:i16 = + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i16 in - let outcome_2_:i32 = + let outcome_2_:i16 = cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32) <: - i32 + i16 in let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in - let sampled_i32s:t_Array i32 (sz 256) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i32s + let sampled_i16s:t_Array i16 (sz 256) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s ((sz 4 *! chunk_number <: usize) +! offset <: usize) - (outcome_1_ -! outcome_2_ <: i32) + (outcome_1_ -! outcome_2_ <: i16) in - sampled_i32s)) + sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i32_array sampled_i32s + Libcrux_ml_kem.Polynomial.impl__from_i16_array (Rust_primitives.unsize sampled_i16s <: t_Slice i16 + ) let sample_from_binomial_distribution (v_ETA: usize) @@ -265,65 +276,76 @@ let sample_from_binomial_distribution let sample_from_xof (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (seeds: t_Array (t_Array u8 (sz 34)) v_K) = let (sampled_coefficients: t_Array usize v_K):t_Array usize v_K = Rust_primitives.Hax.repeat (sz 0) v_K in - let (out: t_Array (t_Array i32 (sz 256)) v_K):t_Array (t_Array i32 (sz 256)) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) v_K - in - let xof_state:Libcrux_sha3.X4.t_Shake128StateX4 = - Libcrux_ml_kem.Hash_functions.absorb v_K seeds + let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K in - let tmp0, out1:(Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_ml_kem.Hash_functions.squeeze_three_blocks v_K xof_state + let xof_state:v_Hasher = Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb v_K seeds in + let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) = + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_three_blocks v_K xof_state in - let xof_state:Libcrux_sha3.X4.t_Shake128StateX4 = tmp0 in + let xof_state:v_Hasher = tmp0 in let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in - let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i32 (sz 256)) v_K & bool) = + let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = sample_from_uniform_distribution_next v_K (sz 504) randomness sampled_coefficients out in let sampled_coefficients:t_Array usize v_K = tmp0 in - let out:t_Array (t_Array i32 (sz 256)) v_K = tmp1 in + let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in let done:bool = out1 in - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i32 (sz 256)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & - Libcrux_sha3.X4.t_Shake128StateX4) = + v_Hasher) = Rust_primitives.f_while_loop (fun temp_0_ -> - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i32 (sz 256)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & - Libcrux_sha3.X4.t_Shake128StateX4) = + v_Hasher) = temp_0_ in ~.done <: bool) (done, out, sampled_coefficients, xof_state <: - (bool & t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K & - Libcrux_sha3.X4.t_Shake128StateX4)) + (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) (fun temp_0_ -> - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i32 (sz 256)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & - Libcrux_sha3.X4.t_Shake128StateX4) = + v_Hasher) = temp_0_ in - let tmp0, out1:(Libcrux_sha3.X4.t_Shake128StateX4 & t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_ml_kem.Hash_functions.squeeze_block v_K xof_state + let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) = + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_block v_K xof_state in - let xof_state:Libcrux_sha3.X4.t_Shake128StateX4 = tmp0 in + let xof_state:v_Hasher = tmp0 in let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in - let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i32 (sz 256)) v_K & bool) = + let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = sample_from_uniform_distribution_next v_K (sz 168) randomness sampled_coefficients out in let sampled_coefficients:t_Array usize v_K = tmp0 in - let out:t_Array (t_Array i32 (sz 256)) v_K = tmp1 in + let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in let done:bool = out1 in done, out, sampled_coefficients, xof_state <: - (bool & t_Array (t_Array i32 (sz 256)) v_K & t_Array usize v_K & - Libcrux_sha3.X4.t_Shake128StateX4)) + (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) in - let _:Prims.unit = Libcrux_ml_kem.Hash_functions.free_state xof_state in - Core.Array.impl_23__map v_K out Libcrux_ml_kem.Polynomial.impl__from_i32_array + Core.Array.impl_23__map v_K + out + (fun s -> + let s:t_Array i16 (sz 272) = s in + Libcrux_ml_kem.Polynomial.impl__from_i16_array (s.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 256 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index a458bb957..52b52d986 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -37,11 +37,13 @@ open FStar.Mul /// The NIST FIPS 203 standard can be found at /// . val sample_from_uniform_distribution_next + (#v_Vector: Type) (v_K v_N: usize) + {| i1: Libcrux_traits.t_Operations v_Vector |} (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) - (out: t_Array (t_Array i32 (sz 256)) v_K) - : Prims.Pure (t_Array usize v_K & t_Array (t_Array i32 (sz 256)) v_K & bool) + (out: t_Array (t_Array i16 (sz 272)) v_K) + : Prims.Pure (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) Prims.l_True (fun _ -> Prims.l_True) @@ -110,8 +112,9 @@ val sample_from_binomial_distribution val sample_from_xof (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type) + {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (seeds: t_Array (t_Array u8 (sz 34)) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index e0bf211c2..916404d64 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -32,56 +32,26 @@ let compress_then_serialize_10_ <: v_Vector) in - let bytes:t_Array u8 (sz 10) = Libcrux_traits.f_serialize_10_ coefficient in + let bytes:t_Array u8 (sz 20) = Libcrux_traits.f_serialize_10_ coefficient in let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 10 *! i <: usize) - (bytes.[ sz 0 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 1 <: usize) - (bytes.[ sz 1 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 2 <: usize) - (bytes.[ sz 2 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 3 <: usize) - (bytes.[ sz 3 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 4 <: usize) - (bytes.[ sz 4 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 5 <: usize) - (bytes.[ sz 5 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 6 <: usize) - (bytes.[ sz 6 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 7 <: usize) - (bytes.[ sz 7 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 8 <: usize) - (bytes.[ sz 8 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 10 *! i <: usize) +! sz 9 <: usize) - (bytes.[ sz 9 ] <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = sz 20 *! i <: usize; + Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (serialized.[ { + Core.Ops.Range.f_start = sz 20 *! i <: usize; + Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize bytes <: t_Slice u8) + <: + t_Slice u8) in serialized) in @@ -116,74 +86,38 @@ let compress_then_serialize_11_ <: v_Vector) in - let bytes:t_Array u8 (sz 11) = Libcrux_traits.f_serialize_11_ coefficient in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 11 *! i <: usize) - (bytes.[ sz 0 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 1 <: usize) - (bytes.[ sz 1 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 2 <: usize) - (bytes.[ sz 2 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 3 <: usize) - (bytes.[ sz 3 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 4 <: usize) - (bytes.[ sz 4 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 5 <: usize) - (bytes.[ sz 5 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 6 <: usize) - (bytes.[ sz 6 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 7 <: usize) - (bytes.[ sz 7 ] <: u8) - in + let bytes:t_Array u8 (sz 22) = Libcrux_traits.f_serialize_11_ coefficient in let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 8 <: usize) - (bytes.[ sz 8 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 9 <: usize) - (bytes.[ sz 9 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 11 *! i <: usize) +! sz 10 <: usize) - (bytes.[ sz 10 ] <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = sz 22 *! i <: usize; + Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (serialized.[ { + Core.Ops.Range.f_start = sz 22 *! i <: usize; + Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize bytes <: t_Slice u8) + <: + t_Slice u8) in serialized) in serialized let compress_then_serialize_4_ - (v_OUT_LEN: usize) (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (serialized: t_Slice u8) = - let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let serialized:t_Array u8 v_OUT_LEN = + let serialized, hax_temp_output:t_Slice u8 = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT @@ -194,7 +128,7 @@ let compress_then_serialize_4_ Core.Ops.Range.t_Range usize) serialized (fun serialized i -> - let serialized:t_Array u8 v_OUT_LEN = serialized in + let serialized:t_Slice u8 = serialized in let i:usize = i in let coefficient:v_Vector = Libcrux_traits.f_compress 4l @@ -205,39 +139,38 @@ let compress_then_serialize_4_ <: v_Vector) in - let bytes:t_Array u8 (sz 4) = Libcrux_traits.f_serialize_4_ coefficient in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 4 *! i <: usize) - (bytes.[ sz 0 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 4 *! i <: usize) +! sz 1 <: usize) - (bytes.[ sz 1 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 4 *! i <: usize) +! sz 2 <: usize) - (bytes.[ sz 2 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 4 *! i <: usize) +! sz 3 <: usize) - (bytes.[ sz 3 ] <: u8) + let bytes:t_Array u8 (sz 8) = Libcrux_traits.f_serialize_4_ coefficient in + let serialized:t_Slice u8 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = sz 8 *! i <: usize; + Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (serialized.[ { + Core.Ops.Range.f_start = sz 8 *! i <: usize; + Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize bytes <: t_Slice u8) + <: + t_Slice u8) in serialized) in serialized let compress_then_serialize_5_ - (v_OUT_LEN: usize) (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (serialized: t_Slice u8) = - let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let serialized:t_Array u8 v_OUT_LEN = + let serialized, hax_temp_output:t_Slice u8 = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT @@ -248,7 +181,7 @@ let compress_then_serialize_5_ Core.Ops.Range.t_Range usize) serialized (fun serialized i -> - let serialized:t_Array u8 v_OUT_LEN = serialized in + let serialized:t_Slice u8 = serialized in let i:usize = i in let coefficients:v_Vector = Libcrux_traits.f_compress 5l @@ -259,31 +192,26 @@ let compress_then_serialize_5_ <: v_Vector) in - let bytes5:t_Array u8 (sz 5) = Libcrux_traits.f_serialize_5_ coefficients in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 5 *! i <: usize) - (bytes5.[ sz 0 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 1 <: usize) - (bytes5.[ sz 1 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - (bytes5.[ sz 2 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 3 <: usize) - (bytes5.[ sz 3 ] <: u8) - in - let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 4 <: usize) - (bytes5.[ sz 4 ] <: u8) + let bytes:t_Array u8 (sz 10) = Libcrux_traits.f_serialize_5_ coefficients in + let serialized:t_Slice u8 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = sz 10 *! i <: usize; + Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (serialized.[ { + Core.Ops.Range.f_start = sz 10 *! i <: usize; + Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize bytes <: t_Slice u8) + <: + t_Slice u8) in serialized) in @@ -298,7 +226,7 @@ let compress_then_serialize_message let serialized:t_Array u8 (sz 32) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 32 + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) @@ -315,10 +243,26 @@ let compress_then_serialize_message v_Vector) in let coefficient_compressed:v_Vector = Libcrux_traits.f_compress_1_ coefficient in + let bytes:t_Array u8 (sz 2) = Libcrux_traits.f_serialize_1_ coefficient_compressed in let serialized:t_Array u8 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - i - (Libcrux_traits.f_serialize_1_ coefficient_compressed <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = sz 2 *! i <: usize; + Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (serialized.[ { + Core.Ops.Range.f_start = sz 2 *! i <: usize; + Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize bytes <: t_Slice u8) + <: + t_Slice u8) in serialized) in @@ -344,15 +288,22 @@ let compress_then_serialize_ring_element_v (#v_Vector: Type) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (out: t_Slice u8) = - match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> compress_then_serialize_4_ v_OUT_LEN re - | 5ul -> compress_then_serialize_5_ v_OUT_LEN re - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + let out, hax_temp_output:(t_Slice u8 & Prims.unit) = + match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with + | 4ul -> compress_then_serialize_4_ re out, () <: (t_Slice u8 & Prims.unit) + | 5ul -> compress_then_serialize_5_ re out, () <: (t_Slice u8 & Prims.unit) + | _ -> + out, + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" - <: - Rust_primitives.Hax.t_Never) + <: + Rust_primitives.Hax.t_Never) + <: + (t_Slice u8 & Prims.unit) + in + out let deserialize_then_decompress_10_ (#v_Vector: Type) @@ -364,7 +315,7 @@ let deserialize_then_decompress_10_ in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 10) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact serialized (sz 20) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -382,7 +333,7 @@ let deserialize_then_decompress_10_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress 10l coefficient <: v_Vector) + (Libcrux_traits.f_decompress_ciphertext_coefficient 10l coefficient <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -401,7 +352,7 @@ let deserialize_then_decompress_11_ in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact serialized (sz 22) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -419,7 +370,7 @@ let deserialize_then_decompress_11_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress 11l coefficient <: v_Vector) + (Libcrux_traits.f_decompress_ciphertext_coefficient 11l coefficient <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -438,7 +389,7 @@ let deserialize_then_decompress_4_ in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact serialized (sz 8) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -456,7 +407,7 @@ let deserialize_then_decompress_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress 4l coefficient <: v_Vector) + (Libcrux_traits.f_decompress_ciphertext_coefficient 4l coefficient <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -475,7 +426,7 @@ let deserialize_then_decompress_5_ in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact serialized (sz 10) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -505,7 +456,7 @@ let deserialize_then_decompress_5_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress 5l + (Libcrux_traits.f_decompress_ciphertext_coefficient 5l (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -528,7 +479,7 @@ let deserialize_then_decompress_message let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 32 + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) @@ -539,7 +490,14 @@ let deserialize_then_decompress_message let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i:usize = i in let coefficient_compressed:v_Vector = - Libcrux_traits.f_deserialize_1_ (serialized.[ i ] <: u8) + Libcrux_traits.f_deserialize_1_ (serialized.[ { + Core.Ops.Range.f_start = sz 2 *! i <: usize; + Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -598,7 +556,7 @@ let deserialize_to_reduced_ring_element in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 12) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact serialized (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -632,10 +590,12 @@ let deserialize_ring_elements_reduced (public_key: t_Slice u8) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K + Core.Array.from_fn v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate @@ -674,7 +634,7 @@ let deserialize_to_uncompressed_ring_element in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 12) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact serialized (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -692,7 +652,7 @@ let deserialize_to_uncompressed_ring_element i (Libcrux_traits.f_deserialize_12_ bytes <: v_Vector) <: - t_Array v_Vector (sz 32) + t_Array v_Vector (sz 16) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -724,66 +684,26 @@ let serialize_uncompressed_ring_element <: v_Vector) in - let bytes:t_Array u8 (sz 12) = Libcrux_traits.f_serialize_12_ coefficient in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 12 *! i <: usize) - (bytes.[ sz 0 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 1 <: usize) - (bytes.[ sz 1 ] <: u8) - in + let bytes:t_Array u8 (sz 24) = Libcrux_traits.f_serialize_12_ coefficient in let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 2 <: usize) - (bytes.[ sz 2 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 3 <: usize) - (bytes.[ sz 3 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 4 <: usize) - (bytes.[ sz 4 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 5 <: usize) - (bytes.[ sz 5 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 6 <: usize) - (bytes.[ sz 6 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 7 <: usize) - (bytes.[ sz 7 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 8 <: usize) - (bytes.[ sz 8 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 9 <: usize) - (bytes.[ sz 9 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 10 <: usize) - (bytes.[ sz 10 ] <: u8) - in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 12 *! i <: usize) +! sz 11 <: usize) - (bytes.[ sz 11 ] <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = sz 24 *! i <: usize; + Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (serialized.[ { + Core.Ops.Range.f_start = sz 24 *! i <: usize; + Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize bytes <: t_Slice u8) + <: + t_Slice u8) in serialized) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 5786b8a5f..aa98844c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -18,18 +18,18 @@ val compress_then_serialize_11_ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_4_ - (v_OUT_LEN: usize) (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + (serialized: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_5_ - (v_OUT_LEN: usize) (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + (serialized: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_message (#v_Vector: Type) @@ -49,7 +49,8 @@ val compress_then_serialize_ring_element_v (#v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_10_ (#v_Vector: Type) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 73dbc3411..2520d935c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -5,22 +5,16 @@ open FStar.Mul let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_6__len (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = v_SIZE - let impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) = Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_12__len (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = v_SIZE - let impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) = Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value -let impl_18__len (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = v_SIZE - let impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) = Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 2de0ab7bb..e53c97941 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -3,6 +3,7 @@ module Libcrux_ml_kem.Types open Core open FStar.Mul +///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -40,15 +41,15 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value } +/// A reference to the raw byte slice. val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -val impl_6__len (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) - : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) - +/// Split this value and return the raw byte slices. val impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) +///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -86,15 +87,15 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value } +/// A reference to the raw byte slice. val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -val impl_12__len (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) - : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) - +/// Split this value and return the raw byte slices. val impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) +///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -132,12 +133,11 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value } +/// A reference to the raw byte slice. val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -val impl_18__len (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) - : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) - +/// Split this value and return the raw byte slices. val impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -225,6 +225,7 @@ type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { f_pk:t_MlKemPublicKey v_PUBLIC_KEY_SIZE } +/// Create a new [`MlKemKeyPair`] from the secret and public key. val impl__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) @@ -242,21 +243,25 @@ val impl__new Prims.l_True (fun _ -> Prims.l_True) +/// Get a reference to the raw public key bytes. val impl__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) +/// Get a reference to the [`MlKemPrivateKey`]. val impl__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) +/// Get a reference to the [`MlKemPublicKey`]. val impl__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPublicKey v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) +/// Get a reference to the raw private key bytes. val impl__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst index da299df1a..c808ca3e2 100644 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst +++ b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst @@ -34,8 +34,8 @@ let zero (_: Prims.unit) : t_SIMD256Vector = [@@ FStar.Tactics.Typeclasses.tcinstance] let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { - _super_14285531652857523276 = FStar.Tactics.Typeclasses.solve; - _super_10391689928755043351 = FStar.Tactics.Typeclasses.solve; + _super_957087622381469234 = FStar.Tactics.Typeclasses.solve; + _super_2101570567305961368 = FStar.Tactics.Typeclasses.solve; f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); f_ZERO = (fun (_: Prims.unit) -> zero ()); From aca1b2abd69b6bf4f7255a72caa494dc9c64216c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 23 May 2024 09:21:28 +0200 Subject: [PATCH 16/94] portable rejection sampling for neon for now --- .github/workflows/mlkem.yml | 14 ++++++++++++- polynomials-aarch64/src/lib.rs | 30 +++++++++++++++++++++++++-- polynomials-aarch64/src/neon.rs | 10 ++++----- polynomials-aarch64/src/rejsample.rs | 13 +++++++----- polynomials-aarch64/src/simd128ops.rs | 5 +---- 5 files changed, 55 insertions(+), 17 deletions(-) diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 13c639a43..fe43c3025 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -84,6 +84,11 @@ jobs: if: ${{ matrix.os == 'macos-latest' }} run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin + # - name: ⬆ Upload build + # uses: ./.github/actions/upload_artifacts + # with: + # name: build_${{ matrix.os }}_${{ matrix.bits }} + # We get false positives here. # TODO: Figure out what is going on here # - name: 🏃🏻 Asan Linux @@ -123,7 +128,6 @@ jobs: cargo test --verbose $RUST_TARGET_FLAG - name: 🏃🏻‍♀️ Test Release - if: ${{ matrix.os != 'macos-latest' }} run: | cargo clean cargo test --verbose --release $RUST_TARGET_FLAG @@ -195,6 +199,14 @@ jobs: echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + # - name: 🔨 Build + # run: cargo build --benches + + # - name: ⬆ Upload build + # uses: ./.github/actions/upload_artifacts + # with: + # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} + # Benchmarks ... - name: 🏃🏻‍♀️ Benchmarks diff --git a/polynomials-aarch64/src/lib.rs b/polynomials-aarch64/src/lib.rs index a37953217..c8ddb2440 100644 --- a/polynomials-aarch64/src/lib.rs +++ b/polynomials-aarch64/src/lib.rs @@ -3,7 +3,7 @@ use libcrux_traits::Operations; mod neon; -mod rejsample; +// mod rejsample; mod simd128ops; pub use simd128ops::SIMD128Vector; @@ -158,6 +158,32 @@ impl Operations for SIMD128Vector { } fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { - rejsample::rej_sample(a, out) + // FIXME: The code in rejsample fails on the CI machines. + // We need to understand why and fix it before using it. + // We use the portable version in the meantime. + rej_sample(a, out) } } + +#[inline(always)] +pub(crate) fn rej_sample(a: &[u8], result: &mut [i16]) -> usize { + let mut sampled = 0; + for bytes in a.chunks(3) { + let b1 = bytes[0] as i16; + let b2 = bytes[1] as i16; + let b3 = bytes[2] as i16; + + let d1 = ((b2 & 0xF) << 8) | b1; + let d2 = (b3 << 4) | (b2 >> 4); + + if d1 < libcrux_traits::FIELD_MODULUS && sampled < 16 { + result[sampled] = d1; + sampled += 1 + } + if d2 < libcrux_traits::FIELD_MODULUS && sampled < 16 { + result[sampled] = d2; + sampled += 1 + } + } + sampled +} diff --git a/polynomials-aarch64/src/neon.rs b/polynomials-aarch64/src/neon.rs index d0454cfef..88157fdf3 100644 --- a/polynomials-aarch64/src/neon.rs +++ b/polynomials-aarch64/src/neon.rs @@ -8,12 +8,12 @@ pub(crate) fn _vdupq_n_s16(i: i16) -> int16x8_t { #[inline(always)] pub(crate) fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { - unsafe { vst1q_s16(out.as_mut_ptr() as *mut i16, v) } + unsafe { vst1q_s16(out.as_mut_ptr(), v) } } #[inline(always)] pub(crate) fn _vld1q_s16(array: &[i16]) -> int16x8_t { - unsafe { vld1q_s16(array.as_ptr() as *const i16) } + unsafe { vld1q_s16(array.as_ptr()) } } #[inline(always)] @@ -193,7 +193,7 @@ pub(crate) fn _vmlal_high_s16(a: int32x4_t, b: int16x8_t, c: int16x8_t) -> int32 } #[inline(always)] pub(crate) fn _vld1q_u8(ptr: &[u8]) -> uint8x16_t { - unsafe { vld1q_u8(ptr.as_ptr() as *const u8) } + unsafe { vld1q_u8(ptr.as_ptr()) } } #[inline(always)] pub(crate) fn _vreinterpretq_u8_s16(a: int16x8_t) -> uint8x16_t { @@ -254,7 +254,7 @@ pub(super) fn _vreinterpretq_u8_s64(a: int64x2_t) -> uint8x16_t { #[inline(always)] pub(super) fn _vst1q_u8(out: &mut [u8], v: uint8x16_t) { - unsafe { vst1q_u8(out.as_mut_ptr() as *mut u8, v) } + unsafe { vst1q_u8(out.as_mut_ptr(), v) } } #[inline(always)] pub(crate) fn _vdupq_n_u16(value: u16) -> uint16x8_t { @@ -270,7 +270,7 @@ pub(crate) fn _vreinterpretq_u16_u8(a: uint8x16_t) -> uint16x8_t { } #[inline(always)] pub(crate) fn _vld1q_u16(ptr: &[u16]) -> uint16x8_t { - unsafe { vld1q_u16(ptr.as_ptr() as *const u16) } + unsafe { vld1q_u16(ptr.as_ptr()) } } #[inline(always)] pub(crate) fn _vcleq_s16(a: int16x8_t, b: int16x8_t) -> uint16x8_t { diff --git a/polynomials-aarch64/src/rejsample.rs b/polynomials-aarch64/src/rejsample.rs index b25fc0f42..64e64a0dc 100644 --- a/polynomials-aarch64/src/rejsample.rs +++ b/polynomials-aarch64/src/rejsample.rs @@ -776,18 +776,21 @@ pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { let input = super::simd128ops::deserialize_12(a); let mask0 = _vcleq_s16(input.low, fm); let mask1 = _vcleq_s16(input.high, fm); - let used0 = _vaddvq_u16(_vandq_u16(mask0, bits)); - let used1 = _vaddvq_u16(_vandq_u16(mask1, bits)); + let masked = _vandq_u16(mask0, bits); + let used0 = _vaddvq_u16(masked); + let masked = _vandq_u16(mask1, bits); + let used1 = _vaddvq_u16(masked); let pick0 = used0.count_ones(); let pick1 = used1.count_ones(); - let index_vec0 = _vld1q_u8(&IDX_TABLE[used0 as usize]); + // XXX: the indices used0 and used1 must be < 256. + let index_vec0 = _vld1q_u8(&IDX_TABLE[(used0 as u8) as usize]); let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); - let index_vec1 = _vld1q_u8(&IDX_TABLE[used1 as usize]); + let index_vec1 = _vld1q_u8(&IDX_TABLE[(used1 as u8) as usize]); let shifted1 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); - let idx0 = pick0 as usize; + let idx0 = usize::try_from(pick0).unwrap(); _vst1q_s16(&mut out[0..8], shifted0); _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); (pick0 + pick1) as usize diff --git a/polynomials-aarch64/src/simd128ops.rs b/polynomials-aarch64/src/simd128ops.rs index 79be6f4af..7244d58b9 100644 --- a/polynomials-aarch64/src/simd128ops.rs +++ b/polynomials-aarch64/src/simd128ops.rs @@ -848,8 +848,5 @@ pub(crate) fn deserialize_12(v: &[u8]) -> SIMD128Vector { let shifted1 = _vshlq_u16(moved1, shift_vec); let high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); - SIMD128Vector { - low: low, - high: high, - } + SIMD128Vector { low, high } } From 6f0495d5745b0bf038518f19b62c22b19396e332 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 22 May 2024 14:42:13 +0200 Subject: [PATCH 17/94] feat(ci/F*): get rid of timestamps in patch files --- proofs/fstar/patches.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/proofs/fstar/patches.sh b/proofs/fstar/patches.sh index c64423d28..a88040ca7 100755 --- a/proofs/fstar/patches.sh +++ b/proofs/fstar/patches.sh @@ -71,8 +71,12 @@ case $1 in ) - mv "$TEMPDIR/extraction-edited.patch" extraction-edited.patch - mv "$TEMPDIR/extraction-secret-independent.patch" extraction-secret-independent.patch + for patch in "extraction-edited.patch" "extraction-secret-independent.patch"; do + # remove timestamps + sed -i -E 's/^([-+]{3} .*[[:space:]]+)[0-9]{4}([ -:][0-9]{2})+[.][0-9]+ [+][0-9]+/\11970-01-01 01:00:00.000000000 +0100/g' "$TEMPDIR/$patch" + # move the patch file + mv "$TEMPDIR/$patch" "$patch" + done rm -rf "$TEMPDIR" ;; From 4e777f8f0f2edddfb48c5a6b10f0b8241779e50b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 22 May 2024 14:45:10 +0200 Subject: [PATCH 18/94] chore(kyber/fstar): update patches following hacspec/hax#676 --- proofs/fstar/extraction-edited.patch | 186 ++++++++++-------- .../fstar/extraction-secret-independent.patch | 128 ++++++------ proofs/fstar/extraction/Libcrux.Kem.Kyber.fst | 6 + .../fstar/extraction/Libcrux.Kem.Kyber.fsti | 6 + 4 files changed, 176 insertions(+), 150 deletions(-) diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch index fd4d7c820..8a9c3581e 100644 --- a/proofs/fstar/extraction-edited.patch +++ b/proofs/fstar/extraction-edited.patch @@ -1,6 +1,6 @@ diff -ruN extraction/BitVecEq.fst extraction-edited/BitVecEq.fst --- extraction/BitVecEq.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/BitVecEq.fst 2024-05-16 17:05:53.763567470 +0200 ++++ extraction-edited/BitVecEq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,12 @@ +module BitVecEq + @@ -16,7 +16,7 @@ diff -ruN extraction/BitVecEq.fst extraction-edited/BitVecEq.fst + diff -ruN extraction/BitVecEq.fsti extraction-edited/BitVecEq.fsti --- extraction/BitVecEq.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/BitVecEq.fsti 2024-05-16 17:05:53.759567604 +0200 ++++ extraction-edited/BitVecEq.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,294 @@ +module BitVecEq +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -313,8 +313,8 @@ diff -ruN extraction/BitVecEq.fsti extraction-edited/BitVecEq.fsti + = admit () +*) diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti ---- extraction/Libcrux.Digest.fsti 2024-05-16 17:05:53.713569147 +0200 -+++ extraction-edited/Libcrux.Digest.fsti 2024-05-16 17:05:53.752567839 +0200 +--- extraction/Libcrux.Digest.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Digest.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,13 +3,29 @@ open Core open FStar.Mul @@ -348,7 +348,7 @@ diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Digest.Incremental_x4.fsti extraction-edited/Libcrux.Digest.Incremental_x4.fsti ---- extraction/Libcrux.Digest.Incremental_x4.fsti 2024-05-16 17:05:53.701569550 +0200 +--- extraction/Libcrux.Digest.Incremental_x4.fsti 1970-01-01 01:00:00.000000000 +0100 +++ extraction-edited/Libcrux.Digest.Incremental_x4.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,31 +0,0 @@ -module Libcrux.Digest.Incremental_x4 @@ -384,7 +384,7 @@ diff -ruN extraction/Libcrux.Digest.Incremental_x4.fsti extraction-edited/Libcru - (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst --- extraction/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.fst 2024-05-16 17:05:53.744568107 +0200 ++++ extraction-edited/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -393,8 +393,8 @@ diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-05-16 17:05:53.707569349 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-05-16 17:05:53.754567772 +0200 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,83 +1,364 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -802,8 +802,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux. + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-05-16 17:05:53.695569751 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-05-16 17:05:53.778566967 +0200 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,176 +3,257 @@ open Core open FStar.Mul @@ -1200,8 +1200,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - <: - bool)) diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst ---- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-05-16 17:05:53.722568845 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-05-16 17:05:53.768567302 +0200 +--- extraction/Libcrux.Kem.Kyber.Compress.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,39 +1,79 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1305,8 +1305,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Ke + res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti ---- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-05-16 17:05:53.727568678 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-05-16 17:05:53.746568040 +0200 +--- extraction/Libcrux.Kem.Kyber.Compress.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,8 +3,19 @@ open Core open FStar.Mul @@ -1402,8 +1402,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.K + (requires fe =. 0l || fe =. 1l) + (fun result -> v result >= 0 /\ v result < 3329) diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti ---- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-05-16 17:05:53.719568946 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-05-16 17:05:53.765567403 +0200 +--- extraction/Libcrux.Kem.Kyber.Constants.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,24 +3,20 @@ open Core open FStar.Mul @@ -1432,8 +1432,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux. + let v_SHARED_SECRET_SIZE: usize = sz 32 diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-05-16 17:05:53.728568644 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-05-16 17:05:53.761567537 +0200 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 1970-01-01 01:00:00.000000000 +0100 @@ -4,57 +4,163 @@ open FStar.Mul @@ -1623,8 +1623,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/L + ) +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-05-16 17:05:53.730568577 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-05-16 17:05:53.766567369 +0200 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,7 +3,6 @@ open Core open FStar.Mul @@ -1672,16 +1672,20 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/ + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst ---- extraction/Libcrux.Kem.Kyber.fst 2024-05-16 17:05:53.721568879 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-05-16 17:05:53.785566732 +0200 -@@ -1,28 +1,44 @@ +--- extraction/Libcrux.Kem.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,34 +1,44 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul --let serialize_kem_secret_key +-let _ = +- (* This module has implicit dependencies, here we make them explicit. *) +- (* The implicit dependencies arise from typeclasses instances. *) +- let open Libcrux.Kem.Kyber.Types in +- () +let update_at_range_lemma #n + (s: t_Slice 't) + (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).f_index_pre s i}) @@ -1699,7 +1703,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f + introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i + with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i + /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) -+ + +-let serialize_kem_secret_key +let serialize_kem_secret_key #p (v_SERIALIZED_KEY_LEN: usize) - (private_key public_key implicit_rejection_value: t_Slice u8) @@ -1727,7 +1732,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f } <: Core.Ops.Range.t_Range usize ] -@@ -32,21 +48,20 @@ +@@ -38,21 +48,20 @@ <: t_Slice u8) in @@ -1753,7 +1758,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f } <: Core.Ops.Range.t_Range usize ] -@@ -56,7 +71,9 @@ +@@ -62,7 +71,9 @@ <: t_Slice u8) in @@ -1764,7 +1769,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ -@@ -65,24 +82,14 @@ +@@ -71,24 +82,14 @@ } <: Core.Ops.Range.t_Range usize) @@ -1791,7 +1796,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f in let pointer:usize = pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in let out:t_Array u8 v_SERIALIZED_KEY_LEN = -@@ -91,16 +98,15 @@ +@@ -97,16 +98,15 @@ Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = @@ -1811,7 +1816,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f } <: Core.Ops.Range.t_Range usize ] -@@ -110,25 +116,47 @@ +@@ -116,25 +116,47 @@ <: t_Slice u8) in @@ -1865,7 +1870,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f v_CIPHERTEXT_SIZE v_C1_SIZE v_VECTOR_U_COMPRESSION_FACTOR -@@ -145,8 +173,9 @@ +@@ -151,8 +173,9 @@ ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize) @@ -1877,7 +1882,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f <: Core.Ops.Range.t_RangeFrom usize ] <: -@@ -155,14 +184,20 @@ +@@ -161,14 +184,20 @@ <: t_Slice u8) in @@ -1900,7 +1905,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux.Kem.Kyber.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE -@@ -173,48 +208,46 @@ +@@ -179,48 +208,46 @@ ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize) @@ -1963,7 +1968,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Ind_cpa.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) -@@ -224,8 +257,9 @@ +@@ -230,8 +257,9 @@ ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE } <: Core.Ops.Range.t_RangeFrom usize) @@ -1975,7 +1980,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f <: Core.Ops.Range.t_RangeFrom usize ] <: -@@ -244,16 +278,19 @@ +@@ -250,16 +278,19 @@ <: t_Slice u8) in @@ -1998,7 +2003,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE -@@ -263,35 +300,29 @@ +@@ -269,35 +300,29 @@ <: t_Slice u8) randomness pseudorandomness in @@ -2045,7 +2050,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize ] -@@ -299,116 +330,12 @@ +@@ -305,116 +330,12 @@ t_Slice u8) in public_key =. public_key_serialized @@ -2165,7 +2170,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { Core.Ops.Range.f_start = sz 0; -@@ -426,7 +353,7 @@ +@@ -432,7 +353,7 @@ in let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = @@ -2174,7 +2179,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f v_CPA_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT -@@ -435,83 +362,17 @@ +@@ -441,83 +362,17 @@ ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = @@ -2262,9 +2267,18 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f - <: - (t_MlKemState v_K & Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti ---- extraction/Libcrux.Kem.Kyber.fsti 2024-05-16 17:05:53.692569852 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-05-16 17:05:53.762567503 +0200 -@@ -6,65 +6,88 @@ +--- extraction/Libcrux.Kem.Kyber.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fsti 1970-01-01 01:00:00.000000000 +0100 +@@ -3,74 +3,91 @@ + open Core + open FStar.Mul + +-let _ = +- (* This module has implicit dependencies, here we make them explicit. *) +- (* The implicit dependencies arise from typeclasses instances. *) +- let open Libcrux.Kem.Kyber.Types in +- () +- unfold let t_MlKemSharedSecret = t_Array u8 (sz 32) @@ -2335,11 +2349,11 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. + v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\ + v_VECTOR_U_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p + )) - --val validate_public_key ++ + (ensures (fun (ct,ss) -> + (ct.f_value,ss) == Spec.Kyber.ind_cca_encapsulate p public_key.f_value randomness)) -+ + +-val validate_public_key +val validate_public_key (#p:Spec.Kyber.params) (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -2393,8 +2407,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. + (ensures (fun kp -> + (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-05-16 17:05:53.724568778 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-05-16 17:05:53.769567268 +0200 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,126 +3,114 @@ open Core open FStar.Mul @@ -2628,8 +2642,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libc + admit(); // We assume that shake128x4 correctly implements XOFx4 + out diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-05-16 17:05:53.698569651 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-05-16 17:05:53.772567168 +0200 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,35 +3,17 @@ open Core open FStar.Mul @@ -2678,8 +2692,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Lib + (ensures (fun res -> + (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-05-16 17:05:53.704569449 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-05-16 17:05:53.779566933 +0200 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -3736,8 +3750,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem + res + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-05-16 17:05:53.697569684 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-05-16 17:05:53.789566598 +0200 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,196 +1,151 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -4058,8 +4072,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Ke + + diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-05-16 17:05:53.703569483 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-05-16 17:05:53.776567034 +0200 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 1970-01-01 01:00:00.000000000 +0100 @@ -7,19 +7,19 @@ (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568)) @@ -4112,8 +4126,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.K (sz 3168) (sz 1568) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-05-16 17:05:53.715569080 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-05-16 17:05:53.756567705 +0200 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -71,13 +71,11 @@ unfold let t_MlKem1024PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568) @@ -4159,8 +4173,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux. - Prims.l_True - (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-05-16 17:05:53.734568443 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-05-16 17:05:53.741568208 +0200 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 1970-01-01 01:00:00.000000000 +0100 @@ -7,19 +7,19 @@ (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768)) @@ -4213,8 +4227,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Ke (sz 1632) (sz 800) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-05-16 17:05:53.706569382 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-05-16 17:05:53.775567067 +0200 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -71,13 +71,11 @@ unfold let t_MlKem512PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800) @@ -4260,8 +4274,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.K - Prims.l_True - (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-05-16 17:05:53.731568543 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-05-16 17:05:53.743568141 +0200 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 1970-01-01 01:00:00.000000000 +0100 @@ -7,19 +7,19 @@ (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088)) @@ -4314,8 +4328,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Ke (sz 2400) (sz 1184) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-05-16 17:05:53.712569181 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-05-16 17:05:53.771567201 +0200 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -71,43 +71,25 @@ unfold let t_MlKem768PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184) @@ -4365,8 +4379,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.K - (fun _ -> Prims.l_True) + (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst ---- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-05-16 17:05:53.725568745 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-05-16 17:05:53.747568007 +0200 +--- extraction/Libcrux.Kem.Kyber.Matrix.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,205 +3,188 @@ open Core open FStar.Mul @@ -5229,8 +5243,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem. + admit(); //P-F v_A_transpose diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-05-16 17:05:53.718568979 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-05-16 17:05:53.782566832 +0200 +--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,46 +3,71 @@ open Core open FStar.Mul @@ -5341,8 +5355,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem + if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A + else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst ---- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-05-16 17:05:53.716569047 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-05-16 17:05:53.751567873 +0200 +--- extraction/Libcrux.Kem.Kyber.Ntt.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,57 +1,130 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -6271,8 +6285,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyb + down_cast_poly_b #(8*3328) #3328 re +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-05-16 17:05:53.694569785 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-05-16 17:05:53.781566866 +0200 +--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -2,282 +2,80 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -6624,8 +6638,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Ky + (ensures fun _ -> True) + diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst ---- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-05-16 17:05:53.700569583 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-05-16 17:05:53.786566698 +0200 +--- extraction/Libcrux.Kem.Kyber.Sampling.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,26 +3,34 @@ open Core open FStar.Mul @@ -7241,8 +7255,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Ke + out +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-05-16 17:05:53.735568409 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-05-16 17:05:53.755567738 +0200 +--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,157 +3,37 @@ open Core open FStar.Mul @@ -7427,8 +7441,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.K +// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-05-16 17:05:53.709569282 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-05-16 17:05:53.774567101 +0200 +--- extraction/Libcrux.Kem.Kyber.Serialize.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +1,15 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -9067,8 +9081,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K +#pop-options + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-05-16 17:05:53.733568476 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-05-16 17:05:53.788566631 +0200 +--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -2,133 +2,188 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -9341,8 +9355,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux. + int_t_array_bitwise_eq res 8 coefficients 12 + )) diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst ---- extraction/Libcrux.Kem.Kyber.Types.fst 2024-05-16 17:05:53.710569248 +0200 -+++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-05-16 17:05:53.784566765 +0200 +--- extraction/Libcrux.Kem.Kyber.Types.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 1970-01-01 01:00:00.000000000 +0100 @@ -29,7 +29,7 @@ f_from = @@ -9590,7 +9604,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.K diff -ruN extraction/Libcrux_platform.Platform.fsti extraction-edited/Libcrux_platform.Platform.fsti --- extraction/Libcrux_platform.Platform.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux_platform.Platform.fsti 2024-05-16 17:05:53.740568242 +0200 ++++ extraction-edited/Libcrux_platform.Platform.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,20 @@ +module Libcrux_platform.Platform +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -9614,7 +9628,7 @@ diff -ruN extraction/Libcrux_platform.Platform.fsti extraction-edited/Libcrux_pl +val simd128_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst --- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/MkSeq.fst 2024-05-16 17:05:53.758567637 +0200 ++++ extraction-edited/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,91 @@ +module MkSeq +open Core @@ -9709,7 +9723,7 @@ diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst --- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Spec.Kyber.fst 2024-05-16 17:05:53.749567940 +0200 ++++ extraction-edited/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,435 @@ +module Spec.Kyber +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch index 8f43c5e1b..4f841631b 100644 --- a/proofs/fstar/extraction-secret-independent.patch +++ b/proofs/fstar/extraction-secret-independent.patch @@ -1,5 +1,5 @@ diff -ruN extraction-edited/BitVecEq.fst extraction-secret-independent/BitVecEq.fst ---- extraction-edited/BitVecEq.fst 2024-05-16 17:05:53.763567470 +0200 +--- extraction-edited/BitVecEq.fst 1970-01-01 01:00:00.000000000 +0100 +++ extraction-secret-independent/BitVecEq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,12 +0,0 @@ -module BitVecEq @@ -15,7 +15,7 @@ diff -ruN extraction-edited/BitVecEq.fst extraction-secret-independent/BitVecEq. - - diff -ruN extraction-edited/BitVecEq.fsti extraction-secret-independent/BitVecEq.fsti ---- extraction-edited/BitVecEq.fsti 2024-05-16 17:05:53.759567604 +0200 +--- extraction-edited/BitVecEq.fsti 1970-01-01 01:00:00.000000000 +0100 +++ extraction-secret-independent/BitVecEq.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,294 +0,0 @@ -module BitVecEq @@ -313,8 +313,8 @@ diff -ruN extraction-edited/BitVecEq.fsti extraction-secret-independent/BitVecEq - = admit () -*) diff -ruN extraction-edited/Libcrux.Digest.fsti extraction-secret-independent/Libcrux.Digest.fsti ---- extraction-edited/Libcrux.Digest.fsti 2024-05-16 17:05:53.752567839 +0200 -+++ extraction-secret-independent/Libcrux.Digest.fsti 2024-05-16 17:05:53.794566430 +0200 +--- extraction-edited/Libcrux.Digest.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Digest.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,31 +1,41 @@ module Libcrux.Digest #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -385,8 +385,8 @@ diff -ruN extraction-edited/Libcrux.Digest.fsti extraction-secret-independent/Li + +val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-05-16 17:05:53.754567772 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-05-16 17:05:53.833565121 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,364 +1,81 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -791,8 +791,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-i - - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-05-16 17:05:53.778566967 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-05-16 17:05:53.830565222 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,32 +3,10 @@ open Core open FStar.Mul @@ -1149,8 +1149,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-05-16 17:05:53.768567302 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-05-16 17:05:53.809565927 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,79 +1,39 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" @@ -1255,8 +1255,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-ind + (Core.Ops.Arith.Neg.neg fe <: i32) &. + ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-05-16 17:05:53.746568040 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-05-16 17:05:53.801566195 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,42 +3,44 @@ open Core open FStar.Mul @@ -1328,8 +1328,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-in - (fun result -> v result >= 0 /\ v result < 3329) + : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-05-16 17:05:53.761567537 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-05-16 17:05:53.837564987 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 1970-01-01 01:00:00.000000000 +0100 @@ -4,163 +4,61 @@ open FStar.Mul @@ -1518,8 +1518,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-s -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-05-16 17:05:53.766567369 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-05-16 17:05:53.827565323 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -20,26 +20,30 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1563,7 +1563,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction- + result = rhs <: bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst --- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-05-16 17:05:53.795566396 +0200 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,87 @@ +module Libcrux.Kem.Kyber.Conversions +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1654,8 +1654,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret- + cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 \ Pas de fin de ligne à la fin du fichier diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst ---- extraction-edited/Libcrux.Kem.Kyber.fst 2024-05-16 17:05:53.785566732 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-05-16 17:05:53.824565423 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,29 +1,12 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -1934,8 +1934,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/ - + (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti ---- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-05-16 17:05:53.762567503 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-05-16 17:05:53.839564920 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -4,90 +4,37 @@ open FStar.Mul @@ -2044,8 +2044,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-05-16 17:05:53.769567268 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-05-16 17:05:53.800566228 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,28 +3,18 @@ open Core open FStar.Mul @@ -2113,8 +2113,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secr - out + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-05-16 17:05:53.772567168 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-05-16 17:05:53.808565960 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,17 +3,12 @@ open Core open FStar.Mul @@ -2141,7 +2141,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-sec + : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst --- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-05-16 17:05:53.818565625 +0200 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem.Kyber.Helper +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2150,8 +2150,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-indep + + diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-05-16 17:05:53.779566933 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-05-16 17:05:53.812565826 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2866,8 +2866,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-inde - res - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-05-16 17:05:53.789566598 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-05-16 17:05:53.834565088 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,151 +1,80 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -3069,8 +3069,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-ind + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-05-16 17:05:53.776567034 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-05-16 17:05:53.822565490 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,37 +3,22 @@ open Core open FStar.Mul @@ -3119,8 +3119,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-in (sz 3168) (sz 1568) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-05-16 17:05:53.756567705 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-05-16 17:05:53.832565155 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ @@ -3166,8 +3166,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-secret-i Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-05-16 17:05:53.741568208 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-05-16 17:05:53.806566027 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,37 +3,22 @@ open Core open FStar.Mul @@ -3216,8 +3216,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-ind (sz 1632) (sz 800) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-05-16 17:05:53.775567067 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fsti 2024-05-16 17:05:53.826565356 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ @@ -3263,8 +3263,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti extraction-secret-in Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-05-16 17:05:53.743568141 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-05-16 17:05:53.802566161 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,37 +3,22 @@ open Core open FStar.Mul @@ -3313,8 +3313,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-ind (sz 2400) (sz 1184) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-05-16 17:05:53.771567201 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-05-16 17:05:53.815565725 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -63,33 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ @@ -3363,8 +3363,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-in - (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-05-16 17:05:53.747568007 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-05-16 17:05:53.829565255 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,418 +3,432 @@ open Core open FStar.Mul @@ -4173,8 +4173,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-indep - admit(); //P-F v_A_transpose diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-05-16 17:05:53.782566832 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-05-16 17:05:53.798566295 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,71 +3,39 @@ open Core open FStar.Mul @@ -4277,8 +4277,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-inde + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-05-16 17:05:53.751567873 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-05-16 17:05:53.804566094 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,130 +1,56 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -5209,8 +5209,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independ -#pop-options + re diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-05-16 17:05:53.781566866 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-05-16 17:05:53.805566061 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -2,80 +2,224 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -5504,8 +5504,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-indepen + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-05-16 17:05:53.786566698 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-05-16 17:05:53.836565021 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,34 +3,27 @@ open Core open FStar.Mul @@ -5942,8 +5942,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-ind -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-05-16 17:05:53.755567738 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-05-16 17:05:53.811565859 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -3,37 +3,77 @@ open Core open FStar.Mul @@ -6044,8 +6044,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-05-16 17:05:53.774567101 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-05-16 17:05:53.819565591 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +1,8 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" @@ -7529,8 +7529,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in -#pop-options - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-05-16 17:05:53.788566631 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-05-16 17:05:53.796566363 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -2,188 +2,118 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -7788,8 +7788,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i +val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst ---- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-05-16 17:05:53.784566765 +0200 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-05-16 17:05:53.813565792 +0200 +--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 1970-01-01 01:00:00.000000000 +0100 @@ -3,275 +3,193 @@ open Core open FStar.Mul @@ -8134,14 +8134,14 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-indepe : t_Array u8 v_PRIVATE_KEY_SIZE = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti --- extraction-edited/Libcrux_platform.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux_platform.fsti 2024-05-16 17:05:53.823565457 +0200 ++++ extraction-secret-independent/Libcrux_platform.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -0,0 +1,4 @@ +module Libcrux_platform +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + +val simd256_support : unit -> bool diff -ruN extraction-edited/Libcrux_platform.Platform.fsti extraction-secret-independent/Libcrux_platform.Platform.fsti ---- extraction-edited/Libcrux_platform.Platform.fsti 2024-05-16 17:05:53.740568242 +0200 +--- extraction-edited/Libcrux_platform.Platform.fsti 1970-01-01 01:00:00.000000000 +0100 +++ extraction-secret-independent/Libcrux_platform.Platform.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ -module Libcrux_platform.Platform @@ -8165,7 +8165,7 @@ diff -ruN extraction-edited/Libcrux_platform.Platform.fsti extraction-secret-ind - -val simd128_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst ---- extraction-edited/MkSeq.fst 2024-05-16 17:05:53.758567637 +0200 +--- extraction-edited/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 +++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -module MkSeq @@ -8260,7 +8260,7 @@ diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst - -%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst ---- extraction-edited/Spec.Kyber.fst 2024-05-16 17:05:53.749567940 +0200 +--- extraction-edited/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 +++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,435 +0,0 @@ -module Spec.Kyber diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst index 0e1a467bf..059f55bb9 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst @@ -3,6 +3,12 @@ module Libcrux.Kem.Kyber open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux.Kem.Kyber.Types in + () + let serialize_kem_secret_key (v_SERIALIZED_KEY_LEN: usize) (private_key public_key implicit_rejection_value: t_Slice u8) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fsti b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fsti index b913fab60..d2ba8df54 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fsti +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fsti @@ -3,6 +3,12 @@ module Libcrux.Kem.Kyber open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux.Kem.Kyber.Types in + () + unfold let t_MlKemSharedSecret = t_Array u8 (sz 32) From 67618a4dab3d7fc55937e973e9d90eac2b4c1bc4 Mon Sep 17 00:00:00 2001 From: Goutam Tamvada Date: Thu, 23 May 2024 09:32:08 -0400 Subject: [PATCH 19/94] Added scaffolding to get work started on ML-DSA. (#289) --- Cargo.toml | 1 + hax-driver.py | 10 +- libcrux-ml-dsa/Cargo.toml | 18 + libcrux-ml-dsa/src/constants.rs | 3 + libcrux-ml-dsa/src/lib.rs | 4 + libcrux-ml-dsa/src/ml_dsa_65.rs | 27 + libcrux-ml-dsa/src/ml_dsa_generic.rs | 6 + libcrux-ml-dsa/tests/kats/README.md | 3 + libcrux-ml-dsa/tests/kats/aes256_ctr_drbg.py | 103 +++ libcrux-ml-dsa/tests/kats/dilithium.py | 562 +++++++++++++++ libcrux-ml-dsa/tests/kats/generate_kats.py | 45 ++ libcrux-ml-dsa/tests/kats/modules.py | 336 +++++++++ libcrux-ml-dsa/tests/kats/nistkats-44.json | 702 +++++++++++++++++++ libcrux-ml-dsa/tests/kats/nistkats-65.json | 702 +++++++++++++++++++ libcrux-ml-dsa/tests/kats/nistkats-87.json | 702 +++++++++++++++++++ libcrux-ml-dsa/tests/kats/ntt_helper.py | 409 +++++++++++ libcrux-ml-dsa/tests/kats/polynomials.py | 491 +++++++++++++ libcrux-ml-dsa/tests/kats/requirements.txt | 1 + libcrux-ml-dsa/tests/kats/shake_wrapper.py | 63 ++ libcrux-ml-dsa/tests/kats/utils.py | 125 ++++ libcrux-ml-dsa/tests/nistkats.rs | 41 ++ libcrux-ml-kem/hax.py | 2 - 22 files changed, 4352 insertions(+), 4 deletions(-) create mode 100644 libcrux-ml-dsa/Cargo.toml create mode 100644 libcrux-ml-dsa/src/constants.rs create mode 100644 libcrux-ml-dsa/src/lib.rs create mode 100644 libcrux-ml-dsa/src/ml_dsa_65.rs create mode 100644 libcrux-ml-dsa/src/ml_dsa_generic.rs create mode 100644 libcrux-ml-dsa/tests/kats/README.md create mode 100644 libcrux-ml-dsa/tests/kats/aes256_ctr_drbg.py create mode 100644 libcrux-ml-dsa/tests/kats/dilithium.py create mode 100755 libcrux-ml-dsa/tests/kats/generate_kats.py create mode 100644 libcrux-ml-dsa/tests/kats/modules.py create mode 100644 libcrux-ml-dsa/tests/kats/nistkats-44.json create mode 100644 libcrux-ml-dsa/tests/kats/nistkats-65.json create mode 100644 libcrux-ml-dsa/tests/kats/nistkats-87.json create mode 100644 libcrux-ml-dsa/tests/kats/ntt_helper.py create mode 100644 libcrux-ml-dsa/tests/kats/polynomials.py create mode 100644 libcrux-ml-dsa/tests/kats/requirements.txt create mode 100644 libcrux-ml-dsa/tests/kats/shake_wrapper.py create mode 100644 libcrux-ml-dsa/tests/kats/utils.py create mode 100644 libcrux-ml-dsa/tests/nistkats.rs diff --git a/Cargo.toml b/Cargo.toml index 7d8635eae..9cf9e6a8d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,6 +14,7 @@ members = [ "polynomials-avx2", "traits", "polynomials-aarch64", + "libcrux-ml-dsa", ] [workspace.package] diff --git a/hax-driver.py b/hax-driver.py index d2aa6e198..8c1f7069b 100755 --- a/hax-driver.py +++ b/hax-driver.py @@ -120,8 +120,14 @@ def shell(command, expect=0, cwd=None, env={}): # Extract both `libcrux` and `libcrux-platform` shell( [ - "cargo", "hax", - "-C", "-p", "libcrux", "-p", "libcrux-platform", ";", + "cargo", + "hax", + "-C", + "-p", + "libcrux", + "-p", + "libcrux-platform", + ";", "into", "-i", f"-** +libcrux::kem::kyber::** +!libcrux_platform::platform::* {exclude_sha3_implementations} -libcrux::**::types::index_impls::**", diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml new file mode 100644 index 000000000..9e01338df --- /dev/null +++ b/libcrux-ml-dsa/Cargo.toml @@ -0,0 +1,18 @@ +[package] +name = "libcrux-ml-dsa" +version.workspace = true +authors.workspace = true +license.workspace = true +homepage.workspace = true +edition.workspace = true +repository.workspace = true +readme.workspace = true + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] + +[dev-dependencies] +hex = { version = "0.4.3", features = ["serde"] } +serde_json = { version = "1.0" } +serde = { version = "1.0", features = ["derive"] } diff --git a/libcrux-ml-dsa/src/constants.rs b/libcrux-ml-dsa/src/constants.rs new file mode 100644 index 000000000..faecaa270 --- /dev/null +++ b/libcrux-ml-dsa/src/constants.rs @@ -0,0 +1,3 @@ +pub(crate) const FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = 23; + +pub(crate) const DROPPED_BITS_FROM_T: usize = 13; diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs new file mode 100644 index 000000000..fe886991a --- /dev/null +++ b/libcrux-ml-dsa/src/lib.rs @@ -0,0 +1,4 @@ +mod constants; +mod ml_dsa_generic; + +pub mod ml_dsa_65; diff --git a/libcrux-ml-dsa/src/ml_dsa_65.rs b/libcrux-ml-dsa/src/ml_dsa_65.rs new file mode 100644 index 000000000..97b5db7b5 --- /dev/null +++ b/libcrux-ml-dsa/src/ml_dsa_65.rs @@ -0,0 +1,27 @@ +use crate::constants::*; + +// ML-DSA-65 parameters + +const ROWS_IN_A: usize = 6; +const COLUMNS_IN_A: usize = 5; + +const PUBLIC_KEY_SIZE: usize = + 32 + (32 * ROWS_IN_A * (FIELD_MODULUS_MINUS_ONE_BIT_LENGTH - DROPPED_BITS_FROM_T)); +const SECRET_KEY_SIZE: usize = + (32 + 32 + 64) + 32 * (((ROWS_IN_A + COLUMNS_IN_A) * 4) + (DROPPED_BITS_FROM_T * ROWS_IN_A)); + +pub struct MLDSA65KeyPair { + pub secret_key: [u8; SECRET_KEY_SIZE], + pub public_key: [u8; PUBLIC_KEY_SIZE], +} + +/// Generate an ML-DSA-65 Key Pair +pub fn generate_key_pair(randomness: [u8; 32]) -> MLDSA65KeyPair { + let (secret_key, public_key) = + crate::ml_dsa_generic::generate_key_pair::(randomness); + + MLDSA65KeyPair { + secret_key, + public_key, + } +} diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs new file mode 100644 index 000000000..9a312fcb1 --- /dev/null +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -0,0 +1,6 @@ +pub(crate) fn generate_key_pair( + randomness: [u8; 32], +) -> ([u8; SECRET_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { + let _ = randomness; + todo!(); +} diff --git a/libcrux-ml-dsa/tests/kats/README.md b/libcrux-ml-dsa/tests/kats/README.md new file mode 100644 index 000000000..3b7352a00 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/README.md @@ -0,0 +1,3 @@ +In order to regenerate the JSON KAT files for all parameter sets, simply run `./generate_kats.py`. + +N.B.: The ML-DSA implementation was taken from https://github.com/GiacomoPope/dilithium-py/pull/1 with some modifications. diff --git a/libcrux-ml-dsa/tests/kats/aes256_ctr_drbg.py b/libcrux-ml-dsa/tests/kats/aes256_ctr_drbg.py new file mode 100644 index 000000000..9f52483c2 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/aes256_ctr_drbg.py @@ -0,0 +1,103 @@ +import os +from utils import xor_bytes +from Crypto.Cipher import AES + + +class AES256_CTR_DRBG: + def __init__(self, seed=None, personalization=b""): + self.seed_length = 48 + self.reseed_interval = 2**48 + self.key = bytes([0]) * 32 + self.V = bytes([0]) * 16 + self.entropy_input = self.__check_entropy_input(seed) + + seed_material = self.__instantiate(personalization=personalization) + self.ctr_drbg_update(seed_material) + self.reseed_ctr = 1 + + def __check_entropy_input(self, entropy_input): + """ + If no entropy given, us os.urandom, else + check that the input is of the right length. + """ + if entropy_input is None: + return os.urandom(self.seed_length) + elif len(entropy_input) != self.seed_length: + raise ValueError( + f"The entropy input must be of length: {self.seed_length}. Input has length {len(entropy_input)}" + ) + return entropy_input + + def __instantiate(self, personalization=b""): + """ + Combine the input seed and optional personalisation + string into the seed material for the DRBG + """ + if len(personalization) > self.seed_length: + raise ValueError( + f"The Personalization String must be at most length: {self.seed_length}. Input has length {len(personalization)}" + ) + elif len(personalization) < self.seed_length: + personalization += bytes([0]) * (self.seed_length - len(personalization)) + # debugging + assert len(personalization) == self.seed_length + return xor_bytes(self.entropy_input, personalization) + + def __increment_counter(self): + int_V = int.from_bytes(self.V, "big") + new_V = (int_V + 1) % 2 ** (8 * 16) + self.V = new_V.to_bytes(16, byteorder="big") + + def ctr_drbg_update(self, provided_data): + tmp = b"" + cipher = AES.new(self.key, AES.MODE_ECB) + # Collect bytes from AES ECB + while len(tmp) != self.seed_length: + self.__increment_counter() + tmp += cipher.encrypt(self.V) + + # Take the first 48 bytes + tmp = tmp[: self.seed_length] + tmp = xor_bytes(tmp, provided_data) + + # Set the new values of key and V + self.key = tmp[:32] + self.V = tmp[32:] + + def reseed(self, additional_information=b""): + """ + Reseed the DRBG for when reseed_ctr hits the + limit. + """ + seed_material = self.__instantiate(additional_information) + self.ctr_drbg_update(seed_material) + self.reseed_ctr = 1 + + def random_bytes(self, num_bytes, additional=None): + if self.reseed_ctr >= self.reseed_interval: + raise Warning("The DRBG has been exhausted! Reseed!") + + # Set the optional additional information + if additional is None: + additional = bytes([0]) * self.seed_length + else: + if len(additional) > self.seed_length: + raise ValueError( + f"The additional input must be of length at most: {self.seed_length}. Input has length {len(seed)}" + ) + elif len(additional) < self.seed_length: + additional += bytes([0]) * (self.seed_length - len(additional)) + self.ctr_drbg_update(additional) + + # Collect bytes! + tmp = b"" + cipher = AES.new(self.key, AES.MODE_ECB) + while len(tmp) < num_bytes: + self.__increment_counter() + tmp += cipher.encrypt(self.V) + + # Collect only the requested number of bits + output_bytes = tmp[:num_bytes] + self.ctr_drbg_update(additional) + self.reseed_ctr += 1 + return output_bytes diff --git a/libcrux-ml-dsa/tests/kats/dilithium.py b/libcrux-ml-dsa/tests/kats/dilithium.py new file mode 100644 index 000000000..da3cee2c7 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/dilithium.py @@ -0,0 +1,562 @@ +# The files in this directory have been taken from: +# +# https://github.com/GiacomoPope/dilithium-py/pull/1 +# +# with some modifications. + +import os + +from polynomials import * +from modules import * +from shake_wrapper import Shake128, Shake256 +from utils import * +from ntt_helper import NTTHelperDilithium + +try: + from aes256_ctr_drbg import AES256_CTR_DRBG +except ImportError as e: + print("Error importing AES256 CTR DRBG. Have you tried installing requirements?") + print(f"ImportError: {e}\n") + print("Dilithium will work perfectly fine with system randomness") + +DEFAULT_PARAMETERS = { + "dilithium2": { + "n": 256, + "q": 8380417, + "d": 13, + "k": 4, + "l": 4, + "eta": 2, + "eta_bound": 15, + "tau": 39, + "omega": 80, + "gamma_1": 131072, # 2^17 + "gamma_2": 95232, # (q-1)/88 + "ctildebytes": 32, + }, + "dilithium3": { + "n": 256, + "q": 8380417, + "d": 13, + "k": 6, + "l": 5, + "eta": 4, + "eta_bound": 9, + "tau": 49, + "omega": 55, + "gamma_1": 524288, # 2^19 + "gamma_2": 261888, # (q-1)/88 + "ctildebytes": 48, + }, + "dilithium5": { + "n": 256, + "q": 8380417, + "d": 13, + "k": 8, + "l": 7, + "eta": 2, + "eta_bound": 15, + "tau": 60, + "omega": 75, + "gamma_1": 524288, # 2^19 + "gamma_2": 261888, # (q-1)/88 + "ctildebytes": 64, + }, +} + + +class Dilithium: + def __init__(self, parameter_set): + self.n = parameter_set["n"] + self.q = parameter_set["q"] + self.d = parameter_set["d"] + self.k = parameter_set["k"] + self.l = parameter_set["l"] + self.eta = parameter_set["eta"] + self.eta_bound = parameter_set["eta_bound"] + self.tau = parameter_set["tau"] + self.omega = parameter_set["omega"] + self.gamma_1 = parameter_set["gamma_1"] + self.gamma_2 = parameter_set["gamma_2"] + self.beta = self.tau * self.eta + + self.ctildebytes = parameter_set["ctildebytes"] + + self.R = PolynomialRing(self.q, self.n, ntt_helper=NTTHelperDilithium) + self.M = Module(self.R) + + self.drbg = None + self.random_bytes = os.urandom + + """ + The following two methods allow us to use deterministic + randomness throughout all of Dilithium. This is helpful + for the KAT tests more than anything! + """ + + def set_drbg_seed(self, seed): + """ + Setting the seed switches the entropy source + from os.urandom to AES256 CTR DRBG + + Note: requires pycryptodome for AES impl. + (Seemed overkill to code my own AES for Kyber) + """ + self.drbg = AES256_CTR_DRBG(seed) + self.random_bytes = self.drbg.random_bytes + + def reseed_drbg(self, seed): + """ + Reseeds the DRBG, errors if a DRBG is not set. + + Note: requires pycryptodome for AES impl. + (Seemed overkill to code my own AES for Kyber) + """ + if self.drbg is None: + raise Warning( + f"Cannot reseed DRBG without first initialising. Try using `set_drbg_seed`" + ) + else: + self.drbg.reseed(seed) + + """ + H() uses Shake256 to hash data to 32 and 64 bytes in a + few places in the code + """ + + @staticmethod + def _h(input_bytes, length): + """ + H: B^* -> B^* + """ + return Shake256.digest(input_bytes, length) + + """ + Figure 3 (Supporting algorithms for Dilithium) + `_make_hint/_use_hint` is applied to matricies and `_make_hint_poly/_use_hint_poly` + applies to the polynomials, which are elements of the matricies. + + `_make_hint_poly/_use_hint_poly` uses the util functions `use_hint/make_hint` + which works on field elements (see utils.py) + + https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf + """ + + def _make_hint(self, v1, v2, alpha): + matrix = [ + [ + self._make_hint_poly(p1, p2, alpha) + for p1, p2 in zip(v1.rows[i], v2.rows[i]) + ] + for i in range(v1.m) + ] + return self.M(matrix) + + def _use_hint(self, v1, v2, alpha): + matrix = [ + [ + self._use_hint_poly(p1, p2, alpha) + for p1, p2 in zip(v1.rows[i], v2.rows[i]) + ] + for i in range(v1.m) + ] + return self.M(matrix) + + def _make_hint_poly(self, p1, p2, alpha): + coeffs = [make_hint(r, z, alpha, self.q) for r, z in zip(p1.coeffs, p2.coeffs)] + return self.R(coeffs) + + def _use_hint_poly(self, p1, p2, alpha, is_ntt=False): + coeffs = [use_hint(h, r, alpha, self.q) for h, r in zip(p1.coeffs, p2.coeffs)] + return self.R(coeffs) + + @staticmethod + def _sum_hint(hint): + """ + Helper function to count the number of coeffs == 1 + in all the polynomials of a matrix + """ + return sum(c for row in hint.rows for p in row for c in p) + + def _sample_in_ball(self, seed, is_ntt=False): + """ + Figure 2 (Sample in Ball) + https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf + + Create a random 256-element array with τ ±1’s and (256 − τ) 0′s using + the input seed ρ (and an SHAKE256) to generate the randomness needed + """ + + def rejection_sample(i, xof): + """ + Sample random bytes from `xof_bytes` and + interpret them as integers in {0, ..., 255} + + Rejects values until a value j <= i is found + """ + while True: + j = xof.read(1) + j = int.from_bytes(j, "little") + if j <= i: + return j + + # Initialise the XOF + Shake256.absorb(seed) + + # Set the first 8 bytes for the sign, and leave the rest for + # sampling. + sign_bytes = Shake256.read(8) + sign_int = int.from_bytes(sign_bytes, "little") + + # Set the list of coeffs to be 0 + coeffs = [0 for _ in range(self.n)] + + # Now set tau values of coeffs to be ±1 + for i in range(256 - self.tau, self.n): + j = rejection_sample(i, Shake256) + coeffs[i] = coeffs[j] + coeffs[j] = 1 - 2 * (sign_int & 1) + sign_int >>= 1 + + return self.R(coeffs, is_ntt=is_ntt) + + def _sample_error_polynomial(self, rho_prime, i, is_ntt=False): + def rejection_sample(xof): + """ + Sample a random byte from `xof_bytes` and + interpret it as two integers in {0, ..., 2η} + by considering the top and bottom four bits + + Rejects values until a value j < 2η is found + """ + while True: + js = [] + + # Consider two values for each byte (top and bottom four bits) + j = xof.read(1) + j = int.from_bytes(j, "little") + j0 = j & 0x0F + j1 = j >> 4 + + # rejection sample + if j0 < self.eta_bound: + if self.eta == 2: + j0 %= 5 + js.append(self.eta - j0) + + if j1 < self.eta_bound: + if self.eta == 2: + j1 %= 5 + js.append(self.eta - j1) + + if js: + return js + + # Initialise the XOF + seed = rho_prime + int.to_bytes(i, 2, "little") + Shake256.absorb(seed) + + # Sample bytes for all n coeffs + # TODO: make this better. + coeffs = [] + while len(coeffs) < self.n: + js = rejection_sample(Shake256) + coeffs += js + + # Remove the last byte if we ended up overfilling + if len(coeffs) > self.n: + coeffs = coeffs[: self.n] + + return self.R(coeffs, is_ntt=is_ntt) + + def _sample_matrix_polynomial(self, rho, i, j, is_ntt=False): + def rejection_sample(xof): + """ + Sample three random bytes from `xof` and + interpret them as integers in {0, ..., 2^23 - 1} + + Rejects values until a value j < q is found + """ + while True: + j_bytes = xof.read(3) + j = int.from_bytes(j_bytes, "little") + j &= 0x7FFFFF + if j < self.q: + return j + + # Initialise the XOF + seed = rho + bytes([j, i]) + Shake128.absorb(seed) + coeffs = [rejection_sample(Shake128) for _ in range(self.n)] + return self.R(coeffs, is_ntt=is_ntt) + + def _sample_mask_polynomial(self, rho_prime, i, kappa, is_ntt=False): + if self.gamma_1 == (1 << 17): + bit_count = 18 + total_bytes = 576 # (256 * 18) / 8 + else: + bit_count = 20 + total_bytes = 640 # (256 * 20) / 8 + + # Initialise the XOF + seed = rho_prime + int.to_bytes(kappa + i, 2, "little") + xof_bytes = Shake256.digest(seed, total_bytes) + r = int.from_bytes(xof_bytes, "little") + mask = (1 << bit_count) - 1 + coeffs = [self.gamma_1 - ((r >> bit_count * i) & mask) for i in range(self.n)] + + return self.R(coeffs, is_ntt=is_ntt) + + def _expandA(self, rho, is_ntt=False): + """ + Helper function which generates a element of size + k x l from a seed `rho`. + + When `transpose` is set to True, the matrix A is + built as the transpose. + """ + matrix = [ + [ + self._sample_matrix_polynomial(rho, i, j, is_ntt=is_ntt) + for j in range(self.l) + ] + for i in range(self.k) + ] + return self.M(matrix) + + def _expandS(self, rho_prime, is_ntt=False): + s1_elements = [ + self._sample_error_polynomial(rho_prime, i, is_ntt=is_ntt) + for i in range(self.l) + ] + s2_elements = [ + self._sample_error_polynomial(rho_prime, i, is_ntt=is_ntt) + for i in range(self.l, self.l + self.k) + ] + + s1 = self.M(s1_elements).transpose() + s2 = self.M(s2_elements).transpose() + return s1, s2 + + def _expandMask(self, rho_prime, kappa, is_ntt=False): + elements = [ + self._sample_mask_polynomial(rho_prime, i, kappa, is_ntt=is_ntt) + for i in range(self.l) + ] + return self.M(elements).transpose() + + @staticmethod + def _pack_pk(rho, t1): + return rho + t1.bit_pack_t1() + + def _pack_sk(self, rho, K, tr, s1, s2, t0): + s1_bytes = s1.bit_pack_s(self.eta) + s2_bytes = s2.bit_pack_s(self.eta) + t0_bytes = t0.bit_pack_t0() + return rho + K + tr + s1_bytes + s2_bytes + t0_bytes + + def _pack_h(self, h): + non_zero_positions = [ + [i for i, c in enumerate(poly.coeffs) if c == 1] + for row in h.rows + for poly in row + ] + packed = [] + offsets = [] + for positions in non_zero_positions: + packed.extend(positions) + offsets.append(len(packed)) + + padding_len = self.omega - offsets[-1] + packed.extend([0 for _ in range(padding_len)]) + return bytes(packed + offsets) + + def _pack_sig(self, c_tilde, z, h): + return c_tilde + z.bit_pack_z(self.gamma_1) + self._pack_h(h) + + def _unpack_pk(self, pk_bytes): + rho, t1_bytes = pk_bytes[:32], pk_bytes[32:] + t1 = self.M.bit_unpack_t1(t1_bytes, self.k, 1) + return rho, t1 + + def _unpack_sk(self, sk_bytes): + if self.eta == 2: + s_bytes = 96 + else: + s_bytes = 128 + s1_len = s_bytes * self.l + s2_len = s_bytes * self.k + t0_len = 416 * self.k + if len(sk_bytes) != 2 * 32 + 64 + s1_len + s2_len + t0_len: + raise ValueError("SK packed bytes is of the wrong length") + + # Split bytes between seeds and vectors + sk_seed_bytes, sk_vec_bytes = sk_bytes[:128], sk_bytes[128:] + + # Unpack seed bytes + rho, K, tr = sk_seed_bytes[:32], sk_seed_bytes[32:64], sk_seed_bytes[64:128] + + # Unpack vector bytes + s1_bytes = sk_vec_bytes[:s1_len] + s2_bytes = sk_vec_bytes[s1_len : s1_len + s2_len] + t0_bytes = sk_vec_bytes[-t0_len:] + + # Unpack bytes to vectors + s1 = self.M.bit_unpack_s(s1_bytes, self.l, 1, self.eta) + s2 = self.M.bit_unpack_s(s2_bytes, self.k, 1, self.eta) + t0 = self.M.bit_unpack_t0(t0_bytes, self.k, 1) + + return rho, K, tr, s1, s2, t0 + + def _unpack_h(self, h_bytes): + offsets = [0] + list(h_bytes[-self.k :]) + non_zero_positions = [ + list(h_bytes[offsets[i] : offsets[i + 1]]) for i in range(self.k) + ] + + matrix = [] + for poly_non_zero in non_zero_positions: + coeffs = [0 for _ in range(self.n)] + for non_zero in poly_non_zero: + coeffs[non_zero] = 1 + matrix.append([self.R(coeffs)]) + return self.M(matrix) + + def _unpack_sig(self, sig_bytes): + c_tilde = sig_bytes[: self.ctildebytes] + z_bytes = sig_bytes[self.ctildebytes : -(self.k + self.omega)] + h_bytes = sig_bytes[-(self.k + self.omega) :] + + z = self.M.bit_unpack_z(z_bytes, self.l, 1, self.gamma_1) + h = self._unpack_h(h_bytes) + return c_tilde, z, h + + def keygen(self): + # Random seed + zeta = self.random_bytes(32) + self.keygen_seed = zeta + + # Expand with an XOF (SHAKE256) + seed_bytes = self._h(zeta, 128) + + # Split bytes into suitable chunks + rho, rho_prime, K = seed_bytes[:32], seed_bytes[32:96], seed_bytes[96:] + + # Generate matrix A ∈ R^(kxl) + A = self._expandA(rho, is_ntt=True) + + # Generate the error vectors s1 ∈ R^l, s2 ∈ R^k + s1, s2 = self._expandS(rho_prime) + s1_hat = s1.copy_to_ntt() + + # Matrix multiplication + t = (A @ s1_hat).from_ntt() + s2 + + t1, t0 = t.power_2_round(self.d) + + # Pack up the bytes + pk = self._pack_pk(rho, t1) + tr = self._h(pk, 64) + + sk = self._pack_sk(rho, K, tr, s1, s2, t0) + return pk, sk + + def sign(self, sk_bytes, m, rnd=None): + # unpack the secret key + rho, K, tr, s1, s2, t0 = self._unpack_sk(sk_bytes) + + # Generate matrix A ∈ R^(kxl) + A = self._expandA(rho, is_ntt=True) + + # Set seeds and nonce (kappa) + mu = self._h(tr + m, 64) + kappa = 0 + if rnd is None: + # deterministic signing + rnd = b"\x00" * 32 # RNDBYTES + rho_prime = self._h(K + rnd + mu, 64) + + # Precompute NTT representation + s1.to_ntt() + s2.to_ntt() + t0.to_ntt() + + alpha = self.gamma_2 << 1 + while True: + y = self._expandMask(rho_prime, kappa) + y_hat = y.copy_to_ntt() + + # increment the nonce + kappa += self.l + + w = (A @ y_hat).from_ntt() + + # Extract out both the high and low bits + w1, w0 = w.decompose(alpha) + + # Create challenge polynomial + w1_bytes = w1.bit_pack_w(self.gamma_2) + c_tilde = self._h(mu + w1_bytes, self.ctildebytes) + c = self._sample_in_ball(c_tilde[:32]) # SEEDBYTES + + # Store c in NTT form + c.to_ntt() + + z = y + s1.scale(c).from_ntt() + if z.check_norm_bound(self.gamma_1 - self.beta): + continue + + w0_minus_cs2 = w0 - s2.scale(c).from_ntt() + if w0_minus_cs2.check_norm_bound(self.gamma_2 - self.beta): + continue + + c_t0 = t0.scale(c).from_ntt() + # c_t0.reduce_coefficents() + + if c_t0.check_norm_bound(self.gamma_2): + continue + + w0_minus_cs2_plus_ct0 = w0_minus_cs2 + c_t0 + + h = self._make_hint(w0_minus_cs2_plus_ct0, w1, alpha) + + if self._sum_hint(h) > self.omega: + continue + + return self._pack_sig(c_tilde, z, h) + + def verify(self, pk_bytes, m, sig_bytes): + rho, t1 = self._unpack_pk(pk_bytes) + c_tilde, z, h = self._unpack_sig(sig_bytes) + + if self._sum_hint(h) > self.omega: + return False + + if z.check_norm_bound(self.gamma_1 - self.beta): + return False + + A = self._expandA(rho, is_ntt=True) + + tr = self._h(pk_bytes, 64) # TRBYTES + mu = self._h(tr + m, 64) + c = self._sample_in_ball(c_tilde[:32]) + + # Convert to NTT for computation + c.to_ntt() + z.to_ntt() + + t1 = t1.scale(1 << self.d) + t1.to_ntt() + + Az_minus_ct1 = (A @ z) - t1.scale(c) + Az_minus_ct1.from_ntt() + + w_prime = self._use_hint(h, Az_minus_ct1, 2 * self.gamma_2) + w_prime_bytes = w_prime.bit_pack_w(self.gamma_2) + + return c_tilde == self._h(mu + w_prime_bytes, self.ctildebytes) + + +Dilithium2 = Dilithium(DEFAULT_PARAMETERS["dilithium2"]) +Dilithium3 = Dilithium(DEFAULT_PARAMETERS["dilithium3"]) +Dilithium5 = Dilithium(DEFAULT_PARAMETERS["dilithium5"]) diff --git a/libcrux-ml-dsa/tests/kats/generate_kats.py b/libcrux-ml-dsa/tests/kats/generate_kats.py new file mode 100755 index 000000000..1342361eb --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/generate_kats.py @@ -0,0 +1,45 @@ +#! /usr/bin/env python3 + +from dilithium import Dilithium2, Dilithium3, Dilithium5 +from aes256_ctr_drbg import AES256_CTR_DRBG + +import json +import hashlib + +for algorithm in [Dilithium2, Dilithium3, Dilithium5]: + kats_formatted = [] + + entropy_input = bytes([i for i in range(48)]) + rng = AES256_CTR_DRBG(entropy_input) + + print("Generating KATs for ML-DSA-{}{}.".format(algorithm.k, algorithm.l)) + + for i in range(100): + seed = rng.random_bytes(48) + + algorithm.set_drbg_seed(seed) + + pk, sk = algorithm.keygen() + + msg_len = 33 * (i + 1) + msg = rng.random_bytes(msg_len) + sig = algorithm.sign(sk, msg) + + kats_formatted.append( + { + "key_generation_seed": bytes(algorithm.keygen_seed).hex(), + "sha3_256_hash_of_public_key": bytes( + hashlib.sha3_256(pk).digest() + ).hex(), + "sha3_256_hash_of_secret_key": bytes( + hashlib.sha3_256(sk).digest() + ).hex(), + "message": bytes(msg).hex(), + "sha3_256_hash_of_signature": bytes( + hashlib.sha3_256(sig).digest() + ).hex(), + } + ) + + with open("nistkats-{}{}.json".format(algorithm.k, algorithm.l), "w") as f: + json.dump(kats_formatted, f, ensure_ascii=False, indent=4) diff --git a/libcrux-ml-dsa/tests/kats/modules.py b/libcrux-ml-dsa/tests/kats/modules.py new file mode 100644 index 000000000..f6a56d66e --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/modules.py @@ -0,0 +1,336 @@ +class Module: + def __init__(self, ring): + self.ring = ring + + def __bit_unpack(self, input_bytes, m, n, alg, packed_len, *args, is_ntt=False): + poly_bytes = [ + input_bytes[i : i + packed_len] + for i in range(0, len(input_bytes), packed_len) + ] + matrix = [ + [alg(poly_bytes[n * i + j], *args, is_ntt=is_ntt) for j in range(n)] + for i in range(m) + ] + return self(matrix) + + def bit_unpack_t0(self, input_bytes, m, n, is_ntt=False): + packed_len = 416 + algorithm = self.ring.bit_unpack_t0 + return self.__bit_unpack(input_bytes, m, n, algorithm, packed_len, is_ntt=False) + + def bit_unpack_t1(self, input_bytes, m, n, is_ntt=False): + packed_len = 320 + algorithm = self.ring.bit_unpack_t1 + return self.__bit_unpack(input_bytes, m, n, algorithm, packed_len, is_ntt=False) + + def bit_unpack_s(self, input_bytes, m, n, eta, is_ntt=False): + # Level 2 and 5 parameter set + if eta == 2: + packed_len = 96 + # Level 3 parameter set + elif eta == 4: + packed_len = 128 + else: + raise ValueError("Expected eta to be either 2 or 4") + algorithm = self.ring.bit_unpack_s + return self.__bit_unpack( + input_bytes, m, n, algorithm, packed_len, eta, is_ntt=False + ) + + def bit_unpack_w(self, input_bytes, m, n, gamma_2, is_ntt=False): + # Level 2 parameter set + if gamma_2 == 95232: + packed_len = 192 + # Level 3 and 5 parameter set + elif gamma_2 == 261888: + packed_len = 128 + else: + raise ValueError("Expected gamma_2 to be either (q-1)/88 or (q-1)/32") + algorithm = self.ring.bit_unpack_w + return self.__bit_unpack( + input_bytes, m, n, algorithm, packed_len, gamma_2, is_ntt=False + ) + + def bit_unpack_z(self, input_bytes, m, n, gamma_1, is_ntt=False): + # Level 2 parameter set + if gamma_1 == (1 << 17): + packed_len = 576 + # Level 3 and 5 parameter set + elif gamma_1 == (1 << 19): + packed_len = 640 + else: + raise ValueError("Expected gamma_1 to be either 2^17 or 2^19") + algorithm = self.ring.bit_unpack_z + return self.__bit_unpack( + input_bytes, m, n, algorithm, packed_len, gamma_1, is_ntt=False + ) + + def __repr__(self): + return f"Module over the commutative ring: {self.ring}" + + def __str__(self): + return f"Module over the commutative ring: {self.ring}" + + def __eq__(self, other): + return self.ring == other.ring + + def __call__(self, matrix_elements): + if not isinstance(matrix_elements, list): + raise TypeError(f"Elements of a module are matrices, with elements .") + + if isinstance(matrix_elements[0], list): + for element_list in matrix_elements: + if not all(isinstance(aij, self.ring.element) for aij in element_list): + raise TypeError( + f"All elements of the matrix must be elements of the ring: {self.ring}" + ) + return Module.Matrix(self, matrix_elements) + + elif isinstance(matrix_elements[0], self.ring.element): + if not all(isinstance(aij, self.ring.element) for aij in matrix_elements): + raise TypeError( + f"All elements of the matrix must be elements of the ring: {self.ring}" + ) + return Module.Matrix(self, [matrix_elements]) + + else: + raise TypeError( + f"Elements of a module are matrices, built from elements of the base ring." + ) + + class Matrix: + def __init__(self, parent, matrix_elements): + self.parent = parent + self.rows = matrix_elements + self.m = len(matrix_elements) + self.n = len(matrix_elements[0]) + if not self.check_dimensions(): + raise ValueError("Inconsistent row lengths in matrix") + + def get_dim(self): + return self.m, self.n + + def check_dimensions(self): + return all(len(row) == self.n for row in self.rows) + + def transpose(self): + new_rows = [list(item) for item in zip(*self.rows)] + return self.parent(new_rows) + + def transpose_self(self): + self.m, self.n = self.n, self.m + self.rows = [list(item) for item in zip(*self.rows)] + return self + + def reduce_coefficents(self): + for row in self.rows: + for ele in row: + ele.reduce_coefficents() + return self + + def to_montgomery(self): + for row in self.rows: + for ele in row: + ele.to_montgomery() + return self + + def from_montgomery(self): + for row in self.rows: + for ele in row: + ele.from_montgomery() + return self + + def scale(self, other): + """ + Multiply each element of the matrix by a polynomial or integer + """ + if not ( + isinstance(other, self.parent.ring.Polynomial) or isinstance(other, int) + ): + raise TypeError( + "Can only multiply elements with polynomials or integers" + ) + + matrix = [[other * ele for ele in row] for row in self.rows] + return self.parent(matrix) + + def check_norm_bound(self, bound): + for row in self.rows: + if any(p.check_norm_bound(bound) for p in row): + return True + return False + + def power_2_round(self, d): + """ + Applies `power_2_round` on every element in the + Matrix to create two matrices. + """ + m1_elements = [[0 for _ in range(self.n)] for _ in range(self.m)] + m0_elements = [[0 for _ in range(self.n)] for _ in range(self.m)] + + for i in range(self.m): + for j in range(self.n): + m1_ele, m0_ele = self[i][j].power_2_round(d) + m1_elements[i][j] = m1_ele + m0_elements[i][j] = m0_ele + + return self.parent(m1_elements), self.parent(m0_elements) + + def decompose(self, alpha): + """ + Applies `power_2_round` on every element in the + Matrix to create two matrices. + """ + m1_elements = [[0 for _ in range(self.n)] for _ in range(self.m)] + m0_elements = [[0 for _ in range(self.n)] for _ in range(self.m)] + + for i in range(self.m): + for j in range(self.n): + m1_ele, m0_ele = self[i][j].decompose(alpha) + m1_elements[i][j] = m1_ele + m0_elements[i][j] = m0_ele + + return self.parent(m1_elements), self.parent(m0_elements) + + def __bit_pack(self, algorithm, *args): + return b"".join(algorithm(poly, *args) for row in self.rows for poly in row) + + def bit_pack_t1(self): + algorithm = self.parent.ring.Polynomial.bit_pack_t1 + return self.__bit_pack(algorithm) + + def bit_pack_t0(self): + algorithm = self.parent.ring.Polynomial.bit_pack_t0 + return self.__bit_pack(algorithm) + + def bit_pack_s(self, eta): + algorithm = self.parent.ring.Polynomial.bit_pack_s + return self.__bit_pack(algorithm, eta) + + def bit_pack_w(self, gamma_2): + algorithm = self.parent.ring.Polynomial.bit_pack_w + return self.__bit_pack(algorithm, gamma_2) + + def bit_pack_z(self, gamma_1): + algorithm = self.parent.ring.Polynomial.bit_pack_z + return self.__bit_pack(algorithm, gamma_1) + + def to_ntt(self): + for row in self.rows: + for ele in row: + ele.to_ntt() + return self + + def from_ntt(self): + for row in self.rows: + for ele in row: + ele.from_ntt() + return self + + def copy_to_ntt(self): + matrix = [[ele.copy_to_ntt() for ele in row] for row in self.rows] + return self.parent(matrix) + + def copy_from_ntt(self): + matrix = [[ele.copy_from_ntt() for ele in row] for row in self.rows] + return self.parent(matrix) + + def high_bits(self, alpha, is_ntt=False): + matrix = [ + [ele.high_bits(alpha, is_ntt=is_ntt) for ele in row] + for row in self.rows + ] + return self.parent(matrix) + + def low_bits(self, alpha, is_ntt=False): + matrix = [ + [ele.low_bits(alpha, is_ntt=is_ntt) for ele in row] for row in self.rows + ] + return self.parent(matrix) + + def __getitem__(self, i): + return self.rows[i] + + def __eq__(self, other): + return other.rows == self.rows + + def __add__(self, other): + if not isinstance(other, Module.Matrix): + raise TypeError("Can only add matrcies to other matrices") + if self.parent != other.parent: + raise TypeError("Matricies must have the same base ring") + if self.get_dim() != other.get_dim(): + raise ValueError("Matrices are not of the same dimensions") + + new_elements = [] + for i in range(self.m): + new_elements.append( + [a + b for a, b in zip(self.rows[i], other.rows[i])] + ) + return self.parent(new_elements) + + def __radd__(self, other): + return self.__add__(other) + + def __iadd__(self, other): + self = self + other + return self + + def __sub__(self, other): + if not isinstance(other, Module.Matrix): + raise TypeError("Can only subtract matrcies from other matrices") + if self.parent != other.parent: + raise TypeError("Matricies must have the same base ring") + if self.get_dim() != other.get_dim(): + raise ValueError("Matrices are not of the same dimensions") + + new_elements = [] + for i in range(self.m): + new_elements.append( + [a - b for a, b in zip(self.rows[i], other.rows[i])] + ) + return self.parent(new_elements) + + def __rsub__(self, other): + return self.__sub__(other) + + def __isub__(self, other): + self = self - other + return self + + def __matmul__(self, other): + """ + Denoted A @ B + """ + if not isinstance(other, Module.Matrix): + raise TypeError("Can only multiply matrcies with other matrices") + if (self.parent) != other.parent: + print(self.parent, "\n", other.parent) + raise TypeError("Matricies must have the same base ring") + if self.n != other.m: + raise ValueError("Matrices are of incompatible dimensions") + + new_elements = [ + [ + sum(a * b for a, b in zip(A_row, B_col)) + for B_col in other.transpose().rows + ] + for A_row in self.rows + ] + return self.parent(new_elements) + + def __repr__(self): + if len(self.rows) == 1: + return str(self.rows[0]) + max_col_width = [] + for n_col in range(self.n): + max_col_width.append(max(len(str(row[n_col])) for row in self.rows)) + info = "]\n[".join( + [ + ", ".join( + [f"{str(x):>{max_col_width[i]}}" for i, x in enumerate(r)] + ) + for r in self.rows + ] + ) + return f"[{info}]" diff --git a/libcrux-ml-dsa/tests/kats/nistkats-44.json b/libcrux-ml-dsa/tests/kats/nistkats-44.json new file mode 100644 index 000000000..69fab4081 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/nistkats-44.json @@ -0,0 +1,702 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d", + "sha3_256_hash_of_public_key": "3965ec9c424d72743aeb461873fe1ef579742444e7bddd1bcbe8939a27e95b8c", + "sha3_256_hash_of_secret_key": "f6b40fc5f3cc9c34615f87f12e117c159e6c17340234fb846ba3b1ffe88c26ef", + "message": "d81c4d8d734fcbfbeade3d3f8a039faa2a2c9957e835ad55b22e75bf57bb556ac8", + "sha3_256_hash_of_signature": "12fe85a46ab3f40b82656c78fb3140e6893c8d893f89ed0047a8e1f7d9ef24a9" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345", + "sha3_256_hash_of_public_key": "42516cb94ee7919bdf9863c7e0cec5f7c27fdd0b10830d883b6943622e74f65b", + "sha3_256_hash_of_secret_key": "236178436989d16249d726d23189fc4d5cdb71af0cf41aa50fbfffb19860d48e", + "message": "225d5ce2ceac61930a07503fb59f7c2f936a3e075481da3ca299a80f8c5df9223a073e7b90e02ebf98ca2227eba38c1ab2568209e46dba961869c6f83983b17dcd49", + "sha3_256_hash_of_signature": "f0a24553bf28bed6e208e4036046cb8f85e4fda818156861c076d7c287d42173" + }, + { + "key_generation_seed": "1d836e889e46259bcd1ccd2b369583c5b47cfbb919ec2b72c280247cb15a5569", + "sha3_256_hash_of_public_key": "7b0830ce0c32fde7e0dfd1e9172bf4864a1f0fc33f644970dffbd3baca78705b", + "sha3_256_hash_of_secret_key": "8178bae8dafb6ad5a532d6ef2d8e34cb94e5175de6a883a947315006037eaa86", + "message": "2b8c4b0f29363eaee469a7e33524538aa066ae98980eaa19d1f10593203da2143b9e9e1973f7ff0e6c6aaa3c0b900e50d003412efe96deece3046d8c46bc7709228789775abdf56aed6416c90033780cb7a4984815da1b14660dcf34aa34bf82cebbcf", + "sha3_256_hash_of_signature": "b1518fe8330aeae9133ce18cdba6c16722357cd994801966f620dd5615da6afa" + }, + { + "key_generation_seed": "539577cb7f2088fbedff1b53f235d607321857db32bba645f8df3a89dd426552", + "sha3_256_hash_of_public_key": "c963b12ee909322892bc2d355135967d93984946ebfdfed810bd656f62ffdda4", + "sha3_256_hash_of_secret_key": "7d8f990b7b5aa8cc1b17532a633fbc1821725bed7e942fb1bfa6c768451c6cb5", + "message": "2f7af5b52a046471efcd720c9384919be05a61cde8e8b01251c5ab885e820fd36ed9ff6fdf45783ec81a86728cbb74b426adff96123c08fac2bc6c58a9c0dd71761292262c65f20df47751f0831770a6bb7b3760bb7f5efffb6e11ac35f353a6f24400b80b287834e92c9cf0d3c949d6dca31b0b94e0e3312e8bd02174b170c2ca9355fe", + "sha3_256_hash_of_signature": "bb6db3307c2aa70ec2e1f5fac946037c8f9684d93e2c34902ff541dad5212ba2" + }, + { + "key_generation_seed": "2ca59c6cf33c53803749f69ef5abfa9482fcee7efd87fbf17135ecc3ff3fd7f7", + "sha3_256_hash_of_public_key": "15af53c197bde82d0930785a24994daac7c9325490c6d7c7153f77c5c81e1f59", + "sha3_256_hash_of_secret_key": "1d29dbed06153a97ef6069843560b0149e2f4ee375caee24dbc6291dbbc083b5", + "message": "1cdf0ae1124780a8ff00318f779a3b86b3504d059ca7ab3fe4d6eae9fd46428d1dabb704c0735a8fe8708f409741017b723d9a304e54fdc5789a7b0748c2464b7308ac9665115644c569ae253d5205751342574c03346dddc1950a6273546616b96d0c5ece0a044af0edefbe445f9ae37da5afb8d22a56d9fd1801425a0a276f48431d7af039521e549551481391fe5f4ebfb7644d9f9782d83a95137e84ea3aeb3c2f8099", + "sha3_256_hash_of_signature": "7438f7dd4442e990ff901a7498e89b503e338becb34ebf5d7165fd488c1a4f06" + }, + { + "key_generation_seed": "e17e72290e49a44c9c534f211195257cf13b0d45405782ceda2d7f982a551721", + "sha3_256_hash_of_public_key": "a4a01f00803f9dcf1a867f25edec4be3a73996746f15468398e26f1f631e35b5", + "sha3_256_hash_of_secret_key": "f8bbaf724d90bbb5359dde3c5854ed306ca8859c43b7f814fbab9b0d33df9cb6", + "message": "dbe5b6c299b44f8d60fa972a336df789ef4534ec9ba90df92ad401d1907951eb6285eda8f134277ab0a1145001c34e392187122506aa2dbb8617d7943a129eb5c07df133d7ccde94a7cb7f1795c62493ed375353d1f044257da799f7d112c174fbc35687e2f87fefbe2d83d29d7314b30a749fe41b1b81095638f112bc4563420af235280e466ffbe7050c4937c60fc18d1a6025bcbd489f0c538e088e906abe8597e2c8ebb64f01d225c847aae4b77bae6eba9269962c4b94a9732ceaa2cb4093d442ffbcdd", + "sha3_256_hash_of_signature": "c4d819059e00dec4252a1ed58bd6fd32920acc80797d2ab7989607281259a245" + }, + { + "key_generation_seed": "3b7388e675de5c59a78af095481c7dd999c6eea898595b1e7dcda7edc3a2c25c", + "sha3_256_hash_of_public_key": "2ba4b14d2f26b5cf461dd7acf266c701ffa52cfa2790f3b1fdb51c09e81ab8ef", + "sha3_256_hash_of_secret_key": "8bfae47c3ff3df57918dba1df2cd8536db262397ca1044575209c684a93cd7ca", + "message": "0073bee97fc97c0fbc750d474aeb93189f061e1a5cf6600c04fb0464338ec7e85252f94fcbc7b2bd00e438480d9af3add92a92e3e2e8acb55077c3278fc7503988a76e9b6062996b20889aa55b343d5a003c8a8852d738f955799fa3426be5ccd3aa6b6eda04d4884941ffc0b69c5acf12b347a74d0580cc3335ba816200f87674a4c1d98097c70f2f27c74e94a661850610ecf4847ab5b58344f958c5719e06ba396225bbe21acb0fdc512b885d391e11b0c0ed5ce6b5dd8faff91f50025c69d43072f7706d80d9fd786e1104125d79a5f4b5fd838815d44fc8b1ab678078cc174dde970d448b", + "sha3_256_hash_of_signature": "e66f49b6a19b509aba8e82b5e486212ddadecfc89c5ed50dacb415f07d825f61" + }, + { + "key_generation_seed": "dc9f40cabe2e8e4f3d1538fbc1ada27b61b99081455ab0c4c41b5b3da8101000", + "sha3_256_hash_of_public_key": "bdd0b9549bc9dc9b379d9f237d365b85640410001d5f70296b7740bc596ed44d", + "sha3_256_hash_of_secret_key": "36684f28d77240c2bd01bf6033f96c4aae677c5d59fb9a93b7bce3f0be89fa74", + "message": "a1586245d81f96bd8ee81aa30f10c0adb343d74cf72c4dff71550c12873af89fa1874d4731c996243c3749af3f6188ffe9fa45430549045134eb29ef3cec37e72904aa082b1c6161e6b52361e49af4933a8d8c0734f21cafd7467b0c02876f43211d6122e3e735fe36064df7a0c91449237c2bc7c3a78ac7bb0f9567f2576f05802c872adf183a87aa3b8217188f2f3535f877724f35b29e545de4bcf258f13bbc7edd8c6587f733c9691f74b4151cf8c060c3ae9e8d49fe7c77bf477dc9f23fd0f0b67320275529034b84f94176730923c03aa50f9584d9c2d60b8dccf85a13f243f30a51abefbbf2cda602bf3d75e849eb92422b808416c7e56b046ce38e4677ad24d23d7237a9", + "sha3_256_hash_of_signature": "4dec2ba30d68c343d60bc651dcbd877ef8acedfb4b8d0919774f67429d450ebd" + }, + { + "key_generation_seed": "1dade637ae98c393260f5bbbe288373100dd7af37eba913c528d2b7b998767cb", + "sha3_256_hash_of_public_key": "eeb0479ae3f55a474550a3a35619eb220d0719ea56e568cd741915fe3678a902", + "sha3_256_hash_of_secret_key": "961526c80f8820c7a6d39cc4329e0abf849834e5e7b47cab90c47f364b829c3e", + "message": "9366ed7b3b623c411448b634446f1a3faabdd163a6cc1e2bcae4a98703cd8cee441405892fba051be2a586a6950a5ef73a255e5f86b0d7212e0c51c3bc79be4b88e76ed6f043fef3204faf044bfb1ed722d61eb5d0b74c66a257e8ac3a2206273c80d2ec2123a4dbb715d60118d99ed7322e38f1562f82379138da3ddb8baa7ce61ab729afc3748c0134633cf45a9973c05c75d04e82f631845427626b5799dc07ddf830ba01e8bc6236bb6d03b37d949dbb29eec7dfe60fbc17ea590956d251539792016e2a8b01e70476961bc9ada43cda682d0caa4fcc58810bba1a673ef8f6bc90baee701e8e4f7c04a346ca56c7b2862ff57756ce6cd1ee22d677bcdaa896eae96f87870e032c18b6c6a0c1a191fae2ed487ce55296cc4b6339eac9e8a742bd0a44c3525cc750", + "sha3_256_hash_of_signature": "f3012b126b54b45d1e9a6435e104cf210c8dbee04903019314c41509e688578d" + }, + { + "key_generation_seed": "8866693cee12b909e32a0c64381796633666417e1246b51a2643564b464b4113", + "sha3_256_hash_of_public_key": "900915bea615461523d91506da011da446359475dae7b0b7f6c141e383b62ea7", + "sha3_256_hash_of_secret_key": "55af35c8b1088fedc3333a757f7a1a2354a9885b981e9677b8620974aeff069b", + "message": "0998114c84f84080e7eebb47d248980fac9d28f1abb6dbab3dd59a5cfd2c7cff7f308372874dd5447c7b02e30165501c0c673128e4c543a414222bdf47e7f4e8dca757b0f4a3281c0d10c4f02ab52aaf5b9a715e012607ba310947a60a5f62d6b8cfa96386d27cfa709189202421c078934aa2d955468e550ad4d0d4acdd98b168a9568e232192e92789830317fbc959087fffe353b6c168f3efbe7164444f1d6cba5246e31658c65440a841dba78257e78502843ec1a6e9710229c8eeb85d6cddc7d543285624aa1f756a5dd4f1a5d4fa52db8c5c34880ed448fbb6d254509fbeea0fa022f276b6a66bef7abfea6049ff74291babe781f718683397077b29fa9e2b46bc6b09251e587cc5b182195dd4060cc4a319bfbe251a5b660a739dfe5d0e5b93f3cb7e440194f1c8bda922cb1a3ee3d27edfd61c1d31a7f4534e84889ec83b51f1641892766434", + "sha3_256_hash_of_signature": "d8af217dbb9854e20b71812a24851ccead6499ef1830d110e1f9cbb3ff224e20" + }, + { + "key_generation_seed": "d6dad5b2746422f4487b72536d70df88af4b2f9040aa45999f8d7784ef696da0", + "sha3_256_hash_of_public_key": "f07c94c6f56760e6082db112bff615193772db13f68e5c5cde17d6e34b398541", + "sha3_256_hash_of_secret_key": "474f3df03037883f57712617e450800fe1b8744543269730453a4eee69db7f53", + "message": "4cca95cb9f254c2eaa7dcffef662ee03320d5fc626a6484304bf62fc20f341fbe26e1537d7bd20e95440f7cc95ee84e1297c807a0bc9006dfcd5c22a5c1fc0865f5d70e5d63ad677fffdea52bf85d1a4f159f7ed16a745b4d971b620048b5f518eb2dc672ca35022578059e1adad7c07fe910a5d566b8321d9a12f34c250be35ce964dddea23c90ea77c9c1bbe3532feefda3637157786ec7d37775ae5cb0bb92eab45a0fb1e833e8a6f3d06b85946e31a79b64a02b31fa640ed514a85882c89f693a06354dfddb0b5e23e7792134c69c1d3908882df3a7694a05b241b87fb2dbd1a4d9f26943b69f3cdf730301663089d1ebfc23299da21300f735cedf7b109f3e0bbe273776e6aafa7054a6cd9682b967eb7903de549e9558e62dcf3ac444dd7042fea362efb555bb97fb464ad7faeaba3197c14a6740477db50ce3fb8b762f48f880381d510fcc836e5880b48f08bd6333202e838ab73f2e106cfbfb218aab802da8a00f13f78ffb70c", + "sha3_256_hash_of_signature": "202fee4a11e81bd9cfaa7169dd769f0404e512555d4f71156c3cbdd4c3a4074f" + }, + { + "key_generation_seed": "68e7818f33b97ba6166768c395bd010cef7bce9995891d164303b53c1123a991", + "sha3_256_hash_of_public_key": "7c4dba3c4b692cdebd5a6a7969687f09f3e4663364c8f9fc3c848b7631e31723", + "sha3_256_hash_of_secret_key": "fcefae8b256f25c0d93b425b860c4594f50d16dd9ada4b0df7b617ee5821d04f", + "message": "5c4b2e1a344da1418b0f4be3fd99505fc30f2a1e5b696e943bee2451d7b268f722e04f8e00fdd9e1a470f8c977a6d45a5f621b8815e352fa14f64977d1fa08082a48af495719ea6ac1c0b3d898603b4cf7ec88e68dd7190884382896d953d612cc21abecfb01a04a1bb1bbe8986d34625756396ccd84bd1a6b5454dda98824cd4844d98f356ab485eeb19f9196abb1c3088c0c3c5846c88760b696d91a232d6f4cffc85bff33de1a3433a27a209a461fcf37f2289f98bea7ccf183db1fc42a7edf958e7913f8711dc375e43f09be7c7a2c2b1318ae2a9cf5988fbc2ce0735a2cd9fb6c8496c34406c538c01bd494193240bff947fed47b7cce99a1747973f1faa5223ac564bba0ca8973d1310b5bfa1452cace9110bc22a8d4080a8baaa8adfa3cfb6685679b648484e3a43f9b1b2531949bbb8fae1846f6d45d9272fc2caa2913b5d9f8d322e9b18a685122d74634c60730c101578bef2480711feffe02123e76d6c846559e2ea99a98923ef095630102a5573ef027e0ab6e52555a9ede0d15a73c8b2fef87ca6fd9f903f0", + "sha3_256_hash_of_signature": "8eb69e29ce62d0c1acbdf82534b0cf0d37a731fe82e5366f1280585fde044031" + }, + { + "key_generation_seed": "35b153a7706109d4a13d7c4b26aa5b56d9e3fac53b47e91b0c10bd4e0eaafc19", + "sha3_256_hash_of_public_key": "f1cc36adbe51427c4c11f013945404d24d379cb6e7a3a2bfea7d2c1d794bcf2d", + "sha3_256_hash_of_secret_key": "fd8bbd324c8899fdb782274f8399df447e666d33e4dd82a0e25e04ff905820ae", + "message": "49755a7b1a7cdc5c9bdf5149968061d3c95ee67bfbaf02750c45094303a9d9cd23a08f19b9c768adc63ffd1527186d09ca4e0356bb882e263bf015cbe3716c05b31a69dddb790ba82c341ac9b6be68a81b8bef8d882304baf0020d761a0db04412033dc369961a5213b04e81736a580f1162780599cc029e262d67f31b2773afb457a1adaaa292163144f17de384234f3303111fcd89bcb30333c6c6486f775ed099043c34e6c86450b650f1a02d03781b1d20691b767d166dadf1dcc4d8604d976efdc9168373a7316dda9b9fb02a4a321218d9f54e287b7167a08bc0153843bd6355aea1310824dd5d5ec458be694af176119d9e588a29c650ff5500293659ea478b39a62149f819cdb7e7cb32e1d7b1284f159e2ab1b1ea41af4d0ac94ff3111fc1ccd818f9b2cc7a259701405fdf6a51d2d3ef62789297bd16a659f14968ef902c4a23da409bf13a4913467b5c991854b2ca6cc006d3f4197a6aa58bd5dd95c36928da9583332c3fb134fa3890fe7e299f1c17205366c4f4230724c43e4803912e72b816658bbb1b63780865a1f66a2a49b96e93711b1be97b827d12173402828b1a065b94310d5bd6098d", + "sha3_256_hash_of_signature": "02eeeacd3e86a06e056eb958289cb36311a8c51f5cf964c22d20ef188c5131b4" + }, + { + "key_generation_seed": "0e1a1634fb2396e187cd8980ef29663c42dc3ef963ccd491f817a84283a11fa0", + "sha3_256_hash_of_public_key": "8abac831d70701ba9e91a3a67d27eb46df9b30fa00a96c2c2aa0a5ecf190799a", + "sha3_256_hash_of_secret_key": "1050b1e804f35a412ef91694b3e5841373b1be79808ca4d9a5097b314b3c0caf", + "message": "439529df1864297e33956afee00a60099b658a67830a6a6abddc329e87831d9f9b647917fedf1ae182a40402143285516fcab83f447354c72fae81ac26e7005c2aa561763c152e66bd80f14565f47defa440dbb491e7994ab9fe35995d5fbb3800ca030b43df611141637a5246ab9d9cac02efe14af60736b6bdb2babb97cf21e831e5d04d41c00f090b154977900efadd3a9313389a3f84cb3ac38e8b57b70a43dd08a8243f8154013fd5cf29de5a8df0b197c12b17e0610fcfe3625cc94067e01e23d23a243ad1c1f805cc50e1447d1df93c25b8d76396bb7199e64129522462c5fc8b30c132d4ee9e0bf6f52961fce7ecf650647e7064aa5a6574649a323e144d7c5491de4c0a1a76d08f93f87a2fc7f6955fef86991e62e2cb42908e83b0c0a8bc180b7453ced293f1e20f300431ec1d395e8a537f0bc36a673d491f14381dea90d8f176d06031b0a7afb40ea8f76d37fa82e2572b9799a5fc7cf4c49bc20ad78efa8cd989a84d72ed680ac3c0f64155c56acbfd7c7d628b418a489f961357f77bd62204adb079dd3106485a37fee535c9cf82e832d8aadcbf686976b806b02ae733db46db0bf162e973931c3e338cc86db38c66262d1b2ebc7691b8281e0b20bf36305fba996d20ecfdc695", + "sha3_256_hash_of_signature": "85adb4e397de71d8cde754576518351617433b9a134a954f948493d672a18534" + }, + { + "key_generation_seed": "b0bfa060f1c1a70f1ac55e321e6186a6613605dd732574b5fe6e14f0ff6f7a82", + "sha3_256_hash_of_public_key": "2f1385e5ba15802c7b7e17d74b0b5b93790cec681e74b72f4968befbc1d26868", + "sha3_256_hash_of_secret_key": "36e4b3f4e8aa8f09bbf58bd62db600d1dc9a5613485b4c5da97bb61dbe0601d9", + "message": "8cb18850e27d8416b88a9a71f4a66bdf447814db6c82098c371b53f61600ef5dfd88e4fb34200207c3f6f55166af4878d38fca7e2dc18fe662e3ea491b58a86246cae16090fb7ada53b9a67b3d0e3787d3323ea921274c60cffb19a889bcf0300fe10e242aae025f374dd83fbe9d007c8b9d9d75574c74146331ddec6f0e49c10dbaf15654897e33e2b4780dba484224aa6fac79015d5792faa2d532bb7d239b11d91420b98690b1fbde9632223927e0804bfb284368a426c414c3db8ea82f0d246413861475ed2dca9e80fb4f3c34fef7528069ae1975afc52ac5ad2cdbca1459e140f655556093210d7905a1a1e6ceeaef0194a0b2eab2c1ee853484e715d2a1db551fdc620d5331164c74ca4848b61d408d2f2a943fa09efeb63d524691c99dcc0b22cc61b98e6fb8039e5e0b2d7de2caaa900a44184bd56c9f02141a3ae8afc661e3e898ecd3004fdb0704272ba780cd5de35153b6fe223843024273642dcf8e4b58be2ab1f61668680084aa0b75a32e766c8ae5eb30d4e02a12e6798dea40f80d8ddfad2041a52922701c689f46f49f84cfc05eca6d7d4c356d50b6a0ba61966245d45134d6a1f5197540a1c39c36bb0b78831af3f5156e669fd9213b64e0cf1c5a31e88ae79ad61757ec67b551b9f0a760f646bf81f6b92403a62840cc29fa4f3949b3a9f0a9a4286ee7808a", + "sha3_256_hash_of_signature": "fc7383bcbc0275227d91dd6427ac36547104d0afd427369a304d5b07b902e9bf" + }, + { + "key_generation_seed": "a33bc0a7a08c13c0d4c1174ddd886aac4c5666e1f4831f006c9519d36b2ce882", + "sha3_256_hash_of_public_key": "81e663c887dabbca940eb7d140ecfeadffe01a0cd477bd23904c0148e2bb441e", + "sha3_256_hash_of_secret_key": "0ba6d00a4318285169bc927d5e8226c23493c5fd79e067d3b5460acc40bb37d2", + "message": "9b64813c058f07a09a796fd764604eaf58ce144363702896df0ab5ff26d5de000d14bb8fd358ff5532d3b909ab62c18ac30f1900f84ebd3f4f18bd532d16c7b3470f0f8bdf72938c916db18bcf1429dc1635b1c152c5f89a9edb17116c11815a6c06273a889132923da908ff39f4940a840d3cb575dc4d637aafd37968ec61fc4ea04b4c320491a73ecfbdd8e10f1dfe902fccef93dd287ed872f67146bb8ca5a6adcf0350e8bba7f2f9762c4aa748fce19748eb17334146c152fd63fae3dfbb1a2c2b3c78960369551fdac5d54643beeaa59c1feb0c21dbbb19977d848cd82a7ae0005f45956e0fe4700f14fbaa0c12fb8c65a6aec95c5a5c8e79a6da9c4e446872575c06ae49a31b82245e1757c7ce84d6d5df3f642d3434b7e1a15a8b8a9db460826b6cdca69022dbf87595b582ddbb90a81e09a13c2ab1c125e4435ff30abc9c56a00edfa979f79d9c895e800d2dd6372fae5faacd83adf8a6d55279d52df547e9bab39d99076ad7d297371344d35bd584e0fb5932f92fd5183b9250cd180fc645bef6028c405b0ef35daf783428173f1f2482aa1363640f66af0fe8ecacc0dab84abd2a1fb53af44445698cf1ddf4c2ea214dd339be004e75bf76e95ca5c16981aba5540689c1c1f1daf4d0f89d62ccb3496340d61e7d5f5156fd3edd02edfec8fcdd0b231697b0e66f4a3aaf46117532f5ee2cb4d2b3b82b0beae0a45a482ce9a976cc99aa82beb0fe08cb68c4", + "sha3_256_hash_of_signature": "2934fa79c8daee187b9c365f23d49a347ef814909fd1e83ecac9521f22e737ea" + }, + { + "key_generation_seed": "c7e33fa5329142b668ccdde1057eb7a8619397537f2b4c6d6755b3b9ff936441", + "sha3_256_hash_of_public_key": "3d1c5f237cf3c5830d6e588f2d2842a746b751e16a827fdc72e89f642214f88a", + "sha3_256_hash_of_secret_key": "1ae5e5eb665acedaf67c88c63ec9152bf0d93a64ce109bf536d227c8a230336f", + "message": "922320f7439e492f13c272a5738ff7122dd7a6b2832632e1f7a653fef3b8639bcb9e84f482f22a948ea17dde6958489593d2cb268bb52df8ed612f2317bd6847d1622cf0532cb499adc432233b93b6f7b1866b38975ac87859ac49f91e8d235846775f9e6e6d052339c741ef6178016edb3d0b1e3f3536667b3ea2d489f88d254b8582421a31461374f465d7ad62e896be0857134707a70477fabc09fe0a5cc3b3f32911f5ff3806b878205525af69007f50535df05c33af3b0d00e297ac7eaa012e1d863dd5dd5fa47fb09467dbad8bc42edbab42a9625bfdb9fe578343297506a3b71cdc8d5919955af4605fcb0c7164d96a187aff65d0f6210fef2d11ba08d90c4458542be72e084577be9e451b8b6f4909884bcc5d25316adccd0925664d4d91c2e56433c1b68c632b0ca56d856df1edd5e113d1f026b30dac4fd648a504f8f6809c701c97bcac2b99286cef5c1c923200b1bf6141ee1cfc51c5e14554bc02d7e058970254d2c02948360abc4dfb439e66946a8ad615147bd8a6cb0886211e8b15dff3c72b6f8908ce56bbc1b40e838103202e9f188d98e07555db61778f895f76fbd838b6d14209d28eb393668924ac0e61072cbd9f93b864904ff4302dcea131b2ca16bb04959acee096b1963ce07f59ab505fcc8d89fe08fc58751965f2f5ca753d76d58705652d3b1505e0f720ede3142de9776ffe4aa0c8a25e76c7a04843377c59f1002844e89189e22f621467b813a98bf07540a1649264f14a6844d65692617f7a4d93fa9a23829e256626", + "sha3_256_hash_of_signature": "4ea22dab4c0fe23b8567ec01f7b1487b47d19de76e6609086eb2d445b71d27d7" + }, + { + "key_generation_seed": "7611b5b7d4195d5f8b97244b6811748efea929ea272e66435a36d0bd16e3bf21", + "sha3_256_hash_of_public_key": "d7dc3c84ca069198127d34f1563f150d2fa740773404dc11f600d6cb2ddf295d", + "sha3_256_hash_of_secret_key": "c3ba954c61330fba877ca97b63ad3d8d638e6cdafd329744b7ac1255279eb182", + "message": "576289d10ab03d5699eac322d349f55c547101e4424bfa43bbba3747b79f075ae1153a7a0ac8bb51d24fc46b7604e42efe4343fa34aa4eb16d918f25e8a4d67c860cca3f7480e1221ed3ae13a138f079fc252c6d7bebc55cb81b86e74f339614bebcf7e8f4440df8678b01a4a41b3afb1d112fe1c4c8d8c6bfe9d3ee2a335d477c60fbf43b2e5fffe1546f5172ef51cffb2a772e1575eac79b24d49fd77f0be351233e57ee6dcc7e2e29994873abd434d34ace83400c026e27e27888ea0bdd1bde5a3e55aa8b5f2feb57b8b0a96cd831906297c8169d04f15843a3249c50523cf56a4e19492ea16927dba8759b88a99e0d20820e51fc9b6a6863115cf05c5bc3f4c869eb5a87124df5db102d737f3899cfaa5fea4dd62dc4fedb1aaff67906adaf8968020efa5b10190f70e5f2c0f0457e4341bd449201d3a80aeb791254ec1c46ddcebc3896c6df702509ba62cd446d275806438eb4c03132b2e6bd01bd2f832d1d3c053c48c5a9db1c4a22b130c4c9e96a2bf4c2a8f7de0217a52d9aa5aeee5e6a49708237eab60b4019a51390c3ef10572a73d436875bb8d7d78543f96376e4bf3bcaabb92f89215e8d1093f3b287945708b5514bd7e62654d3bdf34b29009c64829a0cbf33c54d7ab0e81b81bdda93028b341ab1dff3d752dc4a1e5f9636a5c46e137ea35919d99e6571c5370c6e804bd2e2abf566f035d65cf8f97e3e8f2ecafa153bc6d8ec2831667a37fc96d1c2da40ba84d0fb041def32aadaef3f98cafa957f6552f79d28a36b8ba20a9452671de1be8af5d66714232507edb9ff657f3d7e5fa7320fc0359a5f99280d446283bc", + "sha3_256_hash_of_signature": "b838217cc32c9a2baa86cfcc930cbe4a4fcfb4a8cf0ea2c8476461defd6e1330" + }, + { + "key_generation_seed": "5a1e3e05c72cef1a73ef98840da035e4fd2552912db8dae28a79011de4bbc1a4", + "sha3_256_hash_of_public_key": "6a8404827722e67effa21d33b95f874e87977ba7e2dd0811c8750bd1e82001f8", + "sha3_256_hash_of_secret_key": "5e7cae6a7b4f8666f278e11fb0ac6d8cf40b32f1eeb50185954967f26292771b", + "message": "021e9c06a2e4ef63d1a61958620c40016783879080d44311e04f2a446bcaee5a486d17ff0f356ba70ff1c2b55bf957a59202903ae349878cb822e04275e0afaabc0803bb6cde3741e0bf9fce0c5d5c814977474533dc63f9ed4f32ac3477a3ec9893ef55186728c85b03f4c2e61ca7733e1706766aeb8fea80e233e8761b57fd5a3cef700196674b34a3a55f68b3368b688fb1ddc976ff48ba6a98e2d66023f291a3c617a56ccbdb8732b8c34369ed11f4ccea8fc8f673ad9fa0fd8990bef70af44c617fdfa096695d0c94ea8e17554f4461dc776db2f416448b17680fe4d29b09e57603d8ebf55771af84d8d4b9097302901c25cb6d73932e67c323d12c8acb0e74cb89755f7eb3999d4eab5e1b775e6b5c29d9733697030a26f3b93b3f286db0f2dbda71e1f103878063e77919d8892eb6a34f821b603ed4a898a9f30d00feef20985fef1a7b7af70dd29c269e88687f005d551ef05eb0603fd38745aed4f5bf4c2fc09f0604c98ae3a89e46bbfe907b87a1672de547d651f035f392a8d4db5e7260f43953028e312b95b9f25fff2c0c579218390411d13d9a25f22de4c7aa05fd11781db08977160d48e02372c7d826f5cac37d1a9b4230be99a2d13cc2e9b2b17f0a1044eb9e0a2fba376d35cdd2bc05f57dce4bbc3bf07a09bcde369929e6250efdc61689466b040aea376b09453a2c16813bbb685b54a225c49008ba6811e8bb5b3627f8c281244fdf5533216d126ed0e64fdabec533424bff77fe722cc438ca7587c19d965f0bf085d8692c27c5c84a9dee53256d978948d89abdf9842e0b765be6a507d8630cbc5ca7fa0fbca1cecc78d2e536aa7b2b902c4379777ac0920d69c57cc4e6032252bde99e1a555e80d4", + "sha3_256_hash_of_signature": "2f2715f3a559f2e00a2fa5420c7be186e7f0721d0e2b3960b97cf132475900b1" + }, + { + "key_generation_seed": "8f3920a235eec3659cfcfe62931474204eae264959702f901d461b66d9bb563d", + "sha3_256_hash_of_public_key": "ffc641caa6dec530b1f2ad5d30d8dff570749b910783d8d5f16ea29b32674fbc", + "sha3_256_hash_of_secret_key": "cc64caaff0cd5a628bd69afe866d9c2b29427e76007e826db62e970e3e7dd75d", + "message": "7bedafebabbbfb863ce496475f54e69a905afa45899c3d7c16cfc73e31597d2404ae7014612e4cbfa238efaf5b396b0b7435ada5de817e013188c280423c68924e1fa2a33ca56e6b85b7cca7f00d3a6151f0629c1b92a13573320e0025863bba7f3eeb987ee1b1a6230b10765dfc1feea498ae4b83521188e7503b506259103cefb370e3651b06dd4f08013ff3ab9e2430626b0bd584232948462d85c0f82da07b96fc65f62a43cd2f132d1a1d691c085980dad8796cce2fa0b268395eac3da2cc400f30f75be87316216980ce213b48651ddb9e294f8cdb2ca05d3f2a507e4a03e2849aa8062918afb5bce9e4c3abf2ffd4751dddcf08ab09e36a29b830f3bac6feebea084575472e6f4b239af89965a72954769a83e391de467934237b07d8884a6b14cad034fbf9bd7531d50d742e234e227e1a2daf77a2ffacc579525134b15186d81ae6e5538871024bd2897475d6ee5b11bc51edbb928d98475073785a75b331bf3d2297165ae6cf95c3a05f06df747498462054f58a5ac736f96014b1a8cdb319d030d06dad9cab2b913f35fc392e1fc4b027cdbe775d64b04f1076a7c8f44c360745f98e87b84c18ab76f84f373f635af4c8a87df08dd4507899bad892ff8cc1ee534d3277b5b82095628b84a7d5582149cf46c50aa963b56b4b91966b106b4b2eaa45d83a10993e8f933370ab29c6606b7ccfc41b21c6b99f2b9ac643e24300b350fa199ec10e64e4af19181f78e8c43b2fa796241dc42cc8992bdfcdc39e7bc41be68cdce4fbc47c996db42e8249eedc146c216b514430c705fc939b9eef677ad87f9cee3398551fa0daf774302324a410f4a4f4fc035cfbe960b38c390441e92d9e5624a8745976bc88fa538e398712361b77ad4ca5ff038d9f6ce157eb8a6137420d4e57018275dceebc4e480a5d", + "sha3_256_hash_of_signature": "263bfce2754fa744fe21403c284776cdefd973df82dace3a9bf3918abc7b10f0" + }, + { + "key_generation_seed": "0b2b3eb50681403a0b9a99b25041a489c6d45d2a49de0ec83e1fd10922abe2d5", + "sha3_256_hash_of_public_key": "823ba78375c12fbd4810cce25b3ed713b878715883fb1881000b4040589692b9", + "sha3_256_hash_of_secret_key": "2d9c07d97abcf2685158c92450921ee934d70bbef45ed7283da72df72fbb44bd", + "message": "a86ee95388df139f9c5a84108d1e63f7a7842909b818e9a0425c257649abf125386fb5286031e7e6d0eeb85c452e254da39bbda51f0d2167ec0a51992753ddfa76874aa80804e705cf8bbadf3b82b6d7fba3d1cad130abcc0b44d6d893356f3e94bf8e82ac532ef8c5e5f4200207bcf6b754f14e57a889ffb753f516ef8de2a647fad8e449264f0bbb4cf48bd01501736da49509c3426a3d4108b98e6a4aa6c4430e8ee76540051fbd1dfbfc01750e26547f8718ef7d897a0342bb000fb99aa63b781c9a4b831da798c014e58725e03d2f8b1a029c3337f4099239244aa320965b2cb5075052d901b6077a18c1ecfa5f272850a475b5f6bbc83f3c09a27072f80743b23ec6a9870913ee2805b4d296b2f81a9d733e5c8d5c0b477e51f9328af3af8abed960408afecd27fbdd08fef50f4b07959646e0a02104a69674294a79de0b25b65f4dbfa797e5fa56d66e8bc07d5e2e7c7d2e845699acea3bfac60b2c0b988cbab949a5b598d8e2f1aec66196e115ad7f237a1c7fcfb95a1bbd6939a250e7bb0f4a02c23cb1bd81090cb770e3a70cb081d121bd0bd5ed1dc06d61282b98bf2dd7b13d2c6cf833891c67951d7d0f429ebde3f1da943adb8ad285e6f13f798d6cd9a0a06bcd6125ebaa48f8f3bd5100a122f617817e3c42ebc3c3b154258fa26b9fd886ebfad42dedc6a2c4f9986bad88a2a79d7ee603554e9cfc5fe33a3a171cf7ba94fd43228019b2f6ff96a8abbc58d2098ad95a95442f6858eb69e131d7bcadad81b9bb69d7682a978279b631e22927decffbefbe8fb2e51d46a3fca66225d30451cef9953ef94f30b99f2b26ea75b84935ea4fb257dbe5734454b8087b3a4e115c6d31e72709303e9f0bb8c86fc6b11b93b53f9781bb92851a5cb5dc00d0b4e15683dbe4edbe986966fe1f711f24de9a0e1beaea8e835c70cddc589773d31191b74af780eb69867829abed6d3ffa94d577", + "sha3_256_hash_of_signature": "b11e6853fe47bf20e1df8201a9cf13ecb8c579bb83456b8eac22ad9041af2e8c" + }, + { + "key_generation_seed": "8217d32cd15658d39cdca92c41b59f5780869a68838a3579dea48b5e3ea768aa", + "sha3_256_hash_of_public_key": "417025e178d6288e584b8191b7931ccbf26456cacf95df7c016200ebf4f7e40f", + "sha3_256_hash_of_secret_key": "7dd993e8d7e20d10eb3279f09f28d0a069217620d3373ae73bfb4e8027784861", + "message": "f5abe373ce1f6fb14f2014f5bc0071b17ab2c84e8845fcbf4b15c79fbf2e5e06cffe6cad9a283014a975f81c9216b261cbc79edcd58d0e20c586d7c641e0ee97221befe54dbcc56a594df103ec24b52ddbb6052d1644972640f39deb98997fee7a252a65070798b7e46707fa440375b1ba705b3ecc7eac56d9c45297e585299c7d747b430f0d01e82081c70b4a87846f90267d5163181ded63e089a00afd33b0e2b3ace91182d8cc899223ce65a5d84b86bb3e8b34b13949bc800f2145468ba5411eacd6a6c331c340d4442d28efa0da959a2797c7181bd4bbe6e6dffd134cef373ecb0ec08590f06be0ce292d3718e2c0efc7cb40f1db26f5f38fdc82a72f81afbbc16591ee02dc818d63cae69ff0a28f942f7e07f6b0a741f3f0ebe3d0ea5859024aa408462d3d268c23f95d717c0a685a4ca73ad90ee923db57cd6cdd828b7ab0d4afa6a9ad7e32d407a44d7515c0a6af52a66ad72119ba1daec6514de3f8b462ec473072226aad61135b0f5ec646ba9a127c9894e51fdd1b2d38011a2a6d7497a55283133695d0af9b3ff7c5a8fd667231f9e511e3b8c4c3adc44d02de08c47b2382de67b32826754c6be5231ce0fc657341e20247cc6ce574f3d1a9376ac8237b49e5030e877a4e33cde25d838ead659eb1678706c759707fc66ce84cc968a8334c18f1632348824a6985a0331a93b59497b70c1a03a6848f18f5992972bc79f07f4222d2612797f495463836ae6cd3858d5b9bdf744a1cf361b5d454d41ac899a4fa61081b937cbabbf0ffec1b31c162224ea36ca2cd7fce54ec1a504932acc5bd0b17a156da7488f7017e4916a687fde7fcebb2901813b07964084ab0447a94dac3a0d3fda05b9f497cc1555a8c74838e29cb8ce89d304debe419d26ba7f3dc6e9526bd895495a5ff1d7ec83f70d045e306e7c2487a52cd7553f062d31888ef7fd27f667fcffa984afe0b9a4c4e85ca943812cdc157c5486b0b5ea6da05e4bb8697113190321a976d1806da129101e60a28b7", + "sha3_256_hash_of_signature": "df22157ed0c3fc66452ed0d5cfded69e75079cb231f2c9cfa5165709a762517f" + }, + { + "key_generation_seed": "cc625322c9d52898e7f60ae47bc2847e20f3722794de41e30fdb20ca1a093208", + "sha3_256_hash_of_public_key": "fadaaf8d05303ee9947e9a32b2892d1509c7ccf31477b4b108603692a413bc4d", + "sha3_256_hash_of_secret_key": "b21c155d161c717a2eca37cd51b2bbd47f96d5dd519bade2013e9e76b98fb79c", + "message": "4c4697a7d8195bc7d4b8f2fcf3a7e9419e8fc9ac6bafc5d658260511c697286bfe44e2ce98c21c98be42e5af0fceef8aa54c5770af287a81c7481fe3391a6111ae6243d545b2a651599b45931d7640579f8659a8bd6f77260f235f71476ed64714fddb70c549cbe089322130f7b0a21f530508970d55cba55baeacbedf684c7979078102ecffc2c3f182f710280cabc2decd3d3b5d3ce908cb2307b00fcc0c5412a12aecd041b5f70cc0149390312b9c81592bb0e2ece83d4495944e29aa798de67fd69e2bd0695dc573f78d8bb48e6b8679e1c50d1e6e58e218b77ee51597eb43ecf7301d86f457353d60e98cedc95b4a76844e889bf7e9d03503757569e40d55ab43d63293eddbb579fe981ffd4dab056f85006ffb5e759b9c16f5f6b235d7dd78458a73ef37118edf599aa504e9db9ab5dbc90b8e478f3dc1f35a7c4604a383bbbb410cfb2c5f746f83ef94bdb2f244d421818c26827d5b7d665b8a802181eb7a9ce95b6633e24d914feca7e969f64038acc3009b15168426edb67af2ccf4e859f5c616891d355f7910acfa599c396bbb2d2782cbf1432e6259faa77730b6b86fe0d67730152cd2ae0f9b0314048ccd25772c01fc9773ebf06618a8ce1e940f48663427775990cdc41c4dd3e9ac6eda1ea50e04f1d329e64c8532a7ae32238c131753d60a25810a5ffbeaa9007a6984ef69eed92b777e079ce0ff48c2aee9c18d1db9f49b5419ec6c0e2212ddd2e2fdeaf0fe9f2b84d9c50dde86a70fc28bbf8918a973cc67a36e97ce3027d73891e7aeb24baf4b12a9dc8aab5d6afa380bfac3703d2d32f1e40fbb532fd6d7d710dc0741dfc7eabfe55ba5c311a00e3be55c2ee74155e3a06685071a962d7532ac76d59fc187eff01f8d339f74323732168fa5d14f4b2a72c9164a04a6ef14bf5deb1833e4baa19a55ae590f542d4448e0eaff0e0afd2fb30fd671631b9325f4a0bac9a43dcd2840185a2f601117a625b0dad5503578537be2a535d2f556f371536bcf68c0e01c96301f08e1567dbf9d8504096a8fd89c086db695da191099fd1e8ea94035276d1d", + "sha3_256_hash_of_signature": "02926f8ca271c6a5f4dabd34065adbef98dd10e0cfca901650ebbe24d1ceefd2" + }, + { + "key_generation_seed": "950226d6ab0b774c5f439afcfd0113b5dbf5905960c445f5e6e03e5d5c687a9a", + "sha3_256_hash_of_public_key": "3ab36d371a8fe10b87c0e35a352b2e8c480fe8fc90ee9572fb22a40b8c9005f2", + "sha3_256_hash_of_secret_key": "1dd86f77210f6e7bf29491c9c4f85ebb7c2243ce4a580fbe00c384182e8cf9e1", + "message": "72713ea55f1e5ccd5787f172657c6f6c74081de2d70816e8531497965df02dac04d91c4d09dcf8904cb152e2138f829386f4351015da253a5b5eb92d96e537dae3ce809443ea90332d9c754eb11f4de586a83b5dee7b1b9bd547ee7107530249b14279baa04683d74b69d7bfc8bbcd447fe7706593c01188fe6ad8d0e2572d49f83e93986b380d4169bdd94e3311941dd2b041dfabc5aea1297c65bb5c8352c99ff838d46b93b3e5f79e3cc5be5408fe5e59a10d488dd65a997b086fdd96cefb0247b2baf7b490317e34330a879d04e374c92ada33ee243d84da015fddec243b00bd7488aefe373e8ab1890273a7a2285988e9daf9c4e7c5a17f54ad6195ede2c79657e1bcced0641e20f7ee26eaf53dd8c82827f2d2783d44fb030c95791f41653e628062267a5cf534df00116c1ed1de9f360b97555c65cdd80724104fb1bd4da5785b5d9c24438557e48aee58d57a03e06d553b05b67e1c8d10085c2f153647f174f7922fb8d2210454f7014bddbc627756eb7cdef99b6e3a2779f82088e3f2da14c2dcb5b185aeb5d6acbfad43e286aae8f84a58e8df6abc64e4a8efd69fea18dbfa6808f25fd418de8ba923500b74e34dda3ca6ad8dc208102dc4a876d8b8cd2926aea4b3ae11a546f6235abea152dbdf43e0bcdfcdc83299207f294a707c8b4d1f56aa64a205c718aca69b862afe7489f11b324e7af6be68380d2ca6e0af0e2e20f890f2cf98907a9d43135c03e85e86c9ee417140efee9054b46c110a84f1841ae3cfafe5b4a95d6b2b606d8d0a70baea85c9412bc2d54146e9f866800e8e8615a0d64d1d595677e8c88699e3ca6097d47e9fe64050fb55033fad4d5f226da8eb5ddf99369acc7552927ed3ac7368b9efea2443926df26d1c172858fd8a5d4e1d7d39e7f7df047385d39131184087cdc45b299bd1f7048e918223da3f960608e853ee49ea667465dbbd889cbda20ffbb540c9ebba5c2cd16a22a57b561e01331d6ea6bdadbd6a5d2bd1441ef4e1d9dd11cc62a0fa5bbffcbed0d27b6acaf0889eaa5863dd9bb35920707b71a0805630d1769fea320516e71cb2b125ac274f16f7a6876f4b922c7c006f38ae1f7183ca768715d2af", + "sha3_256_hash_of_signature": "ad36e08b8c54ad33149c858289321c102366218f9771ae1c03f3bac78531d015" + }, + { + "key_generation_seed": "a6b534767a6d839fd19075ae0ba10147c46862bf7bbcbe83f2b72f72f1368a1f", + "sha3_256_hash_of_public_key": "9b9291ffabb093c733fa2fb11339e93a8c652ee10d5e44f8ffc179e09a67a3a5", + "sha3_256_hash_of_secret_key": "1281e2ac0bb43b88cea3182ce80aee98b2c353280d8a75c1a2d59c870f941858", + "message": "209658cd1d801079ffe8e950bafd70a028cfcc35b9fb00d232c5603a1d51ba13e5de59e0277962c4474e9f3f60fcd99c9b79665b3839d5c037b921a4de8e144fa1d38182fbdeecda6934e814d9186591f01c5e23349b34f4439b4d402c4072cb4d702966ab473d2c39443f41fbdd0c48e566d33e076422ee72fb47b2ffd661f367e9efddc988bca02382ef93590d4fe3ece8b1d9d8b3a653219c7d131b43e2fde2851541f467c31129e6f9b9d124221cd52610b9f138eac1d01f193148fa0415b29f5c86d15067eb1e26c9d51f05655e8545f734f8f244854ad76c6b04c230898bea33efdceef100d79f8e3b894ba583466749b82007067806e3a7b3ba954f6fc5abff0e099a24d14d865f6f4538736124acc5ead4169ddf2144ad558da3c74cdabec147d2afa113edfd1e2280766b18792310fb6b4fe5d0d9f65906b1cc43655bb3d6178ef9093ac9c8f1a91bf49008179394eee79e1d8e3228f567770c1ba1e30ba4bce2465ab68f53ce21c0d8ab2f6e535828f211d4db957dc3af8b7e00dabd8f1f74c959b2aff45121c5b5abd3136c6f55d5f5ffdbcebc3cd7a430ff3813d23bcdc1254fe6949da4e7694028b7fcb876099e91b92c65d85c39d4be9325afe81703e5b18cbd7bd9eb59a9bb9408abd966ade9a60303807ad1b2c14c04cdf8fae6950a55b21c9ebb5e94713bf8c2890215c5da94b59cb31edc671093b15ff5014db4cd3ea8060260dc1612e9fd6e5ab40f0656121f689c8e94212269a7b24305c83bf0583418755ce690913cb081f2893fb42bc4750f2c053c48c1552430793cdde1a49ac9e21913210d727c4beb5640ab9b7505ea4e59af417a085394181784bf1bb0bc32bd71cc57ce77541581f14b8ba4b758500694796262b561a38c72893c77b548d779a3833eeb064cddba5471cbffbc769e139946155bf376a56415ab743de568cd21895ed6951b5bfe1b1629dd6510dcd4483f206954964e0517546dd96900a2540a51835818d1730b0c9123e7fd8b28e6843bffb659945a273cea944ff6e83c234b3e43db4630614e0b67778ea760ee341fe68c525e90475a1560821ae6b2a85015292c36eaa2e041ac04fb55922c48204525187c7e0476a9fed04efbba96f369d8ae709506620127fd399613a9796c4ff96d7e", + "sha3_256_hash_of_signature": "4f746f907d02a30d21991506d220fd20d30d218ee1369a7852bda88231afcc4f" + }, + { + "key_generation_seed": "103164ed522df0db131c15e139c0f83d9b1b7a1b6ecf7f89a5248cad7e68de8c", + "sha3_256_hash_of_public_key": "9a4d835baeb12afd744b6b122a3a8edd1ce9c2f80b53737ce586812db83e0ad6", + "sha3_256_hash_of_secret_key": "616f4f934d638b54c7a4dc15775500cdd42cd99fc21308531330c74030ed59dd", + "message": "8f37a065dd696ad437ec82909261b842ec0a3e66f8ac574105a3c82ec8b4926f2466fa550f8ea1b6a9a142c00afa44be6512a85350930dffc99b95aa21012057051b68c48581ae439b9290a163aa4b6afcf80ffb91a3321c7b9abad56d5dc1be4e67e5576c9f3a7db96071859b94eb22a73dd96c66ae67ab11d1ab62a86d826c682dfb8cca3259dcb5b34be635421cd4206e7d92147f14c36424eaa407b441f58e5c187e58a26b2ae144888a3cc1387ac7d0a681eeddc3b7781ab282e8185ccf33fb27500cfd119e0415db1e45237520a868c8457c88a1d3ee97ec9451da35d7e74924f8902949e7eb14ba87c8ac672d7e4f3bec1b2814dfa67a8dd2e2d4ff4661d64bc4c6d6a78d4e489689b6063cdff5a3f1554501b424284a9f4b8fe777fe4e6afb83a85e36200a9ab40b9c18678454b2a3f50a4862ba1e36f0c57ad004ff90192b5619614e37dbb38a1b8a65ac613f7796c70772128377065b84f122540106d1b4f9123c4e009b4c0a85d59b35f72debddd154abec7f3fb25fd1fa04367386098de610b26fa3ecb031a6072d14607e92ffbe195abff71e586a984131af24e18ae94dbab0544fd2ad217960f337111bfbd4046809ea03c7c47b7177757a4a43e1fd0134859ba735a8fc17597e593bb58322136602954d3a21096b0d1dee5cf0ad17a5fcf561ffa21caa70d33998840e4cfa18ba481704a8b82d2cc1c110fc9a6704751365ae9f338afe4cf9c811697dddfa8635a2f3cd02dd1845251014bf2f2d6c02a907bd783207c4773a937048a07c500d7c424b5f65a2c376523740df9a0b60437cb8ae17d64dd51dd4e433af83b20c4b6b890b97976df09e3a86ac19006c229d59fc7a2923245b7b1f0acf7c42e486d41ca1ac1d7051aeef6003ce94182f97d099c74317f61eb47ae18c2bed6a3cb253c21ec835e435123e0a657ed926f880ce8e5de3155272328a467278f52ac50a1121ae818a3ea3a2e1f7401ce23aaf66a4ac289748a7e98a5124c586d8957bb4edd3f091492bb1a64d75efcd45ad51ca420f15da848b20dc6bb765e7b71359b3a9e95e121266ae4a40dc2e9a3d81ea1b1a643594b3d4e6abb7d1202201de92bdf0cc1ed977e2d5851822a01f48a6f23180822888ce345ac9be0cc69bc448d41ca20b79c35b1dad73e6c683e70c4439b404cbf07fcc39b0e5a1d33f3717a6bad28a6da4f091bc7a", + "sha3_256_hash_of_signature": "3f49608864a15c1c484dc7d4c7264955a19c92c9e57a2dc23d946760352d0388" + }, + { + "key_generation_seed": "bc962d978f38881085c1b813bc90eee44ad9e7651681c20ba46402f557c454de", + "sha3_256_hash_of_public_key": "be3f910c1344b2bcae7194550c394cf6808a447218b2689a98dca1d7f9dddddb", + "sha3_256_hash_of_secret_key": "bb1913c989ebc0d65dc07d704a987c5abe85f2b76251a6b39eca982ac846c7bc", + "message": "30d61c6fbd64113fced8c5205026ebac0d9f3522182617cb00b6e70c8da62ecc1bbc8e1fdaf17cc61dd01ce85a9072cc1d9d34fdadba5b93e0aab4c9c4c9e26d3f7f145fcb23673b6e0b373c0fd1a58f52486b72624ef91a539519ee5305772a006e49521744912bcf3cdbad424f00428aa96ccc21d000efb09da5ce652e361a6fb649a060835e3b9dc9cbec660c7531620115ec905dca6ee2a1ce36554c0fc1d6dd6863b8f3843508ed5c214b6923e7f5c0304e9b0d5e5e433bd029116a33a60cb980737ac950577d0594bfe0ad2225cb8d3fa42f192b0ec05a49391632a32fa931c0fbd83a7b6ea24301ad0906e7911f9d900d19ae1247ababb1c0e9b9bd165185d9d7413ea068fe8824cce5b3ad51fe8e2bb2c4022c61b002c1df4852e4910f38613787ca12371038b6364d920e07b4b417401253451ddc25624b5d038b2dfe29b8494ec960f87803caa256a95c9868af819747e4bf26faaba6ddbaed93a7815c795ad5eb7fb4592df678ac1375388cc7ed3a6230cbe80abbb113c80b70c789cf0c66b943e67ce814f12d3d83f3b90a4320feb7fb81dc93b05d7fe2d36584399214d3d7c71aef322a5d04b5470703b3660bf86b0b17ba9ff23e45f7befec3758786d2111c81ba4d81b83feea35a0668e5eb3694963bb4db3acce4fcba6f3f6fed9627580dd2d2dc103ef7e52bb9745bd42a7fbdb459b5c8aaeba67686eb899e3177faf0897c61b008ace3304c41b4c79e2ef9c865e9958d8716bddb69154fb33187d927b5296c1589fb1ae3d553f116ff6cae56910ce6717c446b9947ab2a981a8f5999c1c6e517eb3fe584f5d10059910e22f40fbddb709c9f686f51abf7d7206a8bab4a346b51523c362d749238d7ef6671a89cd86a8540604f134d760267e91eb92fc0fc275cab69c776ef81dbad35027e5307f1d34ebf5d6e4df424d709666a1e649c044c4930098b2e6e3782a93976b55073c504563c7e052b6816c07f0fd54a759d2bc189fac3ff54549fc4de192efb58a9e301863a77380967735910f63d35ef5fdbd8751de4bc6bf2e3095628dc7f67c1f5571d17aa342593b2c7f953c3f0f22da1862122031bbeaf0d00a029c043304e3e2609c4fed8a7404fa10e2ec846a70eb0e37c5be61e698cf2296ec1fbe6fed75f6fe3113c23b29afb5a6d7e3a9e46e2d89d8c06450cea11492c1a97f7d6be8ff6c014930043022b264fd32593952bc606f779598631e48eed86ec2a013d8eb866f311a400", + "sha3_256_hash_of_signature": "bcabf0150c41fbfb413d3f767bdc88516184e3eae7ca92a3554f5bd05d6da181" + }, + { + "key_generation_seed": "c3de54854a4060ea09ed92a363f71c7863eba64195e9ac79e7ad7eb6a183cfac", + "sha3_256_hash_of_public_key": "f1298af864fc11bf9c49da5e5e57b5c799301fec5c145f458892ca3dab97edf0", + "sha3_256_hash_of_secret_key": "946e8033af0d1a5a68774e531ce618f049a03a002e6c0609211363339e2da9f8", + "message": "c83441b16b39bd7993766e7260d07751af2f19a41e70689b0eeed0c118d9ef109866aaef31b2d2962a25a3d1ca999214cdf0eb54598382eead64435b7122d275ea8879bd47b41eb64ea908867fd78ecfbe8e992a2636aa7477de5058179565d3a2ceb8ace5c0302018043c411d89975a64927b48cb622a13f1ed85cc1113897a68488161afa1e636ec786a0aa37b928ba88a50164a9ec372523aa9ec8885aa9c95b29f7ca1bbf0652bac195ba94e976d336b69a9f5346b4c7c81457f802dc9757c7a2435a617317340f764c1a2ae131a716318f00af0efa89d3b57d8f31e155598b3944d950d6a1d6485b509358efb3745b95edc30dcff02574f54dfb2d31b259d132d18897df868115679f06d41102cd4eed4ea290f711148b99b647b8555a4c0dca1d2d0871c59ab1382a2d6417e6236d71e2bfa1a75cda54f93e6c087d611878ac7670a04fd7d8cb0993f456e3bc1c3b5898076e22d2d9e0eebc7d7bb8d142bd2b5f6fa42b40bf676fb69c532d7520a4a105ef0c1337f53d6e9b4ba17f1e76af4cfdf08f794752d2bf71e8777e2a209f8891b1a53d7bf2a5786b00b9a0cd0fce79408f26befa2535be188a68201b1514074cd70660971f86e8d3e92790ae7ac591aa7a996149bcdf060c615209ffab82e6000f41b2a5606fdaf4cd08cab0c2f1103b2436b1fd7dec477c6233fbca3b07a0ca01bf3476bfe5334e32aaa2ed35d5747d673e7bb622e1aa7901c77f28a3ab2197c8b8253a1d28c969eee73d17ad71c7919e7f217ba2badbd1ebf986cfe981024fc347028c1109cd4204c7d53535a9b677e39a43193e054d0fd68104d88934dc7ba6cb3e942aec744b935cdcfeef4221784f96798e650ffb0febf2715d75339d0cb6c2e57c1e9d10f13e6786b7f041ab307b8cfa51a2f10b622995230fba54b70d94ae278ec224d9d0950ba97beba7eeb0e2fbc4093e548d9ec09ca1a08e5f0483024d7c1927ff8dc270900d42d31b81b13a29839bd746cbb3591bc33817741a31dea308f549a74f3a4e5478844183b8d7363ac1f4d4a5e907d9ed98afd08fb8baa84c324563495387a4f12c239fb63f0810447131311b2d2ca302c7da2da57c94c3b5e844f537886fb766ec0e977254dbca8fc84ad77430428f0692e55d8e2cab294b857ab51a2ce4a725433df28d9caba86c770743ad987bba58c0565bd18590931e283292889294b607a5f19d9e905aa3940836e2a74a2e94ff3062e85a5c6c978b5eb2b254bbcde128280e6cf02c11a0c2066f349e3c6c083965d5b8a9c000e15ff36c5bf3a6d42", + "sha3_256_hash_of_signature": "46d759bfd4151d0bf69815b158160ee92a5cdb3a7977483ac7e81079dc437977" + }, + { + "key_generation_seed": "828b9804524bdd17d0eb387368b01b0e95b4960057ed63fc2289d858201e207e", + "sha3_256_hash_of_public_key": "23a4b60e907eade0d673ce037bdbf03d07229c82c644579e0846e8a3899f9063", + "sha3_256_hash_of_secret_key": "6b4bd836eba02119b872c8b1fb20ca3d7f734e09cc3dffbbcda31d76be390978", + "message": "86d27c1fcdb8164f8909073f590d0a280e5ef193b0c42863ba518bc8a51e625658dbe2184c3353faeb674c991eed3f1b0fe3bbe50a21ec70e9f57b97c38d6e436d3dd577d7056b07a401ff0ebbbefaf8212b993a39281190e309ed0c50b269e4852dea85432a5941269fdf63766b21d25d8816de5e87ffa051009d232d6b258c5f43f45f2d48be09b2ccd8fc963fad81fb368502057afa7c865d62d932f652802a299295b29411439dcf832e8367a749b4d7adf7e8abde3ebfb844a9b1d32f77b2bf96b5d29fc15dae83ea80a990aef6590776ce1cb81587ada80b9a7b45aca3bbc54dbe67df090104fa196701280b97607a333a9b56a728710cc1cbb7569b79ff034572495181a92d2380a7ee5e9cd1b0f758c2bfbcc4e11464f1cc7d91f117319c30ccbf4c11e60b5dec724225b8d77b71aa58f5fbd498a3f49115687d58393be648805ba1737bb921a08d738243920c3834f8782a8256b7dd22ccd5f4ece86b8a0860bff21c5c8f0be987f2d510ed4df9cf94bf698680b7cfa22a575a3d1b5b431734b59a4b31913019c1f42dcb76a9ff32bfbc6e16d2fade26e3c17bae49cc415e4b370d1fb43ff652be62d18b0affdf286765f4f30fc8d6f2c4a58cd17b3bdfa013bb2daa075be5f522ef9bfc2e1506cc1c4d381b3342edc19c955a5fe48a712af5ace66a028d03fc859711c9d33231e48d41e58a2c2ad81da77529ad5e6b73e1ac96f0c8e53f153faea7903f917492a1d2b1203174a08551ff0f9f91e32bd0f31d606c80a505d5eb55265542db3653c2621e7eb3fd677f49534f261205f834eef1645af419ef6be5cfc16d54c7eeea12d2eb9458831f77fa558e4d5c7fe446ddaac3e1d502c941c95f572ad545ecc7cad21f0dd50845cbdedf589505fd34cd8c00d57243c3aa3615d84c39b0a72c28f40ac72da25ebc6987df5a7e390399463786e75d524ffb6c961bbc9301264bfe3c699101d18ada4a72d193971d54089e6fffa684cd3d77570ce0bb9179a156d3e2dcf266358499bfc158ac9a6913f622ca861c968ebba0a59a12674bfe39389a2125a02563b082259483e80c89a3763c0a9c3db485aebf22c844539edaa28a3fbc0053eec475679b741d9afc16b5fa109399fdd1fc3574df8a1292b8d7401aac1be452d38f97d531813369ee4c50f36736b95ae9c3e4f91ae85e2d664337daa40f75cced2f4a4d210bb4ee25a56dc217dd176db5aca43c002afd63ed8712d89e266674d9736fe4a9f202a81d177970411dccd289b25798272d2647ce6451906a4f7d46e87a46cf6cd048b6bdb62488a24f48d1ebd61ffa474321b929e0a7b6f9d0f6d777acc14815f343e1", + "sha3_256_hash_of_signature": "e3ab7c75c1dd66c792595ad90590683f44b9f221ca7a6aaf5c6f981c3b1b40cb" + }, + { + "key_generation_seed": "4a84ca5c3954faafa11ae87fcbe701ebb5afbcc5f8ecae7786d10821e01ada5a", + "sha3_256_hash_of_public_key": "4a74af434dc12ba2ed88bf4f99db08f20dfd6ae7f4839561095b972b1da8c351", + "sha3_256_hash_of_secret_key": "a0e6d186d0e74bbb5a085300d623b7b47019c21f7966039b2f4f93add5330960", + "message": "56ed7708f98432fbc623424c2a3634780470a01784becff01bea5ba192d02c33675084263c4315420a009579ef80dd15eccbb812652421872a9577ef7d07896a727a64141bae7173426dd5a3925159bfa927ff1039e70f729847b48365b4d3551476206aa049ba5ae8f605847aa03965f058fcfd478961ebeed06530abe900042321059c297dacfe76cc12d52311b2ff8ee1231c77049e232d9fdb751fb27eb7eb6a373b4b1c06bd0ff46b1b208072c873e6f938e689839079e48c6d18f678769f5f28a903467f2ff2a8b02cb19df675a8fc7560a7d38a918ab8be083ec4e0ea148517ab90f38394833304f245bffc47f9eca771fb80b9c71ccd05fc3b0d66eb06d24b914b63d9f16ad2f2bc454b591d01ecfc527277ae71e3dc683161a53f129743f3428fb82a89dbd5d42f3eed237cd2f8d76de2e56a2143ac6b2ba811f745cc72132028eecd4412b76fdd87a2e396adce72dc69b8fe053042e798b220974587af96ba419da6888b13ffe217c9d01434347f4162fd554b760883e8eb1aee46c4c26b990c6ba10d2d939f513bf0eecade8b5deb8de2bc8c8894aca51e65aa696e390c11689f1c2cfbb70bc5f72c1872d99babe8de8fe2dbb446a8129af0ab8d9613f0cbf3cfa6ea3cc409f4a97581d5012707756994b6c8d4fe7f64e0f0b85a85d0a5fe23224dfd7abeba8e3fb2e97ad87fa8dd477adf48f64faf486d0df11ae9c3bd3a04abc962c5b02cda02d48f0b52d84d4920c116c22455df291a96e6adff91e3cd35cb8b5b4e70e3da8b87cdc969643a32b1f97131c5e0bae7f6dfbfac32218eaa596d444574ee85ef7c9998dc1088e5813d50a4377d29506817e4234f68b32ad68e00adbf6462f8d4e215f15a19dfde452f0a65360f7c1f20e11c42eec55565ccb23ce248bd62e9dbe8a7d6639028a92b422ab444c5688b5d191a4ba8956f358d131e2ff6dfc607accc5d31af9678f1a226530078ff9a73d681deb697670ddc3e9096ab0fedab664473dcffedf9be62a5c7c54fa2eb5059e9a1d38413b1a4fe6d531b799453bc7185abaf78cabcf65f365b00827cec5f29c4737047e3b2932a78757e9626a958486d1740ecf1ec17a01aae6adec5104eb934f432207ce31d7096acb3a0fe2f5dd7890c021892fe7d3f34596cf20b6b12fd55911acb46d7386f99a9e9ee067a45c6a1fbb463e63d69cb582da6ebd6330f4f80a1fa72f2ed24ce9bbcd967118cfc7e21f6bfb68a905f532bcf8b8befa03295d362b41d25cdccfc9b41767858f651bc56ab2bb4a8675513c5d6f1c943a20a27dd29f941ad141debaad219e056510bc984063fa0f389090d434157438bb1759690c453a2f55f72c033797a4b0c534ea2ea084b3b6f8966ac56b106fcc11ef08902f2ed", + "sha3_256_hash_of_signature": "f982d72cb8661c0f0c8e5a8c5ab0927b81563adae5e7cb4fb3a48d59cbba5153" + }, + { + "key_generation_seed": "3e74ae2b1d49ee6f149076f0bae2d26a5cadfd5de7bef66dfcae6b588a1f4067", + "sha3_256_hash_of_public_key": "31d46a6c710f4c14bc53cc35d9de5878538bcfba06a9159a2f6d5b7f80e29a9f", + "sha3_256_hash_of_secret_key": "c4e70edc78d026818d8f7f8f9de055162d29bc543a1a40a2530a57995ec8014d", + "message": "e42c006f144b0b4e188febc82d63d3d37096deec9d3dfc3b421635dddb73c76f6260ff1c53222a50d30b26e2de3d16e3aa64c78604e1191bbc0e2553117a441159b2a35fc8889499a2efbdd2f30b8b4c6cea38eb5b2575926e6f22ab96ddb4b0c5c6d78c3754a1b6deba49ffbcfa7477be9a0f74ec379d1c9aa59247c091611573af765ae698d78152187b291717a9f03fe767bcbb12f52311215579352e7ceaa8654b5403f18ce82e0a73bfd5fec1063b506f44eb1c9c5a03697d03dcb2ae15c5095f292b4bcb130b55c19ab728b3232ef77d1594611573cc6bdaa254f05934a329dc27cfa6cd8c02cb51c3c295c964c40502fe2b1a81a51c866f7c7380bfbe339b39c8f51f73722a05b5d1e9cb6313557b3656863803c9dc99bb1905d7f729b2db8da23d88200032f36ffd04da11ffdf6277acc69c5407289d00fdc3c56b32d54877f4a8dc70abd37ec532b8617d9f3c535b8e962fb389e976b4d1aa12de5c1c2ffacd50acfff65201104648e0c04cf7c1f880e8bda1d68404ba67c4bf64c9d2aceef81b35fabce58645e0f2f61eb4ccfefde7239be408710d349987d849d40b3ad294b9d815a91848f9ed53b69f78d9e955f6d1fd7e38ec291664d54c2bc359fba241ba6abcbf5fc2502d93760d9f6b1f7fb766040e98bdc23a6047134a35327fe128ae24b4c7d0cdcf1801947a1821ddd7424892df50e2dd5c1e2e6c5bfb4467524fb45c7d977604e7e0f1f98eb8c03eee1d9a5796c8a801f082678940f076bf44d3496730c9a640fefce385865899fc33b5dd34d036f2fd5d07fdc0a40fb725e84ce403b46de712b4b44ca8801a1ccf58233c5da06719769823b5945849ddabca56b0b4ef9327c8b5e5a445e6853e5b66b8d590759d6b2db722c22f8c741cf3c6325a76d93f4fde5872d5732fb19aaadeb7c18094727ed43b305b87ae2dbaad67f90feb86498cf65cc57ea635340f27ae5c5cd60ad3c763223af877e65a005c488aa4af9309e1aa02002b01df8865fd481ea254015796985969997a53b06df0355a6ab3c8219b652b09e1f86a6ca12d27c4bcb9e8d35e6889198c8fed71ad5642f5f9f7ce1df270d68aa05467ef9acd9a51347af1ee9ca7c4a5d78189042900c6d561f68d410a77e79726dc123b196c78829f02cae7d0623bfe9e7b0d8bf84033086295992b77acf027489d51bc7ff006a8d4ab8079d494413a565e7f687af40dd18b86aa4274edb8845df114c0146de3199cb55f773a87ffb126b3a4d00d38835cfd2d6652c07f572f39d0397fcd62acf6ed9f3e8951348ae7e52a669fa4e2bfcda548abb1989a1d74a27b73103770290e6ecac87029359354ee4c87a77bcb5ceb10162dd54499905ac8ed442c173cacde068bc546720d1284015acb90ca19147694b53899395dc663d6683908f3cba29ad37f15cd3903c4c7f4bd73", + "sha3_256_hash_of_signature": "41a90fe623ce9b1f8110de0a332789e897660cc13ea1230532e8c048f4e495cd" + }, + { + "key_generation_seed": "39550bd2782d66fa95380f5f101d827377b11410f8bf3bccfbe0e504fc09ae38", + "sha3_256_hash_of_public_key": "edc6fe5a1ba4bf2e12bd49293d836ac685802619bb923e9a99c9ad43f9201ede", + "sha3_256_hash_of_secret_key": "9d3284ee228a90eccc40efeac72d09ae111ed927a5c587e198af856ff1be59ec", + "message": "9c311ff20f574cd9b7bce1df705ae7dce6e7a621c935a6e57a59eb31fc443ab1e014ad332fa784583260aa6153c464565c4568108d60cc126f6e8ec3bc9120e5659c86cda8a31a7131936de7b3db39a4692808dc3d2bee8a99880ff9d1d5eff1e825a0f043d908d62a99779e013845ac0c21abe8e4df0ee901e4c6beb8bb36b30228b7756d617a8f30c16351d8ff91786f7406f75d9fb648830f88ea4537f42ead62e8790e9cf11f72c31d718221049c9aa35376ad8fb065f4809f4383a23c2b29425836c2dbce4680450896eeadee6b83539adfdf59aa4fce709d601640eb9a22dc3b41108a8ee1fccde9945ebb1d3f676ec8395255e125e62a32149c73451f597e1c32ad979e5be914ffc7c548d6ae92ed08501831e9007770a0233e5778f22adf7f1aaadf9c9a7c82d2f42989bf21627d3ef8bd0377a5be5c9f5a585a246a73de4340e6b43b36db775b34033962646c16f26a2b7179c40a721fea54805b9ec42177b42160b1a67341235b5af9f30b2703bff8cdeee5bd7ce506b0707a69f84225b6e5a92e80edfa235803dbe2cec47cfef0d9fac95c3379816a39f4550bdbfb45609c76d0351ddf8d61724bd5e8be94673b3013eebe172cace247d79925b12b5dba2f6fb72e797b2da849b79dee3db76775f5f1dd4595678671c7b18bb3749fbb0c6a7135d639f16b3864b5a251114de7e9f8cb02b4cc69902ec8d7d544d98e24a05f8accb182e2eb44bde868b077b1fac4726e8b01cdd0d024405665f7adb60a23fdbacf421246354e824cb74dfb35e57902794e459493905400d0a0bad51d8eb94efad55c67cd0c7cefe7a1b055f06371aec7f490fa685c611d553d8430992ee7b1855a9cb305b5ce53154345d7def6110ddbdb5cb59559eb664c6439e057dc022f8686f2aa0ca81552428437b0ceb5fbb5df254036bd2bae7290d947c963046771a39d2656312236569e775e7d2a041b7eeccec99c1b9d2757c7370e474012ae707ae00ac37b73ed9c8e1a2774e54baceb42e8b31bea734463cc15576bd4f7a33430b1987d62e47473391938312f2481838f286c4dfaf701ecbc6eab1a9f074c1f8d8963457dfaac9a9a8eea70c50ce70d1ba1006760ad3887605ec38861dc1a777d21e46ea169537057cdfe256cc08699d73b1ac4fbc62f863353581cad358b9c573d77585df6544e5d55048d66a352828cd1adf5f42310ffac022a25824430f741371027b2dc14717dc87342a74f0038674187e478d8eceffc16474a4aa8bda0c8d41962ef2a4b64a036c888ccf4ea628e1cb9ee0f9a918fb1b22b9367feeee0218c83cc7e27c5cb2ac64dc7e111e3c85ca0e6bd4f685e5ddd428e028d192142ccee3f0c8337bdf43ce4b62704aa53c703ec334fb56ffdfb81d7d4419535d17e5fcc0e6f558ad82149c591fe0357da15660f61544b4041128218b6de2b75d3801510669a3977e2983bcaf957ee2942e504c29890a81542ea208e1cec", + "sha3_256_hash_of_signature": "a0b8d8e5912cf2978ee5abbc02f5c75101416b44c3b6c6d4f06e5ee3101949e2" + }, + { + "key_generation_seed": "b18f0fdf9dc4f514107f88cc43fb29190608ebc5a2cd00b49fe20631761038df", + "sha3_256_hash_of_public_key": "c588d641f266d3dfd6f1d26d5f76e23235d5a4d0f606da2cbc55e63dfa3456d0", + "sha3_256_hash_of_secret_key": "78f3013588fbcae5c1fa939dc00afdd11a0f676954dfc654d667ebd97576a768", + "message": "7ff38725f35312d75e58845fbc33e112dd95d5c1cf78119cb413ac839377c7051bf5f17add1484f5ee12f42b0587ab41df487ba5e4d8836777b614a9931a5fefdc4ac451662b342d675c940061c4ff01f747b69cff585fc5317636e2a830140c0007f73c76fcab96195c86db98e5e65c733825db0325407e5bb059490f2e9133f9b4aa328976256eaaed2fbc59d00288d4830d99731a3aef36e5bf5239f2899c500f942b80b00c3b33307450ff0c105bedb7df84231c5d24c3c3475ae2f46336582de93aadbfd385c824f21362c19b1c6a75f56b69297fb3084b6164204e2348cb1d7cd3ab494bfa7ec8fe346251c874085f803bd7f4dde1995f0d3d17033c461d06b49ecceee0d5312c3a435af5bec9808acc524599668aacd95ecea7ef07c4ca3fab1cf964fdba987c345046e6507ac3d372bf07d72cab816ba627c2bd452ab8dc3044a7f0a01d8c0ea47904a5dd66c6b7ef9130d628a4f2cea5a0d05aeab7daf2729c1041fbdb3c2d17bd66ae293c03e77a0837419471c29691edfb20cf69bc6260975089aa437628f140a44fa2e2967357ac1bf1345e4208c33cffede6cd634b371e7745143ff848f77e5130d1e0f51868585509f9cd3b906ee0a5072ca2e908d6765c74d9b5c35b6ba784a3ea59d808acbb1c24d6c088ca6c9e17bceb18337a4da0c1daeb5d51efb35712a475d6c5a2ea51e93fd79f7deb127f3418f354df06489e10b42bc1f20651660caea17f67f306f48e15db7e67a1b56578ba7be6c229fed9567e128d48551e6eefa17af5b95a716555571f44fbc41ab29208db7c1846e130866d5c9be6f73e601c55610dfd0f67d98933d252059daa1dec20ae0e5bed6568a6322322d8a40e6835fa66e317733e1b465434532eea8fa76886b600e06efc1da41f8dcec0a5e8ba8419f0b7879cc0a93bd14d99608b5bea931d8971da8d2d89053e1de40209e257e741bef48c17fa15467f1312a368d4a061bfc76c2b7bbd900b4a34da51b7cb5bd6e2fb08806a53c0d60273167d822fb6982785f2c3b0ec7d893b615724d0193928d0ea8ea2a1dec5abdcaa904c754cb7747449e87221b3d86bd5df26e11da753e768a8b481c306e485ec91074377dfc68be74a444906e420c2d8bccd84be13aa5ccd11115b669c89e9c0ce374bc4059c696e5f8344fee467ac8c8ade37daf614992914c763d971327b60946943847fb6b82672cc376b780953b6f4433df69ac61e110fbf1a35f6272561193d8652ebce3291333fdd4d84b9cfbc60a57e1f8b817e84ea15d440d4a4b4f7e19c08ddfc5949fe8cbddcd0296a62f12f53d48b1288b80e24c756fc38e2fae9c7a3315d1c6da42ae838afbbf5569f633a68289eb7073babcb210f4e08856fa65057bfabc70ad3b58c2c870dfb5e1b0d11b6fa6d5bbb68285d8f9c21bd89669781c9f4dc32eb1ef58b80b1d371334d36fa66a2b3dd4b3e4dedba7aa9fb7e0245f5fdbb66cda653c5232a131ec1f0c21db1c47b990a64a24dc8c4da951f419f57c03ff506e0147c22e99461", + "sha3_256_hash_of_signature": "19e5b0ee7ba235d4f6fb1c338b6a1541f89770adb82199a989d17bac60563a02" + }, + { + "key_generation_seed": "d4fa14da39548392300a41be413ebd53bd7bcbd045b4d3c8ca44abc9599e269d", + "sha3_256_hash_of_public_key": "195fb040f8b57ca7aaca252f390dba837759ba4d83553a323007844633f8b166", + "sha3_256_hash_of_secret_key": "4dd6dfb16a8209ed1d7ab8bdba18fdd4675a206912c647e16917008e054e4a8f", + "message": "789518ee21dc99cac94dd5298b2f3eb8f6ab8d0705d24d9aa3012f217464e7f203e08e5cea9e44f54a6f73e88d81592826e243b7f0b2a1b3a06e5afde23a2985183a0e430e01c3fa90e9f1db7e69dd8e7dc6fb802933e04a18834c091ecd46f0dd423f532668cee8a12a06bbc7e5ff3b9488b8f4a87a92bb8d6f313269ad95c574245e06563bb58bff6169b8f4c333033bc128b91cb81dd41b831df5103b295f744ede95fc3a0c72f1134a9321836afcfd563192c343040b943f69c0e98e8d740c06ccf840cbfc6bf777c9561065916f13d116d758a151e8ff4c355363aae8e4f49d2a2e062a2bb213aff25662d95549b4b025e70aa3363b50d25af84a3e5b0ffa598ce074733ad191c86c351592299c26c0a4933573ef436b73dfd0c4eacf93d361afe5f824b91bc178ee8381b9efd52302ab8cad6c08c7e090393b9b8abc78af374fac6e60bd104baaba524e68d75a759b94176105a9cff2e5b9c3984ff61c5afbf22b8e1b9e4f9bdffec0b19c2a5c8db3b8b2c02115d101805c1bd6652f738f02600e38998ca41ba8955094fad5bdc34133d4b523ede66cf483f1cd5acd9efaa69703807410939974d6dc033bc696541357da9881a4fd1385671b6e4bb889c68b544175c1e2ec1395dff4cc87e037087c615caf40804d5f44a2de301961a59818173730a45cf4c2df172614aff7199a40c9ffb9957242a89ff86b36a4f4d60f15db569c2fefaf677b35fe5f12ad5a323397714286e338ff6b9080fca50b657db477a52a93b243bf28ce2743794c361f443ad81ebaaeab2b237ebbc572d8586c3eab1f42baec1c985d28bc58b296a11d96a04b0e1f7f6790b92e450248804f3f62b5865941bfd444a910f31e1d6b79d8906e7e9828618f960ec14124fbeed28e1f58a8bc9d31773442fedc5a220f3912d0b41267d427c0c15bb76f9200c54b5f050307e13f1eb3de92b864c994a3df4cebd1bca634710fa342e23d7c8a5bac1b58aa321e215e4418428206f05232e2bcd1b5ee1bb7e34e7d4c93088991ee9dd643fd08b0185a2f0aeffb0ef0eea3acb4ce234bd5479a4f4296001305826f23083cc9dc99011864f250e77e42a0de26ab09ff6e3f32552f6f913256729b357cbf5dfc825e91bb5d3fac1f729803d431d339955960ead69b1e54536cfd774341cdfde1d1f527da4e738b2e292bdc884687d1016dc193edf34a37d284d026d33698295e864196e0bf16fa83a35f65ff2b38b7030e9e63eaaf594f272e07941313d538546bc84671739af822391ca4dbe6a579a81f45ff51fa5b7ef49beee7beba4ae07452c13366668f02752923ea3653043b26c883799fe6352f95144283d946ca87143b74c8a009c024d073baab9bc4da6c87d35fffd753e1eec7f01944639e566fe17a6f715f4197d1cba58d3d153bda37d7d2d5e19620ff0842527d109333fa2ba8bfc491689f4551bee6c9d13bb9e69ee4f44b782bb05d1e48d293bc15b9fc706d52b021c7159ff7df80e55627dd7555795f1fc616830a4ba2c02fe1a19dabe088e460bf3c5a88313c443179c593458467faa468791ca74e9b1e759847b6939f", + "sha3_256_hash_of_signature": "a4133778fcf5ba88f712d4d11a6ba09e021b87547e495b9e9d60de5e29e9947d" + }, + { + "key_generation_seed": "c796fd12d1feb1df46b162c38292684c09059e4463cb95dbdbf498a4dd4f7f00", + "sha3_256_hash_of_public_key": "d340bf80788279a1dc01342bb2a7d997eafdfff11db0ded6e41e7fe34440ac77", + "sha3_256_hash_of_secret_key": "d5c26d6cdc466915c72af3ada47b0f99114760bac093ad54018ea65a668dea75", + "message": "a4117808d9d05b702483924e99623e778e7a3b7623739ab7ac488ed93e711ebddec383bfb7e06086fd0c374f4668ab744ad99b8af1c75309b60f55dc03ff7be6f23187ffd5cb224068568ce2d06abe441557b04a5a0c2858c416f6f7aa89a96adfc2afc54e0f31416ceed005b7b140b342652dac7bf401fed4d94d475784936fceb4b4f334bb14ba55b1ea9a36e2b0591287eaf4aced997162691a96e7f59853e609eca9a225f615a49a12763d80b5dfe6f8638923c39bd652936b19b944d5116f790e866a61947eb60cd1f3a1f319710d0f40e487efbef51fb4d00f5dbb94810128215f72b1aedd74a1b1d237088de3098417714eeb67d6a3e6bb647b6b0ac6d0ba3089d4cf6252b69c414e2bd6614429b6fceabeba50a4b53c7394652acf7dd9403ae14436ed5fd4d1c9e238a8399a763806fef5c3742c55b7159ebf5a13b271428f91229c191d617808a26af9190f9d445bfd3b273702bc3e7f610854c8e86066be7757960a880cb6727cef19dc7b464c464a7dac9ae85b799747b8488a4123b6bc7f0f7c2a8e53fd4f8687075b4e25660f5107acf22ca688057dae0496ff15a3eb9379a9f6e22fa43c932f137e389478c05db86060686afeafbcb9ed79ae194c4146a48ce5e07eaf585279313851cb864a50075ae46c1aab3b3cb920dee2652f5afa0138051c7c980946e8d5e18c16789cd184dc5598f65875ef43418dd56e11defb5a4a6afbce041bb292e0e2ec563296ba4ea6cbfdcca32a18c8aa395515a83d0fb7819413e5ae056ff0ec2f63f1d52a8be0b334a628d00995bec7e46a34bcd2dca0e9c5a88e0fc8c43843d6ae074c699276293fd8db2be48885155688428c2f5a6c6c91bd4a03cde2126205f9ebafe319d1b4f80277fe99211a09628ad840046eb9aa568ec71252ce9f69827b677d9c0d99546df5a48a8d253ac0036ddaf4d045a70f94ec54bf5f06296b2c2617f2b0ec0b8374dd28de269faf739b1e55ae1846f548fb6c0403c5ecee3cf9d1927e317f0d07e11aeba01c240fe17c6660f7cb32305af1eb6de4312fdea6990da4e9135dbc0b88ad0ae0847e1576f3c2711b785b846c7a4b823688e4218596caed583a90dc46bb9b27e00e4c1110b65f77e602f043a8441563667691c07162e52a53cd76e2d74dcaaa2983bf2e8f02cc30b05bd4f9ac731931c59f9ebc038fafb09fbc886f4c4191352206bb49adaef9d74bd08a5b780ff0fa301343f5ea81d36912eccb0ff24bbf0be6a8283ebdeca79cfb22639da38c9c639c4bd66fe5a75f0414fcc1455702856e6fc58344bf02998e17e967183ae920b7e04f58aa09145d6da79b65efcd18ec55bb9cfd53914f80d73c2b08bb754ac63e4c82d44b72376a544d97394b7c99678758b15cb94e71f9fccf674b29ed5afdce452959be5af510d57f9e5395a576eaa1fa7ba9aa4122a779727071fa485c005b447760410dee20b7c2299b4a0d5d9e5e4e038a19c87806c3fb875ea5bd7f47d034d7d5fec4bf132b04e47574172d392ea7b371516190ab81c67b45fef6332848a51b6c7dba90c410a44e9a88ac082fe296a7435e7d2ddfc645d5aebbc29620525757dad1b0222159d658c7225d02374ee6af479fcf1aa28cd91b", + "sha3_256_hash_of_signature": "21059ca5c5758b5d8ec14eb872848760d034d1a856935aaf8ebfdf525f0800a7" + }, + { + "key_generation_seed": "a18a366a5ecacae4732dc9e954333ead153203013bac4e3c50bee15269f983fb", + "sha3_256_hash_of_public_key": "483f8513c42fab9b16b7a63f5efb5b4301cd49d324a8f571d64b6ef303b9c5a3", + "sha3_256_hash_of_secret_key": "c28385af3eb7cbc42238620bce144c6ae60a3f7375f281f12be987416844e553", + "message": "e82f5acc7c1a326d430475357629d568ea3d0dbe131114781d5bf8daa32fde9f3cecd288acd14445678c5ea6d3afafce48ea3957a6af8d8f23f78d84130fb6419f706eadd430cc85aff48283f15602265059abb075e011e3941834ebe70787cdd55f1e604c6b86f761d94c4f5e525791333df6d43869d6f36b212a8f35583d38a21d0947cbe26fbe6a36e189c73137f2f2d89f48566d04d2dd9125d2ea4e0b2a7e5c1e9d2ea036cfadcf7bb28f6df3b7d6395230c9d39d1e7558ea25340252708be23ec6c0c9a0946c5c5af0fe037c254d1a5b2b70b8f916cf37945bef76bdfdfb19a0daac5a83a6357e986b3155cff31024121634c3700ca99e5ecef1f2e411c6621fed6092c1ab59860271ac7f431e568075d59f71aa18096195f30bbeb1a6bac20e034f83c72be0536315879f1d1b7f31d38c12dd8e97819b4803d02becd436b61d1296ceb78ebf857e34087ec8ae8395269b5b0770b3423b39638910d2a3ddfec8502389fd8b5b09ffd10caad1a5c86e7e39629ab09a4abcdd00fbb9821f92e7dd24dda83d1d9762f52a89bed6c20648ea04fbad4233e5920ae83ffec28fdb5e432929a41db782b2cea8feb40cad0b27903050b650477e5d9443a536ecdfdac673952810596f1985427359d9e4797cabccd2fa0c0a2394d853b4e6f8e150b3e3ab5136cf476605ff5ffa9067c0fe58a143b50b18b09256657cf091132d449a6e7ee79aa870e9dbe46bf840edcb983f585ec2856c059808e72b8c901a25d6afd5372f168d533052a6d26418e035d87d0bf818adea19915047c8d824a425a8c7915756673e0f5fccb1b4fe7c1fdfce505f7e18f023fdd32a605906ec48e0fa755b6d87e47711e158d672c5fb4cd3b8d1d13fe9eece58453987cfcdd87b621b870f3aa27e73b6fb7fc0a6757893b978c63b7723c49d1005a1e5b1a4d60c4a2fef392df7ef97f149b499164455633fa485bdf92f804a47c8703d124522d73887a2b032f10f45343993ffb009d69e80fb54b6999a5bdb2760f8bcca648f3c52bfa1d887ae49862db4cbccc7213acbfdc48a57c3da1f1ebbea828182432aa1c593c3e5591c825e5706a5f9503311e91ec3d8f4a9554c3df915b5fbe0516a7a5597ecf8862a8df286ada96c90c9f2783f7f947a18ebbc64c1baf24b29f77521a9ebe09becffdb902efcd024046fd3e6182bf0c84bd3a0a5410eedbabfc60114e5db28b0943d79f58f766e2edb16759850d4cc3a9a57ae073cf6f3b24d36a4365e2bc64674259170b6d11dff63d0deed085b6321c45f218e09351aa0d4155189cc98de5627a03396a067ab3fea2c133062e3823fb1cafa5d592070c8e82abe812979dbdcb6d2e595f33830ad0e8e2f9e6cdc4d9c74b8026ead1815de36772769c4e00806f79950a40c979c14a4bdbfdb79df1de01fdfcaaebc93ddbad62ba166843a121d2b144559064e9de9e310dfc93d624c1061bad3195d6c9f46db64c65a31e90371f9b644e2a15e01c262395269a9ae83f50776f852903f86e5518bd008cf1b35e78f910d48c0b7bbaaad5dff2375c55d56b8f65b922229d5f494edccd2d676361619fedfe6bf0bfd7e4c77fc459f181120c4430c409ba89d2e5a8c36cc6200497611d9d705da6ae1aca4e16b389d632a982e017e1dad95dffbc7a7d7191e7b8fa1c0ed", + "sha3_256_hash_of_signature": "15c1de2803f0cafe4ad6c3cfcc0c79595e33b1e8260b9ea8a0e71041d531955b" + }, + { + "key_generation_seed": "585e714d565aa66078bc2b12699f1e86c6ff30a1abc8cbd19563bcddd2f1f6d2", + "sha3_256_hash_of_public_key": "b8130163e0898df8b2ad61918de6f8dd67ac345c3e0ed3017253cc5944db1fcf", + "sha3_256_hash_of_secret_key": "a4584f53c07f44b5b31de016168ee0066a268bca9ea0e5a62cb4693bad7bb621", + "message": "743e5d96b9b4c1469e7ad2b3703f711faf60ca335358ff3efc8fcff02cd020a443243b4169f9123351b6c36762b85be5e5eddf8d4b43d82caa615788406a31cdf4f7087d42db21ae48a069aa23a8f6d20a1c0762f973e526f011dec737e986cc324724bc5336d0362525757410e21046a12ac54f2237e68da036a5c1389e46a53ed8c21774906948d4c9e14f40519c54dbd02b7a4acaabd24ffd7f6ca4d6d582ef48940296d2893415e811fe7ef0801b35f1c594e6fea2c293869bbd45618b6f04fc26b55d55a0ae99445aea12f851b7e58a49cc6a0044f28e3eb838cfa6bac5df53b0db78be2ca2bea1bf2deffebd673a783c91a6c9ee710b12042ec2863a9b52eada5b0d32101bba8338f7c75cdae7b7fd6797b25f96abd53a24a7647a1c91610306ffc72a8da4d46b1778146a98bd59cea3173d41d5a53f9a7f9e282b5fda1afb062d8afb63cb19b0e76df782feb9f7fd50902133529cfdd7c51af297895ef6e1871afd4c3de93defa8fcf1fe67bd27b7eeb0cf37a6a8e09af1203922bd9b62672d4756519cd09dd9271ecd0285f92030a9fc81c09bf2fae86f5f50596c628e0be673571cbc2fd76c563e113004529b234fb50e9e3d6d1f814cb8e5b5cc3ea365d0bc7602b146cc0361397d9bee9246fba3a724c462e177d27836093ec009741abfa28379aebcf5ef09bbce00ce449fec3a3302fb9ad0f010ca338363539da545f159fbcd3d6a0482454023587a324f5132fb6f4ca602fab2cf6cd59104427264cc9ede8d10cd9dd7fa6133e65693dbf744443ae920994226e21d98634bc7f0710dbc37c18203efa5adb467b523322e21e4e686b6b85b00cb501ed84153baecd4d6cac9d1183e38b510f7b1dbbe5995bcb717529b83fbbe969dfd8de21183762fcded692b16502834fe8e7a7c46f84acdcd2c9975098cf0cde8ac0efafa449dc26840180dcd9353a2f1b06962677c808b07345e8abe95b8d24f21d751a4edcfa0e02ff077de64e6b992e8c8822682dcc7f03ca7582fe7c74e0a9822a02d888fdde1fc9e73c2ededdf32001e918771e5f511ef8f88ac19b76fac0c812f56938f814d712d99269d7802e47634e541b54e00f9eaf78a421506a88b4bf7332dfc7d79e8c41835031fb449507d19d5a8a512a5c527c95b6f21ee3e41fa43591dd9bd2e4293701bdafb624e0ea290da4b7a173003867c4cc3fd814e117b4eee283c58f5fb33d653e410f68c8962155b8c4fbc13bb750a0343737d1fab36ebc618a6a7c8e6f93855cb24937b01c438fa713d334df335d0745582f680627d8b94cbc25f0d12e3b1c27a3ed72e2558b800c19dc6b719b961e0fee43bfc34e999027ca1969aba4c45fdab9af01b955e948de951f5a1088beda43ac930fe99d8cbb3473475c444f43e928e1a44966265b38fadf9b1183700a95a81f85ea43e5c61dd9b2d67701c95583e8e3f15083717e1722d764b6e624505347c30e5e70163ed9a046c504ff534956e911294d2b9097bbeef8740377ef0d6c4cc8086422902bf63556ce6da8e33e68fcfb42707c00693a995d17680b76293194db217eb5a928303dcf1814e4a881b057baf2553ac4faac8e4bf23fd4074154cd4ae189ff7e204eedb8edd594cdc21b5b7d73a712b511d068f4d217c0f91f9d84c524d973d67aa741eb13fe922afabf79cd2396181143783030fd2d0cfefc877934d8037a4c32ae8e15b50a6fa4269", + "sha3_256_hash_of_signature": "edf95d246522a3d833d893d7208485d33084820563fe357b1a55f24d3b856ceb" + }, + { + "key_generation_seed": "662cf70d3d5e95a9c6a33bd7c6abf0e8cd23ab2d2d9420878c4835de14a6c606", + "sha3_256_hash_of_public_key": "a106ce510ab1636ae5ce3fd20fe609be6b20686a0d1a9e90d1be1e789a015aa6", + "sha3_256_hash_of_secret_key": "32eb66f7ff8cd30559cd699f59fcb39916420f69efbdc60a4f96c40c6a0b76ae", + "message": "3382e87ba70ea986a044b0cba2eafc3316c1ac95a5f16f6368c210dbeadfae6cf2382ddf5078ad594cde3bd1a837c517b1a20a2099d938df6aa02b6c0e62fe6147c904bcf3ede51ddda60de7887dfeb2866db402d23e5934a74c9ce4852d4b2f53cc9bcdda312964a548f6f7c8320af1d1bdba7fd32ec6c86bc3fcb4205ed3db092fdcad9ac4d2b8575883e13f69d8c16cb18d1b9284b31823ece917c905c5c8b9d180c1bd87975871014f773fb57d402b8fe16ee312692665824cf0bce4509326a31957319364cd421e9b21bbc1dff663ed850858a2450c2ffe64b65e009a3999ce4504ba5313ba0ee4a8843349c30fa6e59fd3aceca130a37c04f9b64722608768973996112684b64d0c87bf95e5dd60661935831a6a1a9575ebcb2f64a15296be788c775d80523d6bb4267d91b0c71ba5f90ddf1933de898e79fc7e39d0a3d146f185214468da50aeb47402ab542e52ceb768a70cb1f749e4164cf20e549b674ce965ffbb98d874d34b5b7851e575e6c1e4de9c170a10dab84940af055a951260b0119f5acba320b55cdce4f16346905a2073cd9fefba95734e4f4dfdb7a33f292d45698831f1d3e9fbf56d9692c14a8f9887265cbb4441ab331d977e3a68a1bc9f406ae0fb1c6e91205670641b9868e2a987baceee2364fdb089a63b53976d600bd7a8ae88a02872e46927269d281cefa385c98ccdfa6609394943fac32237368c6203aafabde072054ab5a14a91391d5a943f4ed4a4407f275ccfd15fd28f1ae0eb6edcc6612e3436572919e4dfb57c049bd77b344d8e04152863efd4fae8fe3a7230aeaaaf82870820085f4b3eb5215111b6b8952cf2ff468b3d10f3af849f16e190e9560f40b05e6e2204591b58a850e2710f7043aee2a44a6d4a108ceedeb2d216e51102dd08751925de6a7f67bca1980f0789b34e2f86729621f2285c5d3a036cd87c76102e9d607c37ccdac8062ceb961053f3195b5abd88bc64fc65f8be34166841683f1eed291938f75dfdb3af4fd2aa98ce95382acfb5d5dfe6ef243c8a0b19b80584fc0cd533e38bd485d1c52e0eb5bff90c0a947d9b9095ac1c0ce9754eabfc860990206b981235c7b612db61c9fdefc0f14dbf68a8a0ea4986cdc4aabad6c218559e11cceecd804eb98446fb33eae47c0388bd8972ddac02ce807b707d6d188cb31a1d76d44323e93dac4f8ecf77e7896c052ef16009ce4d1147df84fd5785d95d77310783f9aeff1dda693f4bed26457ed82a1cea19d9c4919257e3050b25a7d1ce7561740ddac3fd93a607c79875e050e40498bfbcca95bdb3d0fe639dc7cea80e3dab3ad73a4265f012451c1bcc2fda1e1aebb7fb18407f31e7496e2a18d2c686b47120688240a2fb134a3c314d4cb422811e850524684ec485e061f7365494a6403af170da461a3bc32ffaf9143d5e9b17b2285c56977aecaf880cdd34f26120dac4c950198233a50654efaca6ea97333d2bbc024a5e668821d20333df0b712510100aecab6b484ccb7814178f851a3e6ba0b76f16c4685d5ac8ba48558d382abecbdcf0b919c1acae46ebeb5011dd0b3c22b539810720cfbe4cbadb111e100c09c811e724a67c66a1b89eed1e7218861f55a4dc55e236c6e3521dcb374437a14e8000dbebf0f7f9bf409af952888675c11326d9e3e8a8828bf50caecff96075cf29446cada373529d310660cbd60c042c143e1736fe7afaf6fbe42791a8db01ec0475145257fe2df766d4ea972b14ae5110b8f8f42d659383e9bd76", + "sha3_256_hash_of_signature": "cca9fc693a1d29cc206ac8644dcd43ca2a664f7b23d7767197dd509bb2464e37" + }, + { + "key_generation_seed": "1924a71628292aa3d2d34ea72e2bfc2520864205f54ec6f19f7714733aa34cc9", + "sha3_256_hash_of_public_key": "6d589a3b6dd00c29528f5b28a7bb61eab154cf24d53589473d4048bd15ab4b70", + "sha3_256_hash_of_secret_key": "a92cb4c76f084bfcd3507a73512c7d22bdb0be4ede26cbc23f4cc67274529ddf", + "message": "67109894c579974373ca0054ed5f7c373b7aeb810721c3d9cefa02eb244ef6b17507300370adb24ae0173c6d114c51e05f822a770318033c082b6502f70012283eda2a9dc0a1381f145470e5d3729d201773d2aa63c18885a92c962bcd3628835391d70dc36273dfaa4966f65ad40eb51fb4b416a8d0b1ddf39cb932ec4503bea23e3d9d3b4501db426c6ad99c28d415fb565f62eb5c22bb043c8cafc42ebd1c7190dd32a5b14b571644471453740c081f3e3305f9ae70a5bd505874382ec0f6e2188563e763bb8d1bb8b16587ae25a6252f51e4ad02d0483c4a6e8aa2849c44629cf4b7c6dd6a5fecdab0f9b2f0b35e306c7532b64bd5a3ce67a0247d97024aafe5cbc13e375aa69b8287bba9ddc9aaac2bcf41a71e373ee36b13df9f829bbee8f48802dd9e03be42a5e290251bb130e0e2abcc4e096dd0f264e5d29f8c2388a0c3010e78f2a03f5ba1be13aa5e50f2ba67a031ce3f787754b8276ea1af62bc5fb4dd9a9b9bb84217a37eb9fc7aafb517337b30454200d6aae491e50d5007eac2150f60f640a5c4624ce6d8112119413731322bad9762bcf72349ee38e2a41102bc5461d72033072a90e82d105e6fcdaed9c223a4142cd55920196d7b1b9278c84b67a2e35bde3c9ceebb8e9007ba8758bd35c875dd5fa0a8fdaaaa9a09629b9df69afaab456e105dabf2ac5834b8d223b0a406e0d1295c876c447e8e09c93fb09ed1b3ef6e1f3b7fcb029f576a45a12620567e05f218bc3753109dd29ae0ade1370c0f871ab5ad8a9dbaa277fb869ee552e8733e73886d6dfeace6b35e481f37a516ebe191daa6f83e4ff453cf9cc9ddea8ee507af0e62ef3cb8c22949cb828e21c6aaf3fa9ac301e2257b0a054ff0a237f527d53eb757820af637ffc9f983a2b5aff0b4cc493e610314432c9c2f0ff73c4240d520d1d73721b429ce41807b7424b14f5eb1cd23d5562263fe1d58cb1d52e5175414800cb090242e240c3a7acad4c84dbd8abc2731fa2b1d9820da60fdb6baa7ea849b6a146e07af7fc201b3a98e5194bb5826945faca3690209e5726f070a71ee07ae76adb7e6199fccc81c8af7a463633a58873b4f7e65f522fda409979de41cf54f659e66cd5950a3a3e01570526c46417a00ec2e8821dc380abfa21384d141d259cbb9722f267e46272adc5cc4bce382b554226996f4a6a1605287276c18a48c8ff1a92ecd2815ca5452fd6157fc27532680022993535549bf9ab064052e6db4e9f83b5d0d885b94a90f59e67b9df0c321eb0f95ac07007e4ee33ba89aabeeeea01fd1172eca4e31fb02c507ffe43cd0d6c8570769a180e68a70bd344b4c992e7d3a6bfb96ac4d69c2d4f5efaca1d348dc1988de44b30da76babc307a88124f96f26737a85fe6047e7e485c7e4b6b99b575faedc9baca3e080e2b074cffce1f716c6a1d08234c45706d2883c6e5a001d02596cfe5b260de6134c75df3ac8bcf1919759e15576ca147cebe041d04e369bde70cc64157aeda311c8da520eae907c33e30dd89013e24b7b02e66c9f285bf7d5c3fd65bae24ab20d40addb451ab4bc4b9772d0b9039461bca8d3d2a4d71a2e6bfbe7f02325fd571fcae1fb47f855612f382188a5fa3d61c3e8e59ef016db0149c52e1c7dc84030e6c93c4f32da6ce5f3b8196affde834d2adc26cfa05940055401891519386bcd33d85584d74b2f16d8e19556c272aee8397a1741effc283dbad317740c1b67f8f4b7d2d1edd68d6615eac3f8e3cd26ac4f8058667fb388b19c654711b5b2eda75a9ab55174157cbe08c186a3d0963bb3011a9567bd499ad2a8", + "sha3_256_hash_of_signature": "55824a835fb755b471c412c5ac2035f9e8436beb9cb8f406a83e09e488cc31d8" + }, + { + "key_generation_seed": "ef7ba21809ae7e0bc3230b6061c5fee206d805572cf1345198e1ef22a8fe7322", + "sha3_256_hash_of_public_key": "58c2fb45f871c3cfe048c706cbcf2a40cd41f5c2bb2e4c672593ff8f44472915", + "sha3_256_hash_of_secret_key": "9236f1f5d794e5923fdc4eec739d644f97827ecc750ea1735cb2149a1e7f7d89", + "message": "061934748c6758ecdeddf3a2df78574a470621496ce3f12e5e4555febccc1a46a772fcbadeba8b2eb5231b5b15deda5a38076c737e5d091a8ca8482f84ec4a20a51ddda391088f2c3926f8e1d8b77dd0abd606e9ac25a17a86a5c75adc215c5030355c4a1b307c1cc80a3bc4a7d4b4044fd35d173a2c7c081318f707828a3438dabe0836c2d6c14e1643f05ef8405531d5594411ae4dac6f3992279cae379d7c1762b122037301d3ffe8efd1beb4e027e055527d485d0871f2013e7b25cc26531c2ca6ddb98b31f0ac2c3bdf400a0bae942c9d4c4003f9952b67af67e85f572edc3345a84b6dc3cebbaadb7e3c876ab2da16ed0eacf4858033bf5a4f739f9e083a345c2bb5d8611dae90d25ac45d8b3d39b4de584cbeaccc6f5b6e61524349b50e818bb6b03c7e5b86795d49324ce6b1603791f20b3500a1b8ade82359263470d777b35dba38276096445842ba5d5e960fb2ab58730f970a15aa42d9737c33be700127a7ce7cade024d3abca59ca49f9a7edf44db62ccc07a595016868aa97a140178dc92530eff864c24954464ba886db7d74be7b540baaf807f1aebd014680ff4a51e16e1391e32069ee823f3d23db72244d657233578cb7d29a33e6ec31df1fdd43b51742cc30efc54be83149177e7bcde4450dcd142eb2cb745f8865dfd99dc84ab92750f1cfb0f3944e4e4eaa41261a1e8c58d9b230add792dce20d2612823c0ff9f82e04b61e48dbb83f1a6dd5cc7f92bcd0a37ab3053803d1188029aa1fed9ba04f4c961588c9ad2ba7ef1cfbc50fa69b799898eb0dfe9668260ca5680f91a10d2bef8f108ab28fcab693ecdb942070d2b9b8bbb22609c8395c23d7482c31b69b0f555b7c079d3defaa5fb302ed92619c058adf334e845eb1c6edd903c0de2aedd3d9830943f8bcc5954b65df37c901a17ef13fa75b0f2c8c1d2e38681874aebfe90b463f2cc7831958fdc0de0446991eb3c3612cc00188dfc1078fe458d2e5b80efa7bfce800c6b4ca0e570fa5858859633551da28f36f1ff418a9b7ad18aa89b4612f9d676d5fd98bce6f144cd7458ca9f2bc732a36a4d186ea290a009a870da3c1f60617d56ea7554062367121f3e5e569503aa573b172c6278dde5aa4ccda79d9d8faf41c6c9040c1d1d3cb78b41ffa8a0180395439f0d1b72e42471a9100973ab3bc7aec559d94d2d6402374ba5a584de168395a156324e1e4149abd35c72ae0f79863cb59ee6ba22145e36e0d85d3caf8a427d38c96ce489cd0aea20d7960608c074ce3cd0494b6d6d5ec8895f0f03ce78982ad8fd6784bcf16825286c51325662f34726ba66d3a91eeb598124d6755da090ef863fa31ccd5b08909a3279a35cfdce24d2ba16f42ad280b029a0e27137a671c862b0e6f73ff4a1de320c4daffb5cd4ac3522ef1c10e8a918005535f355ce6366b43a757938594366831dbf7ee72f311be4953edd1ea1c598960745d3dbb7f1e2d882cc063bc0791d18c6376a8497f2f91389a13aa96dab78feca081d761479848a5b4cc2e3d015f343b9000583e95e785a45a06842d7c6c0fe9ac4d70f085503d7ac954516953c497635ac8b7698bb784f73fe6e7f9d0ab9473e828168df4ec142cc1fe18fa067525915adf0764e44292a0316ef3c0a443683c92c4661409589eabd7b4dbd43f54317ae0e3d1c69c35a7868991fa0bc2f83430d89821b91a08ddc2d314a717f5bc6f3d89daf163af73e10c61630139e3feda723feb2edffe6c7f364fba22e6aab75e267065b5e7575946c56265743816b2cf12a106ae21921e3e92bfb7ff80e105468f8409d6698e8660b5b05f3f4bb19a0bd4be3569d24f51795752be74c429aeca5be737de8c01", + "sha3_256_hash_of_signature": "6245c046f40a6e39145de6646eb4190ffebf7791de7e6064fb27bec287f346ef" + }, + { + "key_generation_seed": "cb0b305fb54e1cb23b63ec1f6f4689137e5048d095fb3eadc854c852ca86be93", + "sha3_256_hash_of_public_key": "6bfc5e4ea7cb9ddecf64366f86610f3e6984a702268801bd7d2c4a3a3612c979", + "sha3_256_hash_of_secret_key": "7f7f6304975c0700d7e4ae1a1a00011545e86b0f6927eda039ae5789592c34a1", + "message": "ae2638d944822298959f47b2173de7d1e58aaa622296ad4a4cb67ec7ead8220ac2f171605ba2d08af3d6ff5849566eaf96209e9e00cc28eb9a517cf5061545aad24cce143a2ee1ab7cfa259ad9c01860b33b0036f2cb3a5086861212f408c5f055d226ccc77cc884452b2670d89548ec1c6e98fb311df03979cabf725e78956af185447287bca2517f554e9f25e19d93790318efc5d2602fabf262e5c7fc307e5a991e0122e332a803ac4a91b318b30d79394248521190d2be326037a89fe918d139f763dc8daa2c3bbce53f04809f0d97303f2f1b88b572b3086acaf38eef36b4c0791b4918204b0e1e923bce9e3bb1e7baa07135b176e266af174d5df26c44842ceac4ae4c1cff05557da3db8651261be78d766699b1891cb825fa9a418c45bb9f7f2d347f3f92f9529ca6db94e2ffcc69337fb3690f556c5a44cbbd9d79f60aff063de68b14bd2f4b7e8cdf94f6c2f40219d27f71e8ab3d4d6872a5d4b82eaf8e3943a6d425ed04fbc5c7596ae929ad680b245e3d6a7c5ccd7fdfa1d14ef0f72b9baaef05b7b84adc02913ddbc76d5fe80de30527ffad1825ccba34f8587c5b0291471d6957ad99c5fbcf3669b4ae5930c8af68305c2d3e84e714cb9049a9560a3c94aeb95a252f69b68f755dc0e0aab52dd054b670a275bd2bad7ff8ec0cde6224e9a0eb537e95dab992c382d6b03fa045da402ce7c5b55138fb400d9e86afe30923afee82c4528d1b38ce16d33beb47a96c18428d919ba98c9782806d6f4a40b52f7f0989337c724be24e9a5430cfea470d02ea36ca479faead94a74049898d1f1be53d5ab8cc0cdd5438a7c55827131de264aecd18e5f5f2f9fd60e8d2d6f55beb27eb77aeeac2a15432a5f1467483be6073243d0165a6c242fe1bd7b7aa701a0827f286ecb51e4c2626dcbe95466bc94a7e2a09ab334fee3959ca31974b6286e2a2051653341623cf3aca65637df657280b6025db0c0377ec09e6e32010f0f59711a30496695d23728319dfd0ab5f3aa69025276e68808130659d912a53693584188e310b1cacc41af4b19fad8da95d4b35e2569053f553a9dfcbb8fdee1455dfa0e4f5e94324c86a24288ae27f3576ae15fbc8bed49bfd8521d77a61fb523badf0e3cee53799016c6ee4e1e5defc19c7717a5c41ed8fa6bf0e5811baea76676de03767a607735c2a48bede511012eaf1f79e4d2c3566042ff2c63bb82fbb399ce20e1f268d3844bb473ad7366ef86d064c5ba080fc0c01bdd2ad343c5367d80d2a058cf40725268cd34123c219d9109780335611b008ee3f8848ea9d174d7b96bd2fd9a04fa2b550dcf0b301d64c0764299d317dcd0ca05718a1ac008d86fea330095e81567e83bde31a0d635098d7b86176ce6cc4025e8628c73b394d9a45b09b64bfd3a424162b16e1adaa1ab60006847c6d5ca5733237a330147cfe6b9170d7b88834bb79f1fddefcc0ebb1d4fef326e28c41c919607bf12ad112807bf8582933ddb096f1f3e2bcd6bcbd844da317cea2a7688a5fbba14d84c537814ec2b171ade28acf83ea481631b968c26f8d2bf2c5af7d61a93378e1e23fc756e2f0ee79199475ab4ba1fbc55d9adc2b05888b2910049bca98defefe96cdcb67ca9d4aa5bbfc6ca0ecbb78bf29035d158de2a1708d98beb85c70ad1c64b39b387516073e2fe85bd9efa25cb048c224e0ef76547dca67fd66485a97eb5e56c06c78ffa08ec1c9c6f2380912a2585cbcba2cd702cd2b51022f63ec920412989bd743a8a8beb07241e3e8eb38ca14cd400c83dbfa6fc8e04f58529007a1477e9613291af877692e4ca9ae118a1902ae7b4ae7dc2e992a6495cd19df32ce64131a8d8c41969a8bae1d870dd5f1360ba9278d5b76e746faf99d526199e87a4b1d3a5c48a33989f103cfb2", + "sha3_256_hash_of_signature": "895d64e837b6353ce1b8d710d2dc97dca66139cd13f116bd82b26ed9da1fa9d6" + }, + { + "key_generation_seed": "f92ffa3a36f43f9177763ad320fd651d9357c6d99f09549fe6af12943b58be90", + "sha3_256_hash_of_public_key": "897c93b61f4a23f2b002fc07b95100b932fb638c3504438d795a43aa9de43837", + "sha3_256_hash_of_secret_key": "c1d5efc4f1c9ac487ca69fd7ed03fa1cd14ce3e9b7a70ff62b8e0499ed491282", + "message": "9d84e1dd28c513987d5587a4427853762b7d7af668ff9ec2e90211d6cf5c0de6c7e54b298c1a6c67ea9a693cedc4fca1a6adc2c6dd0e5bbcee7266b9c6ac8fa8af5e50078a6151f938161f1feacde4d8079b5a9d563423258cf3ae9e47d8e75740314f2ffa63865a8b30743f773a53e1aedeac45caae01993b75c8116fb0b431631ac001aa8bd02e5b83de627af0ccb3a3d86f66a7e5fb658f9226df31095780a6e8262a247d70f4e7c971d108567ffbd7fed0e16b7ffddd93f5764c3e02a61998c32146564d46589538b2e071af86a26321a3523354f4f0c396b863fc8e9e2e3a173901d0d178a9d2828d0e0974b72cedfb17937d6054f185a81d4f853787e6c3681a74fe25faa6c256a9f9e9a9253f98b9ae4b8fa0068dc28bc7e8d5785cfad20f7ddd643dae6a2ddb02713c9cafc2eb2fd18efdeced05cc24913061bdc38e932db5e8181fc0d3de26a94e2138800b3c01e07e83b3b0be187edc75da576af1cc7b7122367effd6ebf05f4c2eeb0ab6e9f91201a4237910a87de9fef777981d48fba28ab8d64d76380911f2a6621335dfa96b331ae8b3242ea1f2a260260244196b0b9596c411218a17d0a58d3b5735b9ad7b6259655cf6e2d0fe5b37d0a0b02e67951f5d3fb277b6e1ec87528b08229ab0ebd895cba2d075a47cc8100e9dd17de7d951bf0a68d710aac21c8226d8ca95ac49fcbe9d493a8d3c7f93fa61685be57ff422fad036304f317a3dbcfee7a4610c8c1ddaa79e37c19d6414f47230e01ef1cd5c7c2ffc319a29ae6a9c95b06c603f2cfc1d1fc914b036cda6cf9a876946983b06123c2e5c7d09bc190647cdc0512f35db9e214c77d3d7d0234c3f2590941236a367700f9c04d3afb949dca2067571bf28e78ed35fc026bd801c4afee9bf31c97580953950d2e81ee6426e78d6f8134ed19707473f0874367c86c9be170be63405a9bf7c46a420724b6ccff9c21b015e21bb02c5a7aeabca873b46571530de56e47288c3424da398517abb6502a9a6a65d4983d97e479941c44cf0136d225991226f70837e2a7d1e9cb1226f40bf59d52c66549bf8e360096954f5875c466160a0c75a252e5fe6b8f1841fe210bf08520ce74d77b69692086ef50bb64732f19d1a49e5800f077700553290635d418168a6b9e3ae980112afb9d58a18b94f972845c309e86fec7e456191d8760a1c2106036e44c5c9a5f2cfbc67d741e8e937e99ed7820ab0787e39c385356ef0f05cd3e31c44115a8892224197b1d1f554d5098b72058fad49c665f716a266cb4db6204666e1dc07b6cfde0ea00345661e0f94a5025d2ec98483cf482058d2eddb018cec11d91eb46b63971ab29367db46137cd7690d5782e3a3ddc8cabd545fc1aad8a9a0a39542aec55cc3d58a5bb5e4a559db1fcd2932eff6e81c8b8e5ad5b4e0424a444bc55d96df63c8971a5890310fe19dff8acba72d96fd3f32d67d41a2f3d0b343489c7fdee7556012c2d88e2ba9d512b71e7d04f92e6be3a9386565271d755bed752c853e4539f95c3287a275004f76b9a93837c6efc6760be4a39b8aa92c7605ac369472fb29e11acad98fc91b1b9bb3505638d4d46a3ae3c10c8dc115c35725f06649bfb00ba1ef214b9f2fe98be2da99ab23e7b9f014f5c5d0248a9e0e088ac175c8048c6beb5108da59dc234e9edfbe603ba912bea22505c2a9eaae766ff55aac8392aea5c722df25bc6c9fcf9b0275df71206a4e5290fc5e71d79928e357400dcb04efd7cc9bd0b86e04bfed9bdbce5787e40fcd6041adda615b5ecf03c30ab9b2809e3514e9ac87226c55f259c5f157945b0073431715e1740dcb319edddd1b5f2763f0439cc0d6ed5867d9d98c227ca3008f30d1b2aea40dc73ff8289e4a21586eff519520f888e7e2f6d29a269c12607d13d398f437cd7f0a07c94ee1e1e3d8518d0c97be1e250d79c5ae1709ad8a638f55", + "sha3_256_hash_of_signature": "6c1e9f5dc22d7caa7b9bc17a30f4de1cec2a95e9be3e1fb28e1d9bce416108c6" + }, + { + "key_generation_seed": "5d3cce926a795abc5f6632cabff8bf66275dcc7e4a4ab3b8399d23e62a28bd16", + "sha3_256_hash_of_public_key": "b22702c8a2ebf0620f6aae385801fa62b57f13bc81688f594dd0666c9673d836", + "sha3_256_hash_of_secret_key": "f12500c083c62f8e79a33860cb1ce64859b0f0fd5262b14d937ba01e71087c1e", + "message": "af2860129c08a1a9c7a7bb3120b3e40afa1a4a09050c8483e7511fabf3285544d4ce3f41401dab8c17da547f6777a72519f6eeaac83016fa0e0fb0b33329dd02ab8eb1f291758074ebb5b7c4c102b75ba422821e6755b37b914d689d84808a89cf88f69a446f489a260ba03ca52a4aa14e8bcf4bfe5134dd2918a88d67329b9badc6ada4a3071fd21cfc45235fa0a1b82d91c5877f10ae087464251c8899732aa7fc8f6c0a5beaf4fa41e64ca97932925a06e218272500249577705804c6dd9f0f61dee6aae096be0ae5e67923137933fe4d61e9a88dfd5b3bd75aeeaf5018a5153985e2837ad1aad5eed91620d935eb9982dd2364b5413f490bf251fc783503fa146300e6adae0682e0597c3839c645dbe855919bb1cb80c3dc6e233909017bb31f5adaee05ce442eef594fc15fec3a2b4b81ecaad1340b0677f27009290ab3ab8788556389047f63c2ce9390658e151ca85baae45ed2fe12b6667967f6b772ee683ac2e7347c7b0efa332b3354b5043cb86200f8e4249f68030844d00a86faa7b79a4129ad676d1e9d58828a1af4c6bd68c29cc23002e0a0313500ba717b8756d4a18e41e381df8d7a999a153876db876ca4a508486a4f331cac9cb3e7c416c6329713cab76e1c8b63a8cad46f8eb1e65116f89a3b4eb8faa14a73097ca71aea3220be7fb7fe64919893930445d962c309e23332e4b3ed8ca768ef0ed46eaab199827ad628a1bc20ccd9f61bef67f7fcb017300ebc7493a7ccdaedbfca5f91e80b80decbfd9ead9bf22fe16b563512c7383d34801c504202d7a0e19821ec8495016362edac165904d2bbac484de1d4112c3a3e6ea56a78785b7caf2a44b5bc8becbc50bf4b521c1d086086feb009c06acb8fa0f53e7654fb02ad7898e35e5f3a7dcfc50124ba1f30178c707f4d36e4e7758c4cf82747753cc30a836311794a6a9017f53abd17a1c9647ab38ba56aac83c1812dee8a5a75c5cc958780a3e9c3c1f39729bd365948f7fcd8104cf09660060fbad2be9b8d8e5bdd22286eb0bfd4010681ae7928d0fc008e21c8f877d97b5b9c7a06c02530fbc6a9d6fcedfedf68a9682177757cdddffa6cb9086b8330e61851e2761d84da37635ea8441e3b23fd165ccea562b0a3616b30ee5fae00f76d6801b22f2215d80829e01db2c0743e3074cf26c96b0eddf97d79fb9c7ffe9b5cdb891f9e61fefe7e1cbd28fe25b7858921c8c99c45a84b50a8233037dacc20beeebb9b22089ddaf2ebf0698498da694f75ed2463d09ba2c757a986b8ca556cdf46cbcdf288c078041d497242f66411f47f35a21918855f105f24686076fa21bc1283f17245a7122a848b4bc10d996b2c5161fce0336b2ec747a4a07fa9851ac5423d1efc4b524e795b2e4bffd1c5cd21f5fec954824dcc53bc3883a7f571a9323dfdd2682c4a4c54e8862f347c9a8897779170b257ad26d90121dde722a3f214a44cf6c5a5ddb2452a2471ebe7fc8d0ef7f1edc7920cb42a71e4db49a0168d51843f47d17bade50dcb340e5f7b7e5b6a6c3afe0fb26b5ea172a4011eee838e5634e521483c6edbe9994b0658406ed8f4998c7b4e869845cd16cc4368da3bc1b025a6ffafbf540133c372d452dd831dcad39d61cced0a0ad193fa9886eac749001e3bead5a7962275fc62298a1bd054f4bd97acab2bbfdc355c73509d98b6de5b4cd774bdcaf1398532bb3db56524cc047abde6880c3b282fce0fb2ad7e4c5f7bc138b48d194e8c8036df4b9f3949e912afe5d2734662f27583193d0fba2b73c1a0d012db853bbbe4383f6c391f3220e1b5761c337a054fc9fdf09c01864b87324a90c776efbf5d34a68dee38ebaaccbb61b4c79a58cc848184f605d43cf9d40be90c1fbcf6735270132b59a636b16ed28111246270af32ea2cb7a42a084005aebb6161002e65b37217361bc269f5ed12f7d50613c82934a6d1d98d1308ac82827b7504f3fd351e0aca1c62843c9219023fd092692ba4b83be198ea", + "sha3_256_hash_of_signature": "9b81ad797950c7d63bfd3bfed14e0b7097a139b04f0596c424858749754dea51" + }, + { + "key_generation_seed": "ba2386ba92aa89049c64ecfe60fddbe136815d3874527414b63ed32215f2e06f", + "sha3_256_hash_of_public_key": "7daae4c3d8ad6e08e35f491a2f68d290c4653102f81454f3c6bad19ca9fc33e7", + "sha3_256_hash_of_secret_key": "5193bc77371bbe8a37056da854b29fbfa7f384341615336884e89963925c689b", + "message": "eca4505d43235f274d902464f4e763312bd11060f908621a063409eb42faa6bb5e20facd87b8ff41767c20f69b1f7e05d5f3a957f48dea57dcc91824fa48da6ddbde7e3327a0a8d46a47606eda01e67cea1f29bdc5fba446de60541dbed6f73d1fc5f49bd77d45285d3d8ca93f6df25aeef9324bedb40e800acb49794ab05e6d0aeb11a5994fba36dabb9559cd93cf522174061c116cf31874a18c46689fb8c075079dfaf73ea0ea7faadd47ad8ef68c06af9738b41be771020fedb79ca3d0165427b58e547105fcf82a12b67579d1d3aab29968817068732cdbc5a2e9e8d55d17468d03f38d564f5ac6efe1538e4a680e9e15e35ab54d07b6b58ec9ea7815ccf29f4f880cbf1946f39556bdc2bbc78a5134fa7a086ddc146ad9d503a4ca837e0823bf0728453f6b053788c69eff8d11acdf5f07282a75cbd17f2aed58e39d862ff056df17178625234ca7e03d22aaafc4c07e3fb08f4297b511b10579934d2761fbb600c9454ac05fff80cfb93de3b9e0ddd0ab1e494de477da2b5635e48d5bed5ce359e66a3ac845826be2b4bbfa6d825373bb2a4e93aa417648d1cea755aa4978784d6d9489f6738b4da03faedc659408d9395c934af774749a498b1406522351f86838865f53cb0157247484fd37ea59ba72ff3226aff1eee353abd34ddd63fcc89387b947027e04a6f4ecca1ee5f6bd1ca758aa4f796fe839338164b58d8e5d71e6d5cdeef6b279ef15a7bad873b12f7c5b3e2817c37bf00802d2534d425d52d0bd5935bf8658e5bd39b5268cc45d0f27cee5a57300f497e77af5268970782030e6928281379cb14bb56d2acd963d189c078c7a60e98a782f9483ece7b4871a061277186a01e878087381704bd72c63c32cbf2470a561c22a5dd3a1988b7ed0d274182e1b075af277920b362d612dc7ed82057ebfe51a3ca5a9a9a45de015c460be6a48cf67c820813048a1cea0fc3d7307f802b4fb7e523e7c8555fa56dcf66237f176d3d973c47f55af93fc4bc92b98b7de89829b1471dff53b649cb03b719db58daf824daa2de570df6314dcaf5b705557f9d783559277a754f3cd5b783d5a577ebe4a065d320284b01f71540f1986bcd443cf4fd480dbe06ef7710387cb5185deacb5c2a612bca275950b8988f247c4b773d8983d87f47d60f5bf80e6e7baedeb14b5ffbc46893a81c63f99f511d3e24fa8f7b1ba66a7db0c1d9acc6b5010ad725bdc2282d8a24018c975c8b12ed3326f48194d4ff93ebf051204cd224ea39f27d63fe07cfd0162358b412dbfd4715ad049ee5a31638d3111af2db7952f3a973646612712a607ea35826249d14cbde4380d8bc986067b1cc27503449fb128767986a406585c3d40daca75c27bd36117d2487bae82cf639ed1fa016add279d109b8cdae59eb31e1f006cb7af000a267e8582e55375cf6f06d1a47be9bfa21c8428045b9df96808ad74d054820a4d0873257eb318a3dc9b6d9585d973e26d435345b4d699a952c3092eeddd975fb59474212080d03ec489c695f19cba4d1cab1ae8d2e2c730b06e657d33722d24222ff7b613b6e8608e8a6003e11c80239ff431b5d8fa52b84b867a581798833590524c7b84eaf6cda9ca94c5ab8ef55a1262eec5c37467807c89ff7d075606a3902e7247e9c6646839c18493584d33db65d6dfc0f23e68c9d13fd57faf4836c28926693dc3ee372de27a9d3e4ab4229425ef48cc410f1792a51c9f6fa5316a1d9a7c99979884ef350b4882f6045921ca88d4e44b435c69c1aac11660971c2a3f6480c79e6e146c0b5cd2371bf5e7486ad7d0be88d62a2ae8f0d73c17cbac86ff6bda55a880b182a5237498e9cb343a9cd82d7784b72473d222e688d13cb81b2908bba854b9624a11dbe8cee9c3825c1bfba476b4d23d0b0c325f1c498a65a3589ea8e8df8dd9030b279ede30443cf80367ceea4a122dc8329e5ad42491cf57ef47ae2b15f9c54120966b95acd727a4a2b686b00626bc808f43d82d20deebca79b074a7bff38d2531ab2f726ac7087236eb3fb4bec8a2d4207dc84c", + "sha3_256_hash_of_signature": "da81ee125260215751f287312871ad5bc58054502b6dff1aee86034ec999878d" + }, + { + "key_generation_seed": "b4e1af25e8dc6934ba391a89984a358702bdd36838babebd982638703f20eef8", + "sha3_256_hash_of_public_key": "e8a22069f592d80bfdd83599cbcf486da0f14c8d53725655133e51b006a698c1", + "sha3_256_hash_of_secret_key": "1b6bffe04fbdfd20edd4ab595be5c801a2298d62e57a93ce0cd2a4e7bf960c95", + "message": "96e2865a0e602ea4e3c5657a7f761a6f771007989ff885261f5638c14c1bf80aade34cb956d2b5fa1ce38fde831423201d3692e8e6f40e68a68c085dbe3c4cd8e35394f74072f44de98a74e42c9176a86ac06bed8c0ca937db4c3bf92371106b7a68ea8fde1d1e082ccf522a397401ad0f8da6c82bf76eab8afe101c7ff023a0fcf015b40ada0073363e7cb25260c18662d651222a4ccf1b290ee6f7b111b9a963211d67d7674b499449f760352feeb9fb7265a5f2f7f20c0174802c7f48226d92620d3e009e85b104230c21ba2fb0012dac4bdf9fd184e09cb3e593eb1f3eeb418a8bf3173e6cb91fd8080c7e80dbe6730833a4a9f22c52716731c7cea4f70cde0f81d2d9aafb6b60820598a7f6aa1b963b7686528e6e7885ae085c3d26c4acbf9fc15080d972ca841175b343e59fed79ae3cb4dbb4f0d7d463bd3e0c4b2090139145b8d7db5db10abfa51dc909c5cf7809030d72a5090cdc765eecade2b365f719127548ca601ae0d21e402e18050acaed30ee13cddadacc9373a87a218787b585319a7e66fbb13851f7ad0d2bbc1efe6efe4f7ed248d844f58b6a5a21fa9295e0044982af6286de296550f72b5e416373f1dac006687ded1e7d40961e5177c207579f25e77be808a6ba33dce8a2a6f88e97ae98ecfbee5296d4a170e3574d9ba592a384cb0545bcfc32b3831c0b736ab77440722299f192dcad519523995f71f2983ba87aad2261e6e01c19dccae00f8d6914501d1ac3d4aff0c12fa125ecdca34dcdd8407f0045f8e8be0763e19eb007ed4dae36e30afb07f8daa7431b72f4a0a8017b3fde27123ac3e8ee575f8be310f68f81b696db1fe63ccb8d32b899b209b2205956d209bd6e48166bbb4372a607e83c47698db5ac8f9b40d05f38efc4a4a1309d999d5ce1e1a5828d56eda4666995897c8e6362d0b5054f04bccf79d03852d1003c80ccd55e9f4578d8bb2c8e220a4d7a4e2190024c85c718654ccf174ac96c1bc50ea49f961ee7697c88e6bb718679f1d1f1118376b31a4b8c0471f6d7aefc5ab426515d1b2cf0eae66246b3c4132a63c63d7e33eb9df8d8807215d58f46ee832ad3ec893d74e00c73510b9625f62d4eb5b500eecdbc7d088d3d318077a4a0f7d64adb13220232c08da75d23ca7b20cb109c972b7c159863991c32508339558b9383ddfe7e7dda740e5bed0ebd14ed300c634db01f359f81a7133669183eb187c17a2c8ab855bfce73e34a1f59adb0ec39ec0c7573ad3620a819333ee79d5e09cb8449f91923ef4c5e21549eb7f56075c014e1c3ad2805e682f07ba8aa265745cb600a460069678745fb9638f6709d62d2dad8defdd5a4d0c2ae7401292bd1da5f40d4cf5d59a403932ffb677237ad74691cae29fa31b955172efc5e83c225f2dc0430ab0c909a97bfb468ae182ecf91e9026de819f3440fbe69b9de26f812ff3f3ce8037f124ab368b1153c1cc127d140f754c525d4799e1a19d93b90460e6518f0b6936dc6310b7e9e6534b595e00225978214ee5aeb12a6f45b5c73fe86771818843ff7a6b88379c37165d9dad48affd6fbabd11b1fb90aa5a78918b317c5f9b2ced6b9647f130da9f91e1b1ceb84f6e1618248f06d654e159f71033072f1517064bd96a5c138402771abe7f39f53a798c2423b748eb7f310485d6376722e204fa33b9740e7fa68364289a677c5c78a19a7707d2549bf9329334478c64351fea1634388acd4be57e4abe9374a0e999b770cd81b1bf4a8ff300c297b116ceda1a4a1c1bd5a2275581a0589a46142139fc596a1406d16293076527cdf9aea2d0919f9678423b7d95b153dd1d9d62b72a12f6491a36604d19e7bb83c476d232769425557d3480623d40b7ac27c0f67d4ed5ca4d487be915a68352dcb03a3929a4bb795248ebe2fbe0612833d9305a0a31d195718bac193fc59b880042a7f61358104a919c7e7c210f02a856b8b1057dd8527fd4ae1ea81f9e1bf7c614ed8a312c95154873f86632cbd60c65176f13cac695bb4c23675331058397d6e96e4f9deeb859e3937553d94bede3c2b9a5ebf00964a49ab294bccee09e5a97381d2375941aa775a47f726e9", + "sha3_256_hash_of_signature": "d91505f123344bd701df55043632385b6685edb8d33bd21a1462182e071c7337" + }, + { + "key_generation_seed": "a62875a3a6d305e120dc7975962552126cd844554857c2943872a4e524a6eeb5", + "sha3_256_hash_of_public_key": "8724550433b39b3718491f49bc57dcdec0f96622ee651ac5c30454225ecf60af", + "sha3_256_hash_of_secret_key": "efc4684cf8ac31ad6a13b48d59e5901bff407fd70ad119cbfd74079f140e3f39", + "message": "047e2d484d798b3829ca6037d6c1588a2349de09c5ddfbec987652cfda01454ed791dbffa3d9da13a35230adbe1b39b042e3c70589658a03f75447c1cf3970dc10fe5a4a9e980f2a33b642b42e5e66e9ac4e7a56888fcd72913a79489b5b163bd37b8c3c8d242ffeb37d0c1ece21034be9e3685798c2ebc6b809defc02c6f0c2a3ad70ec0bad12d57add63ec3584ca98e680267fa514b34de4147c9d901b59914d49ce9e0f885855ed0ce7973f3307b675408f90b51c6a4d38a414d970eec989cc7900d7723e19acc4ef743f6d39eb1b563b8c13d42c0056b6c49732854925b606467f7bc662d17b924fc65e9c3cdc2ae73ff73040011a152b05ed7f96b2ff4cc39a22484af72812ef02b08ef4dcb64c8936e74549afdd5d876027fe2b431e61e52e8793888473f4c1e5c1bed2c4aef8e5e300a735b302474fc6f54869984f1a62dae29c7c9a0ccdecaa55fe137ba14b5c5c121e0c5eb33b035e01f3415529e0826b27498d7a71b0c086bacd140c02a5948aa54799d0dd0ffd384c7e68578247fa28d205b18adac94f7d3c8acb7daf71aee347b577d97ee8e7e865cf4fc1c16640ad1e9d0192aa13ae81a71118408e145b6121abb75b4bffd1d403057d4ad5cc730452475a7f067690bb81e81e17ba8dbc31059969b20d387ba59ca8ce499e59a65c8583f29cd539f4f75ddcc68c7bbbc43c849802d8347143e2fe78c1ab6d7ab6ba9917301c88386b294aac995c24ad680a8c3bdd7aebef21e84f5a1909a2d83a8dfe46a75f4b2b47614cd39bf3ca3460de9bb5c37eb7349a17ab32214d031ce927806fa394470f407673b0cdc3d9a7e3749f09ca895d464a4269682ce6ddcb8fa0ec2f05372c73dc3d06fa6f58090efbbc6d619a7a565d4efe441ad7e018a7f5e1384b88eb4506fc54e0ab0a8b9ee3641760ffc08f6bda78c12396473d1243baaf6ae10316213115441c0b65c7e475b4e1578d066a47d9c6e92fa32d0f2c365fd15f5a2e88a81691f039dc642ecedb6652d08acbe64625b46083ce758fa96c142eb34477e065aea04a45ff4fcc3e3d146acd7041f5f7e4c6b26c8205be7b66db46da55556ce02b48af55a4710bb28b8ce102cb15c1a4af59d9a17a2dda6e2d1e96987f6aa9f4216d8d5e5cbff7e2cb775e83a776063a4aaf937bf0ec84149ec1a7ee21f735d21625e85831b80dc11ebf04f30b13e3a7e4d4784c5f8c61c679e0b6863958f42ed31deaffb4c272a3731c1407445ca7673d225eb6509469dc6c1f0af43eb00f18b3a210aa57d51169f2a9fc251bb338ed4e9ddb19282dce871211d26482e13a8d533dee00d36ff5cea98dea72d9f0b32dc398a3d5537a3373058faaa3926c127a1ec739faf3d57cc1a05d578074a3a72c3f2b1692c2ba1f1ffed943e7bfcbf1e664c4f52f7bf8d86174ca8910c290c06804a7748db21008ac43e653d7fd7e0c982eda9356f68ddec26473956dff281f7b767010c57f4ad09a05063a6b3ce078dd32f3de1f40526c06a2d60e36e2c70502d5bebfd2f3bfcacf8720cde1657b9892406baa3df01e59313eb655b6a545331eba01bcdb9c99e4ad7fef7438ae8715fbe589a2f99cb9ca34b9610b3ce5be38fcf979240698174348417420aab069b8ad5f646f82958a136dc9f2f81e601056bb4ab5e10f4ebc4a00e18924c51d0fd104078471c6805c49d92c78c832ec3f10d8966e19add3d3b4516e12daf4f63fe6bbd228062db743d1f867800854f7bb7ffc2caa0d01a0bb683e368673a8e664bbaa17a8c0c04bcff05246f9c4f3020510a992ef26fd0933bbfde9d042862dffd33a6465f590a2287d8154777a89724fc3df9f2f1b1ed8765e7c7b761ca4781006822065703ade07a6e874e70928e1aba29ee490690d24f6e73d96b85fb53abfd1c1fde439279e08fa232043b2344b267cfe5901c60e7ca14b0c85edcfa2ab90f341821d2b4e25fe23129f2432db932f23b5957706a433b308fb918d1c8d81eeb399babe95e7229ad41f30460cf28671a4508b0bd1c61f48cdc23587bb9bdc6f565e76c86547cb71396661bec8c7fc2223751f765c91c45c674c36b49aedef3df2537f888904b507edcd89155d40cb81dda74376bc9cdcaff8a368f1086c99ede25526bc53f95f4017", + "sha3_256_hash_of_signature": "be09da726ed4555eab45c594afec7ea3e99dfb0288849e5db7b385c553deaa63" + }, + { + "key_generation_seed": "76ae71ded1f9e73af77a2feae4eef80f87414dfb7580fb4ae0325bff20d74a5d", + "sha3_256_hash_of_public_key": "087f6e803dea8ea025ccee83315027e9ed9b6a643f42b9129f9603092b07415f", + "sha3_256_hash_of_secret_key": "29e14bad8c56f2846f7b5acc3917aec2ec6e6a7127d8aca52f3e7fcee5ab79a8", + "message": "6a58aa820275a2f43d0f05dd0ee484af42b665ffb8f21db322abd256a5c753bc8ff6a2c71467922e09726655f1a7218e736752065c871221c0b9dee6a9d56b78a1c3b7357774396f6980226dca1f91ba828e06bbf324d5cce8d584d9d298261c7149899fc9f74d501e920f22aa34706a79213e35914dbf57b9642a42ef0d8226e31adf89d18c5f3163adecc79172c95650d764e3729edaa08c207d930c26df8ee1291c1cf889283b70af00c0489175f799273c837b281a5d1284e4447ed72598efae23b523274644da19bc0359ba59e5be9e5828ff587c335e136c1d789257864d2648ef9c03d1c4b9809dd07ceabd865254d3d8d597587d71e374fc2dde89c22c2330e8904f6b53f637348434a21aceab9892d5df8ff84cc58229782bed739bfb13448896f7b1064b499087f7547cfc0a49272c2a670a9431b1b5a07284b6749ef834510a3ec0c61a43d5d0eb48c8f487947c4fccefcc49deccb6111d617407c76a1b4a849c9a190310711b102f142f9e9cbb29f46447265e2c8ddb9174b780eb4a51003fb68483a265f2475d5bf6ece18af0cf31bf24cdd56583e777c4340086917b78068dfd380466f43d020e285ceed97a467db96bfaec22d80b4a6ec0dbb98cfc44436a41cadc85a90b214f00990d7b7010bbe4ac94809a0450c9abee5aa4037a44b0b4debd264120e762086b8d6f17afd37086c93a8a368be97e0f7546af16d731c21878063e38df3dcf3ade6dd2daa43c198f49b5d9ff5362333f29ec2f13cbb90dbe4e703edae9a4f7334a1c5ac60d5972c4af2ba61b63c93bf719854e615d16ba4f704c55260a8838679815fa59be08c4243cacc1a584cc1b4e777fcdc6e5a167c4cc9093749ace4836ae058be89cca3221a3f63f07089006e4c44e40653bf262945a640d8c2a24e7cc3529e4be76286c86ca2089cb8d4684508d1fab81eae7d8c731b65a22700bf9009a3190f5ed837ec22f9112383422027aed838f16a7740cf79ec101865d320e380d4aba745acc8eed376dc5b3aabe58debc35f8e983c92906aa2e3d8fbbe237325302e2a23cb1312ea7f532d64e79b9815996d28e0183eb728a37e19cb219987576c142f4b2f66ac6c7c77028ed59a8df27f78acd3910ddfceb88888b4a604e5d07ae1b53ea6df6ec2163ddc4bab422d2438ffa543b22441e50e4087fde4bee6d79d90a2f72548ddc41c5ae07dcc87666ea3c4b89a0b14afe03b585e7ca507e5f29997f2368b0c68c6ab6e344c082bd06ae922cd8089634918d9132df9cbd665a4149c59bf76b0e94f66481766fd79054aa80c02e0ae04a6e2be090582171b2a9af455cd9fc302ca9d1ec837ee26e0e4d0ac8f0692cb9abac979b58ca92e5194ebe46b520125bd0b3ed1ac2bd817d3510e33cfd17058f865dbc64e9b99352b6caf10f0a5a47449bf927a8eba06d34c80d77a0b00b88b25a4c8747aadbb11ba15adf9c959b05c4371cd8439fe5028e004a2e1d2f21190466fc7fd56e9ba0599a0eedd98246aeb4b85994787b7604cb52f5515b42c2fbd4b5e9e372a36cc4e66483dd884dfe42aaa5ee7fab200d8ec6e3556dde0f9e9c7346f9967f8f3cebe1e4d1cd8e6046e5e94bbc74ad3d51db0dc704f4a4025383f0391b9da37bca8ec59e807593a4f040fbb186607280967e5048cab92215dc783d9045f7a0922008628c771778661e97e9f88ea84bdaa8ba61126f71d193a2a564e3acde7adf2c0b3d5b022eb6e0c629782b0025c9079d4545d88aa2ba27d10c5dcbcfb7cf648939155066518878cc54a4f611aac21bd3a1ec628d3352f049915fca55234b9146ece5f78fbe7cffb35695363202edb9ec3501a93b4b6fc81b3dfdb5245feec8aa54195262c2467e15506b7d42a7ff61d75998722d0208bbfea05ce7d2e66900a9b34f44c2a21257c220c03f9d6d7f0312a36f5c12da20fb5290d5cfbc1dec7d05c44820885c479063ca88783c5aa128829417ec4dd41cf83a1d991df2efdfefe375e93f0371695e353ef737f4a75106211a5f70c82b4f360abcd078c9e829c82a6b7a36d22b8d1f6e3101ba009c759fc83999d52e29b387a8dc1658a43ec4c4d9330a4ed2138e035ebeae6343a76a82849e37141fce34e9a41eb5ef88bbb9257017ad8696c3847fd77ae103a082ed1a05de9420984c147aff927e1950244912079bdbe5cc07", + "sha3_256_hash_of_signature": "bbe173745844a5426462e723e1ca2c528141f29e5bb4e18cf7c5337355e660c2" + }, + { + "key_generation_seed": "a8f65be046001a6814f537915be3f03f3670e1169e4aaa6d7e726174acaec77c", + "sha3_256_hash_of_public_key": "150c8eee58e126f9ee6827bd8e2d8919f8ab70add5a10842c8a5acb42765290e", + "sha3_256_hash_of_secret_key": "f8c40be705f3f5ee7b204bbc0b2305ee206bf703e2b0ac506b3e98852ef41302", + "message": "139ba17ed7b476dbb1cdfe3c42b3a57af5bbcb3be19ed04d6c3072fdfe917ecb9272d59ee89ef83522531d83aff8b9934a8423315c350d1481a4b02980dc29e1cb83b76623869649ac40ef297b153b679c327bb251c6e6bc169c48aba2a439f9ea24ef94656a415c3e86d7bcb43cb3717d54d773f1937dc8b0e02d4e6abbb1c83fe73f1b221c9a359e454c19de5e71ea4cb8c560eabf1da133ff20d81785d2ecd935b99f24840761446c324df81484c5c05045c0949df8d0f10f942e1b5b79074b358c25b6ec2b0b42df65d998b666cf1bc568e7d737f22ff541807be95ed85a9980e940e24d2c506bb0f9bee32effd85a2017de694f61bcc2b292595c97ff4c2145e48af8f0f3d71763b4db433ed7bdb8dbf8643475fb2b9155f0cc6a0048c5546900792bc01eba4b06c83a0c447ea0cf05410de55acb8e5521829c89bfbc084cd86e7ca3d701283b70f78e1ce9c3888ad2689e0ef5593d656285066f319e155f86c0a71256484f42a0c40e7cf13af0cf77c6d1cc7231a48538e9060a7863b774c9cc65e321e45aacc002c0170eddd18cc1424159d46bf99d08a28d2dea8917d28d91a1d6c409d945a5eea19413a1adca40de9458fa6bdf1e5308ef9e67e1e90e9d92bf19b5351fc49dff0a31e035038aaec651c0f20f276e4ef0ee35c14bb625eb34205516d95abeaa06a7a3bb3af2f12236406689bfab11e65fc63ebc5b944818dd1d53c0e7b88ce7aebae581d995ae7d8423778dfe20d6cea7ac0b1b4efe2b9d571de77bd8f71e89d9f6a2dc89103b73625887ab376bd12ce89a65e6280515a44a80d6c32799669260167da0a214ad0fb803930ab1952d93360b54433ce8220b29339dcf2702581e88952a5a1549dba11f4ccdb6fefd6d24522f3207796c8d5ba9d1582f888f2500964f2b975aed5d5af83409ff9720edcf5ce3fe9b6b586b08de21956e7970d8dc28f6208a80f5378ecbc506333a1d98c58eb0e2eb0cdece0f5d16a069ffd742d1e589f546c4f2ea3da0a56f984cfd93f5f2912fb1d068f2bd7c1b5e979abcc62e3a0164445398f5c0208e82b99aed1200d36289b1fdbbf03e43995341aed3ad712cc7c7530c751b40b765073ee4e4cdd411ae543ad5e2793f294320e9791ab35ae1697f23ebfa0280b8041859909b0089c101d7cc429408fabd2e073fca7f2c2886031e9f6a32f2b596a799967ba8a47e87dcc8854d45ddb6de39160600eb4235f4e3424d75ddc8ccf041aa05b25b5a3811540ea5b77cd8d7d611a63bef5c26d57475b28e961645aee0b9c8d47954faf634017787a21a671493e7c5f1a4c553e0a68ddd726db1ded4321dc735332fefdf2a84c22097ab3552f878e304598ec40eb349e1c1ae416f94112a2cf8e8702a4c3bde2f58245166550fc238e153d10f90652518b1d84ccd3ed836f150f1ff103976e743137da5a97a61276dfb0c11d071b240069582265a9cae4987b6c6b017dcd1594024d7b1336ff141e59936ec4ce5410e1b73ba6fb42d35f8999225cb1a135260967f4f6ef2172d53fa6ab6d1a2e3174b46c24bc103baf69c2128f093aeceebe8753eb352e2804ee64ae5140df1acdacd8f225b3c9a61264245b8e5cf759cddd75e25e2d790ffae8421515e0cd6f279d0080a3f80bb2e0729c0d2626b6ace31ce20bcda490c7660d04d1d82e6403000578926c52d8f9a4be7103d64e0f03e8f148bb2236781ec30f6d8bc827c107fcc40f26ddad485e6135bdc3bb331be139a07891717b692e23312d0e5b1c41f30c3b4b4700effb481a835ab54340269fff365ff87f58245621acfd83b7fcc6ff108132d8966f9836544354f7e216fbbb851f390dce8a72362f0454730b90d35ab3859763aee35668310fd501c7501f4599563006aaee9b636b676f3dbb6787317885b0f4a64171bf19cbf2ea7a625e1563032c196e1292d82c7484817dbf78d8e9e478fdc4c92cbef48d4cb4f0e6dcdca6682dc0a56c3e45ea0350d9ff88073748305fd7df3a3be8c055cb1c55167560d5c99345ba80c21ce791c4a511e384a02833b78e8aa02b1b877a9b8d806978519d716c611df54ae8ea2691540e87c6e79eb006569e02745021bdc7852e1fa4177e2c3ec89257618b38719cb07b0ba68f600236167f019694959c2ab6fb39d5890cb176f6acc3b9656e495c07027e3d4de781f48c1f1a8aa1b41449689e191e495ff3f263ddaaa8de0df6f1a4aa3ef1f5edfe437bb74ba", + "sha3_256_hash_of_signature": "6266b8301488104bb104a9b60beadefe6480d71250565a3720ae7a93f09ba1bf" + }, + { + "key_generation_seed": "802e08c14f6e3446bbf7f4666c8ddf7755dc718c3e02b7865ff33e9d8290abec", + "sha3_256_hash_of_public_key": "5a13102c509865ff13b149afdff5288c715d44f4aaa77038e304e5b7e8805e94", + "sha3_256_hash_of_secret_key": "ca234c12f08b0287dba03f26ab74165de4d8205d4a8067213a3f8aa1ff18f073", + "message": "edd4da833528b0511534f77857ffd16eafb1a2ac87e6844612dbb104b9f32025b7f54e993d65ce85a061b6ac6d70a15bb42bbbbb6e2e21aea55bb8a556120eb15ef35fd9774fc7b5c2894b747d3e4965b77dd8d5b26f38d413662783dcd332765b4de534d08d6514ca9dc6ed7f2bdb4b5c437178710b04491708836cf2cca08f28582107d27ac305ede6030b1f8aadc4a1d29ad16cb4d739d8f813d47da715cad6b5cde24ea95dff4415b527dd900442d9ed1ca712c58b206d6e79f8aefb882013358bc578638225be79b58fb677277f072aebcf8ccd6ab61a9d98a3b260e60aa625d78058fae6028e4c5562a0f3473c3ad530bc4471228f27502a8f8fe2d1f72022103c3a2dea363e68248ed8693b3b066b495561cf4468e8ebf32b454e54df1766468ad3831d56ef7eb9c231e999c4cc3a6b0ebbf2c4f22820e256f67497427f53ad22d42c9293dc8682d0be3517b63c6e871910adbb3406b6b3b1cad980aae47bf9686e80b6e5df2daccceaf9506b4667271779d00b4c1065951e21f2acf6cf3cccb8a633d1114ce9d531d94420e4ae496086638f031c0baab5722a41a66788d3885efc7fe1c3db54bc69e35b7489a0237a37afe5194b5f424f792cc1d696098bcf327d87ebc50429a95ed82105c4328d0095a9775589fdb6c262fa51ffee4d99c6d1a68fa661d1b6a0a2e0693d73b39218a6895bd83fc1d54831b7df146fe7bd2a91b979018787b9904285a35922e22a7f1761bea541eaf21d74e3a2f3c6f2247b042379ca4c553fd9256dd0c63e4c9dea60912d02fbe4ce7762069a86cde02a4e1e311b2afde435da0816aca659bd8c0650c1f118c0ea3622d72a5e96132f8b0ff8458c757648bd46e58195faa0fc4ff8fa44238e35a25c9807b6229000ee560d8e085f27375c2f659baa5fde302b9529bf4699505c28de33ab5dc2b8c02967947cd24c6a599acb5c2d1e7d6bf3bccea0253fbe11d8043fed532aafc9ee1151243bb80b92be239bc4fd1d1caff502951205f2e6393b704e67141e1218963f664fe0759c15e6c0a1b40602a73990f040502867a9eddbd4db0e554aea4bb9597949d5fb32c2e3af92cf7816bedad5ede1b769c823cabdefca1d1b85213c79eb03e065146b58e3bfbe80b4d4683b65ad1e0611372729b99a0b93934d52dde40c19fed5a2b3dc3030e0b5f26b66474a5cca6d741ab294bbba6be516105c08bdbabc97bdec2141d035bf6c3a71553d6f6350229ca2626b8b0b56a24f2d6eece436ecb77a70d747b6a6f830578b4792de533879b174353424e7d0eadf6bd5a74b36a4e6ea7e39a4215559557bce7a00faaf0d1f81016f913a10f3c9f406c7cb53282ca8fd5fe4f5fabb96f891583e0507912ba02709764694296a5248c340a1b9ec3db0f926f438ca96fecd40c4ad8daed9b8a29691601835fe14283762236ef2135443307e5f0082d1c2180ae96ed0dd99a6e9172088e8b94aa2952ba5e128b202b2cbc1966e69b6e6384820d9ab624bc71788ea84b4adfcfaa2efa1ddaa8855d1db3f58eef2d54fe11a8a5d78ed46b58460e6f2fba6cb70640700a4520aa1a2a9b336aefb17cde8ac78d67f194662642a0107ce38b74d731380a72ad4a0a068f09e0878e521f15ce8134780c3fd0cab2dc2473448654f88bf1fe2020901b90c0ed670866b1bc337881292fba885fe2bfef6fe74765ca12372c8cbd698ac41a4c337374587db15affb511d8c224f1743498d7173897ff5b8d070b89592bebe053d5c10dce67ca8542781ae749f3a42fad7e4a2004a565f81d5faecf11115c270155fb8af6aeda138b9c71458d6d2ff63441130ee9107c39260469521e020d2b42cb5a51098027f23890dae8b28bf722af9aba6224e02feb47e40112ccb164e8cf174bc9ac4c11af9b482df9c9f7f5f1b826428c21be395eb1f07de511e8258c84f5f035f4787ace18c190808efe99fcb455a54d366dde2e230b575ed5a4a75d57c9a38dde3d91d0d1a1c4de7f277caf23e0c5dd8e3b693dbc66b6bf1679b0af74a2b9065b64cf0978115cc456af685b22d85135727a8aad96338611dc109b36c85a92e4a0180aadd1d25c5b3d4c681a44bacb953e50f994fcf5281366cdec0cc50976074d91840b5079180cf643184adcf9e4ccb44328e7bb9eb2bd06dbb7a757c35ec3dcf795a5e05ed250159ec453a1692426f624cc0737f691e475804f155e44293151e42d3c0f115ecee53c6eeef69788f7e8e5c422bb102237499f2638244c0c080b3639a49ffc1730ebb0cfd8a46", + "sha3_256_hash_of_signature": "48fb976bb72c92c02fcb905ba0f0b515e633dc120ddcdd589f4c08f4a7f8e180" + }, + { + "key_generation_seed": "23d7a85a824df3d904a511281a973c979f67f5bfaf3ab0546e85d0597f91120f", + "sha3_256_hash_of_public_key": "8f09c5ef8307219f26b8ed6ab09836adcb68a4477bfdb5cd3d0ac22304cfeb1c", + "sha3_256_hash_of_secret_key": "2634f7aaf1c9222801c43c1d2f9f79adfc2c2bc7fa2c3982f521fd1c8b8f5a79", + "message": "d868ec985f946f3c31b6cfe4811ba530eacd0ed061ec383c203b2481ac697b8b88bc0f72b635027e443ab1f54478440de16e596d30a0f1252e0af54c0f382bbf5655bea8c6b9a2f6382d003cc7e4d4f223f8e35ec87cc543ead52e0e1ed956cfb32e8075715c07ca4817c4b8dace68c8b0da459271746be41d6102b3fa5e49aee8d443e78ad3246d0b9bccf6ab7cb7cf72b8a847ca16b435f0618594400037179441f3bf524231f747d920e86506e84c61d4d038d42e82d52d97abff896c1db1c646807156324f7b68db620ee435c7b8c9ac8b193b7c892565c3631e297495bd3b59293f9a9cea5e29e23a242b81dd05c8dc9dd669424573298c85870b109c7b593bf864b56895d81386466ca5cb6071005781fb214f1eae9672d0d16351a627a3faac49be4e13d552340328323cdcb4703bbe07c2a39d75d7737d5c1bd04355b8694432dfb7cb4f1901550c7d6f41080c0f6a2cc49d63a69243d137a78260c06e7a53aaf4f4b086e0220ebc5361a6a78c9b2ec09c2ea4ec45a41065b4b2daa866d9babd71c8e6cb378595f068edb258b2ad1f420b304e5924ebe273ad6d00684f75b6a31dc5290a37d0f9a848b1fc4a67dd9a4fb1f9b4c6cd45e87fab4a09129c9ab95c44703b75b54c9ef9e825928aca56527d79b338c5ac639d0265010f3c085d2b09aef0e4f55d080fb5ff79f13e8e4e8db020f4c095140d46a93f2e4811bfbc1393ec24f6b7ef31f13623df0360b1e335fc42098ca1efcd0306c5fecce942f6e299ac9ed81054fe452d3f63991da42d5680eef749c02fcba78db5f4f7c734c6b4d99af79711a0bab723c24364ac85700242878cca93465f286d5f7adad7f68f1d38cd6c6e0575a36f1e5521e420d348d947e745c2355fb5fb0f12dc6fb5e9435cf8e552c174a617151af8d5e7d469ad5cd741e16eb88ea6d7c5806b08571697d22a525c2e30dff608c921b955d2a990d9466829385de0a81875be564942ae740d15ac0af46a876426ebbe481738be19be06f174d975ae8dfb52a94af9a77e56267c0bb62169165ace155041406caf507146a02fb760629cc4c0e7d29108cb7c779455a3ef359bb6198ac75e16148998c16c9410dff2dae5f3c79da61d371992d4a151ba91dae8814c81eea4f78d23871326bafaa349c8eb57231b590f1ac13f599df5b39df36455f05e53cdc4d025410e8f8f8bb74854fefe0c4f790f58434309d36c1e7f3935d4f896368c91af95ec2df292ae3166b83976abd95089b05b461d4e9171cbb4747f3cd9bab04e5a3b98095754021229b4b820ebde63e463f2ee479fbfd83cacc61878773b129cd4b3e9afbaedb27c7fedec2f2d405b99933fe2c203d9949c567a7752aef8a7788d2375900e70315823daccd4f2a674196835c35ef813826b310346abb16b0145cd70fd0a04611ed5ad0b8ddfca6eba6b93445038c3dd23d3d15e8899f9c889af417e5662d538e466447e514a8897c21fe0be2ef18948b66eb04051c0bc961fa485422a66d649dfa86d4b3dd504a89919a9928ef96fd467713dccc1f19ee69ce3935f0416d9c5752b7dcf9272d2db86c3eb6f4897d94ddbef7c483fcc66232e535a8b0a5aa4bd443493fe539a32d433d9e89f7758db5b0606a96455b39f92aa788fbbe43cec8f1d36fea3adfd0353ea5532b49a7286381d985e018e6534005f605bf67ab4aaafdcc499ac0882fcd9d90bd88053cfdadaf466e536f2ffa7f18b3dc254e42fffc777e0339181473e2b7fc844b687eccc0eb543a54211084b1ec06b0d9eb0a0c96b88d6585f414873c13ef7002af2d47d5859a23d12a7d401ffd4bcf642db96c70fdad0cb03a6098437795bc9c7c6c804a26225eaa53f52747f01db4e62471a21dbc1ded9c4de2508812ab11f61f6364fcfeed445ffba549e45e641a80fb4b58ee20677c7d6cf0526dbf4e26d9e5afac5429b4474dffe709d09d766542d65e668d59c836bdfd0f78b846bc412f29da00291871d94bb5e6557d833c8db3d9beb37888c3a70684adc6b063fec3d847c42e0ce20e05482db165ffac5d1f2c661b9db6d19fb3e8909587351b25f2c225cb26bb137bc52d04ad8157f7d634f29a3623b4eb53b4ef9a78945280bca8c5e1882fae373eac69ea366e2f13a9fea75a6b7eb5cd4d9eb14f68a231bac780f84200146ce7795282952382e2393f0c2a99de830d3aa517dac4ac97f2aad3f7f8e3b49b22b078e3708c9cdd1b2a2a129656066c0030d747edd646384611d4eccc5b0b9df4852af7bfa94f6dd7584f6285ca2ea7ed3f8decb534e6d31d7165c609fd9ad235f5af8e4e8e58fd3d248d822c202", + "sha3_256_hash_of_signature": "efa42584d1d230708270a8e07111c1a7bbac0ef1afff6925eb6457bc9648c271" + }, + { + "key_generation_seed": "771cbb7c9fbd9fc5db93e3e4de6c034e58be9bade93748c42297142124696234", + "sha3_256_hash_of_public_key": "6556f4df516d7f6b73452229522e936cc908ded0054d819caa58e0f1889934f7", + "sha3_256_hash_of_secret_key": "bb43ba3107dd8cf61cebe2dbe6f01ca0283cf2698302f09b67817bf539788165", + "message": "4beaf8cc3a7c393932cd37a2cd8ed790f05e4038adf1287e2acdcc0bed9bdbf92ce44aae95caf4eb142b858e1421610eafc47de566182835bdacd4c836f19bd686d53c3834efd928487a2ab3402c2e3ab3af97aa802b05223ca6927722c3bd1fe3f8c20f93c3951f907314896cd21cb99306fd7e5b6176945c2898b10c1df62fbb2680752cabc8980b5a0430be39d34bb7de9544bcccbfabab709c11bfff5c958c8763d8d5830235b49ead26c834e63c3f3f2d6ba944fd2688f6350ec99daf4cccc42c6be1cb19dd46514d71cb6e887dba80edb580b27f1142a20ea0d497e0336d55f1ffd4bb3d4b3521f0a01c7bb09258971d1ed4a98ec052b24776623d7b9a83c818795e3989eaeba8c9142a97afce855cc6ac0aba15f0546684ab5c2f48b23bb72a88b6af2ba9c73881103cb6fa99e3b03119eab03bc3b9bc365efcd7b9f49a8bab6a34a00aa8f2c88d7bebba808bd97111ebb192d82ad244e18bca732fe6f72fde5bd533e4bccd3f50332dad3a4169ea85c324d165413f10888ac3b21b91de09fcbb9b636ed00faaa669abf6429b78c3c04f239722f31fb0b1a20cb1a6b553908070ac13521df66772a6036e6695cf66b9a90e2111e499bcbf5dcd19744f43deb943445248a5e84f168e7bfea2dc4e1d0a87fb4140eb7c72d2dfcc27923206054cec870888a79938dacbaacf1f122b22ab5c9701d777bcf9809cebc9b7aac52468134fc4a92c2baa9b8c0f6249130a50337f460a42cb5364a5e7408caef8d12ba6934ab645de9832818f9db71f5eb0b158de6a76619e75245b56020e1664d8faf1c1782de4a688d4055e07d842410600e9454e28676d44357853ffa7740200c91eafa16bca21d0006f47fe8159a733e0e91549df434ef316e1df9bb97da6a2c2e2f20a65b3c00041a903270cbb55ae2432aee25c71ce73bc2322ccb8e5bd0e24820616a890b0851d825d79411c14948dcdf48776d72565422056fe75765e50736c82f71270bbcf229a7b7a45dc88aadf4f84238c896dab889e16c17db7be551ab24873fda82f102d0fcfc139c9febe9fa99819cef0e2684dfc5c843a6d496d8a595d33c51e1fde9a84059c7bc596d32d53e2fe046f23fefa51d13f9c28e227f5e24429b851addbf578922aeb0c5a61bbb666d11d127ba45c9e6378c70d75643de776483582e034e81fae0a3f029c47fb192cfa018ce1f68261d77cfc9e05ef19438e47f3de9a68c8dc09d07b1bdc6ced69592623750f72ec2fb8c5ca981dfb84b4bf0734377ee9dd8ef5ddcd96f438d30ab78f402ebff2163d43345ee8ca119f3208e21aa3a2185de967b475b9abfbc86465275f9a634fc22015e94a298e9c204e9786cb1ff14a5e99f942d42ab5df51ad09654083df0259aa1c26a760ccfdf4a276600c5fd3a54f210b20731941eb48a79435f1f86c45f8181d9758a1835721b87d36c725878375febcb8d48ed2ce8892db50965753a98f4e7110281db40ed64dd8eb51ab9ce41042589152d8cd5876ff30536f8955172a7a8f5c3f5ffd22c9954903136f781f0574f45f909bdf1657fc1cdcb9c4689f41e462c8d39108b10d78b6892c8775fdeb139258f8130bd1d2a1c72b5026506409f9862aa8729b35c652074494feb84a553cefbeed19d6ee94758e800f5fcbcaec19b6a00f33eb237aaa6fc0b3a08c1d8829c180bf95e7d05f919a929933b7a032cd20ace82aa5a45e5b2fb09812f36974b5eda1b387feb13bd49ac374f821341282c8fe2fb0cc5c075356833ff8cc6b648729a4298ecd73bd0ec73957077ac65722d0be23c1536b8db7b0506dae47c0070564e7d7f9444f47b22c679eb8aca4826f974a42043863e498e5301ea162c4e96684acc5ca26ccd083541bc4c1d2fd690e51f07fb08337450a204b0f4f2c17785e037424fd6e78746764584d5f19255496df1e524bff0aac31bde9254429565278a39ece4627c023edf18bc21bb523d44efc259742dee9ff7159d5f700d957ccbb505a88c2037629402c2a322d17647e430777b184ff7b4e8d6b94724abc36a5ccfac08e2479e8310bcb7a617a25fac6efd10d0a07248f7d4597f14309b8064fe3bc4a4479f905e832210d49363d1e5d58176dec9abcc0c5132fd6eccead2b05b56c96ecbbeb0b803e43db2f982ad9efe1e2a49649ed8e42707970c93615d54a3e673559b996e48a3b73143ba0884e918888156ca78f793dff990fd721de0c0b7916a5ced736e31292c5af062d7ccd83fe653294fac8c50cf6ba37b37d5a9bfd1e3b92d1825c1be0795f9b257cdab91ce99c0c51bdfcd6c0ab5a3bc6e30f884ecb4f1f61a3259cd279205b2c21cddb196360061758e67b1c3724f5cb6311eb4fb92e6c0d71e6d1ea45", + "sha3_256_hash_of_signature": "ebc4bd6b38da031f8b0d21bf027fd46e496620bccd6887298609f5feb84eeea9" + }, + { + "key_generation_seed": "fa812d8cc3a9631a0239474eb93ad3a2a3480f2d973d3324228ef92a3b043163", + "sha3_256_hash_of_public_key": "fdce7ce1313520697e1062aae48f4de75a17d338241ffc532cdede532fa64d24", + "sha3_256_hash_of_secret_key": "73a1b84b655653d34822c2017b84e43bd951bba51740872c28bc37a1bffa3971", + "message": "0bf9a7c0f63cdcf3f850ed7c5db6191eeefe29e498a19f9d89be4698821abd72edc34317b4f8ec2736dc83c24ac195bd55aff00e797a83dffadc7970fe53304f16f5dd92e6ec362b9e283e41ebf121fb2fa2a3f60124ef3ebf836ae51fdd55ca9f59b085ddd660724c072b86041b50a3a446cdb20a45ba65380adf007e005df2d9aa16a9d22b11dcf6f0b1964f04f45441a923691a15d80dc85003b9ae281f2b5983dd1a04d80a4d9c4372d9820bbfae3af7735e7c71e9f085c0a6e4bc107d9e4ba222b38fb236b2cc3a19dd6067beac460383ff2bcc771a7f1aaf092fc72c292fc1d5c6fc6b9715f1e1272eb22f8e0b33a2830e31bd6c531677902f6a95cabc3e9c1ae36f77037a785fea355137a581fc14e6bd5f1f7ad1a5dd19dedd448b47b558c22dd0fcbf296a812a726e7d1b57f4688d3f577104cfb15fc63c27f7b6051c7aed7d645186fca63ad9c2d68bff442466eff76bcf0e398d2bf54c2ca4cc614839e9bca48ab2cc53865803710a98d313aff1ddd06a65680eb83c640052db807eb2f38ed0cc211128044d331fec3e6b0b2f3b675c631fdade62c16d1719278413ea3f8e54ba34ede7e73f3d94802d2f9cb9794d257c46679a3f00015945903190b97071f8fb55f8696253aa3f39b3fad344fb88224f5313b43889b768171895f7aabeff25e21e525ea01a996c764a3acf12bffed08f3f751f5cc094b50b325f8b62c7a5b3256964d48543690538e634e5730354358534b65eddd44a526bb4b15e2042b6210f503eee06d00d615ccad10d73cdcbf5264b526674d85c0ed31ba5ee584f21fe6d13f883ace4b094768865e43099e54671240e8e2af8a7d7d22335b3974ce860e7238a7c1ca8a009eb51c8636f0659189ac8ef01c871e9008957cece0a367b63bd2852bde8690bd74c6d956435d0ab82f94a90cd00fc840dfc7036b84d51f1ff5076ca0974db6cf25af42ef7dc8c30c2b04ceb2510e86ffc510bf4c931639478fd1520ad571fa17958ccf8e37f5f6360030300ede3a33871e9582808bda2233996c5005fd0c23d99261f570ad9027767f6fc96d18ba98e8ddfc2b79ac12cda5f2367b4bb6b99a3e07b59882e49a92aece85339bbb18ab9644d20a3b2a795240492ce4eaf09d9ef728fb82b1de7b64b5d391251ffb0699335ced8c7ce642ff1a79f04c3ea0dc37ea101188361afad236eb218cfbd1d0ebd784ce27dcba0266ddeb87b59b66a4f75bb44665643fa358dd3d0b69b49f45a752b5c410e2299a62be4b57b32b0924a069a8e8c15d754cc34debb0d967e70693a6ffa58cf7099c2c2458b437c7b205cc7e815f6cb494080f9eaf3017e5ff918558dde415ff72e954ebc2ed4c20c8ece38cc916060d22e582d54f74c6c181c2601400110a683f4a365e45ff1387bce4e152a740136bb762b03a99fb68f6ab42620b2e3c00fa8d150944230a6330409b27e4aad1693e2c3dd12216c4e2ddbc5e9cba68b8b5417a7b2edae7eb67d25f4edecbb087f93dc9c927c33076b1c71a2b83b33870d602562ed378805a690dd2a427d86c2c46ba4741f3defeb91a05eace975c836e52868cffe52ca92f97de94768161a3e953bab6a28016782909ec53c02f35184aa9ccbd5b793b525204b72deb63e104376893b9452c3f2c492f423cbef1ec87c85788cf3073ffbbcd67ff79bd038672943ae4bc68da131dba8d7b41c83b4e9cfb6931987b270c74919bbd40612f823114e4bb148671f1aa62bd2bdfcc8b0b24010ec112e883aec9746d0f5de467addaf51f8c070a359108b1f91643071438f098233ad9a94d0faa665a39291a98d14a861905ecde4755d00e690429c57580dcb6d51bb6186ce72ebb1fa8413892cafb8713e89775013e546fda30aeb8af9f7155c08b25810c80ccaa5e700c124cff59fa32e0293adadbcc7b1a99f67e66b28da614c5a4ccd706afd05388c65ebce07a543d3dc1e5a5d1f307f675728d4c629a04e9e455b4da35236c677f26edc622c1fbf29568d509ea0690af4cb5dbb4e418b6162888e43b458774a31324bfd5ee8d2152e4ad43a3007d7d4af5fda172c2779837ad3a09e135de953ce966727a7183bf77adfc76430666b526692991d3c9db5bb377552a7801c548aa63f6931d3ee91b875cdbcbb7441a4ff81f86762332d7192fbc2f7b69a58db6ccd3558047f1940a1cacd6fa28a000b9795a2860394bf05f0120e6d85f96b1fe9de14e3ed66a31d747924b6ff2620778e0714aeb34b79a5d935a0306e55c36506a292c5dc568403551907e49a43a6263d2915108916f1e27cf3529d1b7bd1544af83a7cbe58547f192a93ce5c5bc6d652405ffcb95345f522b2d34e8ee0960bb85537a46121bd9a408d283a125eaa745bbab04e2231c19ae95e13901c69e5c9c4d70b104478f4a70d64f81269a8", + "sha3_256_hash_of_signature": "c21346fd82195e18db28e68009d61cb8762bea87afc71b50ac7423571a24ada8" + }, + { + "key_generation_seed": "c660b84d558a7e6b4eac47c7b62135668e0ef0fbf74d514eaa3d0d428014282a", + "sha3_256_hash_of_public_key": "6cddf0f9435d51b9143e46d039767e45743d32e5bf1aa932bd22903f4d892e16", + "sha3_256_hash_of_secret_key": "62499a802835c10d51e7016bd79f77576455df1e286bf9e1a7b9ce4b5e5b1f81", + "message": "dbfc582ae98d8fd326fae96a1849efe729a1173339d90c48c3a2b867135f1dff5b497d05fd55130694b5f9c62d136647d767ae682a0f05c670ceecc03475ffd39e0bd4e45b720d9d7e8dd04e69c969627682ad83f48609f6e66d0be99064988e4654e3913b7caf1475622e211bc247b98e5baba1b804e2bf651713197d8a610cc111ba5fd98a053408ad155dcb756d28a283bf3b20e6f3785dd5f105f8d7d9f2956064860b097c675630edee1f17e2eb0b26b6c20e260f9a5915d63f1be2c74fb0b37013244481a2d0c581c4ee12516e0fd4701e9835c8526a490cb39e99fae07c40236808f9605a63a5106c19517c3711ca4b9e8eddc77b242575d904dbe64223cf14a8e39feeda9d6c5f9cd0d0719a7eb5efa71453636f78cab8262636ff1e136c787e38a43faf02699c1f260ec45b068edbeebbb8a0e08ce282bf47d27a33216856f0c59e743deb13397656ff17fc4b3c694b189c35e516be719cda6542260d1301df93a5d93ee118f7cb0ac94d0364c9ea66718a4bc7f3d7acffa60afb7100f7d97e98dffe167d1d8e46c912d41ea057362c13b078cb1d9c443c1a57ac18c4566f5f5388f47a40ca49cdaaf34bd4c9a597ffbf7ab20d7ce88dd76a639e09ada323c588b08140e9350268c1ff76079093a05ccf5e1613a70e6e37cd257875049a767332e5f7420f319f9ac78f97c0c4fa40b1eef8c8b48045c78f73584590fe41f9f274dea838de75dade66d04e9d9308cb0a9948320d28d9ca8f1f51e39ff3de20fd5a2a267d127c317acd51fb779e597a8dc7359d920548b8bcad761c6b8012304e12628a2652d12a8161e538c20d582bf567e9c2b46b4cfe2d2da31120c6df50df45c80513aa9eee9f2613a221aa1d23f861c7f26aac7813b7ed7278eb420a5c44f2a5879a2f1f9f11e14602762e3389b152c014ea9ddc9ddde9ed1d6f74e7526f690ef37e71d448342c012e032c00e480a699ade617434c12da0e69139d0d9036743b9e2b9134b5086fcb96b193330ace8e4f77148ad0f532e72e1792795080b54d7172fb9af1972d00ae24d0b3d86528675b3bc8c7b80598d855b95a77667ad0f671f00039c08cc99f5644bb006ba9356b9c02bc935212c43490c741b0845cd7b4247592374aeaa1b589e670ac62777293870963b5132dcc27088f5da5b831fa570766fa81c2a07b88bbd45b81992edfd2a7fe934219b1f648dd8a414fa03eafcd39e72bdf7d4f6b9c1f31a0a67df03f6709f2be0e7d1b1690c92ce7b8c6b1054270d796b16d6e445d24cb11229cb0f92dd81190a37838951ad28be2aeee6c5f63da60a911ae0a24b1d05ef2f814fb30aae8ca3bd9f01d4fabe5b279142af948b0e6bbccf7560107c161c816a0d8e61dd908445079baafb78c14f68b8b2bb241fb03c237a4cb250911142d0b460acc75e6b0f58bf28546a4779ea7342238826f636a510cc9cffee8bb0292a58a07694c05672b560b26158a8566d01d0eea0773e81f3f84376b29ce375fc56a0689a7ca5ce94b91814b62cbb61ea2efca0ce6712a941d612b0f700c56b46d464c2aaab3f64a89caa8561a1dab2869d79da1720274d031946c4c7715fb9c243dc95cca7aecff55eba4044467eb922e93f57e3e39b93876a03936dffdd2af48d055c6c188f2f229812ec94f3fbdf7d7db62e4274dc91718710eec2ce034aef266207c5ccba21552d6fb8ddbee8e931067010594a9e0cb37250f67281c0a369965367424d454cdd05d3c8f35a15f76b4c8c3fee42f4c9cad68849837ded3be58730b94ae3a5f9146f90e03b4c0836381b3f9ccb5de6bd2455d241be9132eb6d4937ff27663f4cadaa9cda193919f4cb0d0f727f6c7b26e831c3ac8decc234d79d1b3bd28305e3012a3733ad718fdab7dd1a6400bc47f47d20f627d2449dbff10e37a62299e22e408a28a806d403cbee19aff6fa9b1814b35b9573adc86f829a08893cfae4a0212293447d3086e21bba28049f3ed383519917b169e8a1b7dd64cefe0da643a97950a205cbff6bd9334180556e84199f0b60738715cd69aad7c882430578f6fba4579d908f863ca54d0b9862eea6abed31301d183cf465b1a256cbd597a629307a8a890f11c23dbff895b932e9cd2f5f06a4183d6f2d61117126fcd2ce2b86bb44a9a5b402e3eedbe4ed1df11716e91a2302cb72d8f0dae132e16311c80dca041694af1ef63f659959fcaa133d9e5668f94d0489311af3bad379de17793bb3ee8a284529a72cdec474b3a82d92c6cb21c63017f262e0d7dd47aa5c58f5e23f8a37f00d5438717f05bb974f18a5d3e1ca054ea053c30b34fbfaee88bc0195f061ac32f5b71b2a8a3ed4b8bc4edab40a6396c052dce72e10768526c00610e96df38aa70938cf844cf445d8e2bf73c4f32a742812d8c1db53afc6b6c0a4bc67c3cf7579702312d6c89bf14e9585d2c624d07feb4b5b57f8e4c5cfda69a5e922cc1e9", + "sha3_256_hash_of_signature": "2b82d9ba78dd4e53a4170b8dbc80d61ec4b87aebde15ed592f0f5a28401bff31" + }, + { + "key_generation_seed": "929f309ab3f90cdd9c21eb77a7ca762ca3afcacbfe3e67b056290835694ba3d8", + "sha3_256_hash_of_public_key": "d2eb0591ae67fdb38a52121e53739820dda40d4c461bf44b576302a248ba3ad7", + "sha3_256_hash_of_secret_key": "17c747dd64435954f497599f5494a31dd0e30ed5610f9a528fd824bac156e246", + "message": "6103e5b22f934203b5ca87337095c9a19267afb9695d309beb8a557bb7cc90332c4a03e1d416d397b945b607268f545928104cffd71b02864e010b666cfcb68b762fa5ec839b5aefd0407419441b38e6d881bd5218df73c675df101bf2c53d90ff86d4a3c7db19ec9cac044e0467a36337aaeec32217faf86cbd7bc2b663421754cff1200a8a66e18f812868bc8d1c8ca495e6462da4b8b96d4167f040f04927a7c27ad35cf174d42684ed55ac80d14cbe4cc2570642ddec4f44880d967e9af77ee27d0d3dbaec9067fb6fc957ac4a136c1d564e17f59ac4938d43fb9050d810989907125c47fcea6c162c723e79f68339cd1b3bf596988bd6e215271385cd50616868c6bf40fdc34bd30e5a00773e2c039723f2ac3a3fa45f4ce870841762d7435bd6ccc5fd3d58fe059ee455a806fde89155c84797fbb73691a1fc6921859e99066a3239e31f28d1a46100db1917621d9e61473cf1e71f9850b584b459d5690941e676a7dd56796313ed9abdbe03dc75afc1430dba27fe0f8df48ef7c339f462af1a6d30a5f8b480dfbbe860c4c0bc136393c8fa0875af454273c3cfdba7eea44eef1a4060136948cd98b9d2c19aea4934f3455f31dd15be6545134f17a195b6bc409159c0975e592a15e86ca4943ccacf4b46719a072db8c629b67768f1956f8158f179a0b645320489dee404c8d0c4e786cff39b324053f102c118e7d51173cec0fdd017f213b2b07ac6b2c7dec04172dd5396a020edfb74ed86fc31952d241a7c3d139def543d90976aa70599792e73cf73ad0bd4a359bf60dfb2ce96a784d8de5e23a95e831ca6ffba6b187bc5f29a7757185ec06ac882572ec6283a1875b54fe4f295e1970bf311dbabaf9f894d3364d68f529c4ef9030ab934bcb09459d5aac61919946fd28df1ac85876f979e8b8528e9bbe69f03deef136eea6a8fc86f31bd64285c8c9f49adf53a8baa7867ce52e72dc4a63929df3ba2662dc77d71f88d8af42b8d67ad54884ee11f5a6b3b794f7d5610909b0b740937587cf475da903159994a262b6f32a3d1723fdaae65e636b71cb0ef0a744f359bf08ac8231ed2970ce8c451266f703da3b57f85aceed4c1c174c50d9c226f028e972ac124faa6f60518699cb4c499220ea51a538f9ede67d0e98e1bf8fb4b24b1d8ef50a28a93e20076f8fb812cdab04871d331ff434ba66dd4577b18dc3f471b3e96a174b58a7ac2470eb8463a71ffcba2d064470fd2d4e15f9491db09df3e3ba376a3ddcc437312be5848db3b9079f2ae046798473bb970d725e1d7c6fdf405ae387dd7cc1735a7fc27d1a476592a514b87c9017e1e5d37e338f37916f3c72c5f2af75185b88694d4e8e0a93fbf20ce81a7a0c10d55737b6473fbd92bbb39febc6167336beb9c235997796b9c0dc18c353e80305175bb412acc29e647813d0003f727ed0577a7c14bcf67173da569320e887bdc8f5ad27fd8864261e802a6753c6f9bac844b5900ed0d4274c0e6ede42367079188b10bed5999501164fa4c5a818ed6ee229c3e0e0f7804b19eaf5d1132be1d7fc18be834c842b21f8ddb11f8cfaac10d2e124981ed698ee7caca211c5624f09c62e1d451429048b55ed0f8a714bb77a0d4b40f0a446eddfb27602b7bf894805c4aad9252658f6b21a05dc0cf6a3acdc227fa867a4e5b1db63a14de26a79aacf1900a7b7d867c15cfd1daa712f2a1e2a6c7b31b121465539cd0164e3ccf79a978b543ae9602996448c6f68069d044fc958911ef40b0b9afc78ed014d94571f6771ea5e2306a7cac32c135fec0bbf1dca3cb0b57daa239c01671718017c907048e0d19515cbf430d4b3b4ff4fc9a391d15a38b39c4e528fac04ebd3dc69144c98afa75102d21ff961bad2e1f25562af92554814405c4ec08dae4a0cd28be592c9c9bf997cc0fe31502dd541000d4640d59654d26ca2a17ba4cab0518ee097c05b2984ffc56e8182368e216768e0d07e17fb64003e95194d04c6e00e08386084febb6cbc841e8f3fe2a069c45554bc502c27591ca3c1dc9e6b1694ba2c1bc0713c1cf738db22ffeeb7443d72d5bdb975d192976a58ab33db58f5dae497a0b24011e15e3256ff124dd99af6fc300d1fecdcee18dd4fbf25e901125d4e80efa8e2a211701b74fd992e63376996994e054cc00e7e1de7db8e7d2898a735ec4920dbefaaea66b456cf6a12324c5d56762313a627b3523ab1e2c1c82e4fbab136ae4395fcf2672a58011d96bbdcf2a7478305756d66b30a4ac44e48b18a5964aa89f14187ea114084d52b4ba77755ba04c34777409bdb782b7b645e93b4db284525e2f9c9c38d73b475dde2251277a2e6c3183d5dea78414e22cc8fb4b2c7efa797cd4a87ac81d3242ec8d2c2efd6bcfd69c39f14b0b365f3151a96f75454a3a1400c76a4390fe9f2e7a22a0cfa687a5bef1c905d3a893b0dfd35bda184f25e62fddc2a52b6a67e76f550abe4cc8d1d63cc8631e4cc315e46d3015c3b8636b92b8d07075d401c654fb4a", + "sha3_256_hash_of_signature": "b70c24dc1ba6134544541b00a5cd979462363cc80157c5acd1f32c3c2bfdff40" + }, + { + "key_generation_seed": "dae1eba78ad1568590348088aae88c1abeb59626ef65991cd76ab81198e52837", + "sha3_256_hash_of_public_key": "24a0f2c0bdbb4c692d47c9b68e04cbb17d3718daab03dce740fe8dc8fa7c0a5b", + "sha3_256_hash_of_secret_key": "9e0558cb51a66abfa7fe2ad4ff1944e38fa2e8b60e80b202f744e2959a5742aa", + "message": "3eac87b3d642ceaa3dc904ac3c4245cb2a260e4b74d0394d33d4b71024144180a727f80b092305f31b2526998edf6f98e46933fdaf0e8709e98d54f13c2701c58bbe35292fd3334c5e03d345a9a2ea1e01b2c4573567ff1ff3ba7406a16f5a5805edd760ac78a3ab8602e415f67c7cea5b36421c79f83cbb14fa775448a832a4b28851ce215c11dcbaee652cdd7342b6b1204727479e6208fb556cf08bf7ee230f32659e829ce4fbce0955d01d36624bbac18c1d25a3e187722f8f74c88b56e518cf0e78b3b0eac56d8f13c4afc4da3613a41ccc2b0b0e2ebbfe5799e479f81335360d483596e9ae926751ec9b956555f271c2ccd85f0f6c1bbb2c326c29b5ddf6b5c4c11f8eed15c0143993feb626543e92ce4d66c0bd28c79ed1ecb793a3091d6b9ab510b0d41aa42d70c2d8f26ea0b826c8c375e1dd89b3e2a48fe5d88a462deac33bac35aa32ebc010af7e47b77ad23653d747760914e0ca12864cd401787efd96f30d82d8907dc68578067703dd19b2377df319eb540e8ae78b2be86bee1c915ff3b2f4b25c0ac22ccf89bd85371961944d8a4e6d20e2d3e9df3a07d3bf6986898786f0667545275fac3eb0f069b457d8ebbe5f60125f94756db04ea203451a0de160cbce2a34650d92f200448b097691a61361ac487fbc3c82b2bd7c1acca02031311971c3cf69ba459a0b640a702db4467973713a6f2466560ffac0592d64ff1d4a935220826eb559cfe0144ea4b8e54eaf67ddf91988dd4b3749c865008c0c1cf98bbf76d929b85c8c426c15fa56706984e0f2e90658fa3cc33ec9fc700976870c94035ecf9a0534b18d07f55923663835416e40235cc2550bd9822f0912cf101f86039830ad9102aa4a3b6777edec5ebe621082fcf81a1c6a528f0324ec9d39fa80b6e87d6366e7edaa0e14337d6708f7c3d2fb1978f4f5cd594fd35b267f9cd09370d3366dce286ccb9647a1944f8d8be63e5ef8f6108cc5e9afe9127da84e1913439ec35a4e17f7782df042dc2f7c5cad8a659db282e61763539b56c2afa0f2b507d549ec8c9e76c7db306380cd7b46c9699b6db8be06cca15e8e83763137b06bff02de2738a46c61b70edf4f394d54d0453dabf689fb6ba41616bc589cb9847224e74f919b6e03672ec6a52584fe81456d6e648dd6f0f9b068eb72241f067bf6b891a498a9a59356c735e10efb37b3ecf47cc5620a35442dd81e25d2c6db0e9e871301add193d628b30e3b4345751bc17e0b5b05af758a653de7bed3763303ffe1af05e407f296c736ca6f4c348b25718c7a814bd0730affc057842af3d9b9adb12fccd740add16218aa57e43835821a2bcd70f1027f3042d4a92f10d0a1fb8323e87869bfa8da24da75f8743fa3038c24fedc0c987065421bf4b300be3ed3f6d6d590968d3ee32a8f5e20ea6168756aa18bb78b6aa48c299c36d0e78b6f84cacab5946c69179e461f4c2dd201d8032a29ec6c52942ac37d9c76ab4a401c9aff96284e1e9e39bff6d912ca33b6118067605ea65d7f611dd963f4f75f97346fffd1df84c79ccba06804b3017775d8c0bf614fcf4d824709557937b22e1805a0a961ecf226f26e3706362bf6d8d1dd30be7eeda481a64961641dc57b9f0211f8ee43578e4c2b6507114dfff3c3f884586bfd1278d117f7c6014fd5980cdf1e2fd1f34ccad170842b9e819c22fab9890ae265c3bb6946fccfe218544d00a6ba5bef5224eae24002b6e83e0b35e98c2322be2eb3d8234be8b048c54e40782c9a24d7a8b461ec05f38a94aaef3da3b46d0d85b0d949cf1089408189ff97c56c7dee50a004aead82c15c7c0d0965f3c65a9a715a65d29cd3614954ebd91eeb4e74f862fbc944c56f2edec4d344f92e8154708ad0f5575880503ef0f107a9a9db99bae82357c16578f3e6cbdf9b427da88dc322d11c6ab2a6ae6f5179c94454e09df5caa6a519a4c1903c8f2925639e12af793695f256bf0e55e0d45b73880358f09719ed89a4a1a07868bfbf16095a20035d5d4f99fda19ddae3e21cb98308f4508b5cee706c27898f03a2bf14f29acbf055e4ab0713a7b6fc1a7853efd36e1290e69587fec15d492a66b9a4fea6e2bcde61e02fe18e06f59a2f4e06f177b14ce4c1cf1a8d1f49c554a8a4c68b9937b4c230320c80753d4b071bab2deda89c9181820336f1e766e447ea1c44e15cbb7c002c1813d2c1726db0e4de289466077da9610e5f3aa313b1b01dd79a4056a8bbe9d843ce5b0439325ffdfe91fdaddec6cb86d5cebb68d8f9c0ed237a4648c412780acff48fd9ce817ea70d950dcb989ea6b11fd87ea4f30347a27488c5c15be7fd6d1280fea3a7c022f8d9881fac93176db2025b4c7914a51099893a791bf5be851f325347484ca6ed51b2ba71548a6046ea7ec85b31a9967e7d119d2ca3a51c1e14d5a3eef0d41bdd615da01d45979007a1997de281bc340c3203d5bc0075b1aa38873a9dbb9d18e6e26971e70b54e41e2c8c91d2e60fbf85435c1ebc4893c45a201b1d2391549f52a1ca3e0440adfb746fbbf0d9933f9fa0220b3e04ebebb29d2a9ac1", + "sha3_256_hash_of_signature": "0bedcc8a3a7ad6852b6053dd4ea311f65d52a53f7d121ecf430f540c1765e96f" + }, + { + "key_generation_seed": "15ed428927a7eb0c7c2dc7a98cfbb77bdd773fa8747b8232a6ec4b87cd7dbce1", + "sha3_256_hash_of_public_key": "5a8789b586da11748c8fa672bd3c85d03320a66d0c3f7ba63d28d27b00579ae4", + "sha3_256_hash_of_secret_key": "f0ec524ab90f7233dc7ebbe155750934f33871c808bb96f0b17c76a9e3df35af", + "message": "baa4a41e4b68fe333ffa5ee97fd3de18f0eece8eb83e46a8e3505e2ef8aea2c4040ba3809a764b681ec7449f41a2463651a8cc6def0e4a058eb843ef016e5cba8d55f925e66524be55cb98fc3169082e52e0d6cc3600c4e8a560b6d448a72ccc95620101323f98b43e28d6357414185ecb0263c7bb94e7f86146661fc897844cf52873114d39123260893def13516f982783b927864b61b56d3a8e5b4705da3a95f6d12a6637c9ced02f07b4aa0b08b4924103036c2a93b31c91ebb6c5b77de090ebf60a04191eb6ce9cc9b550f5b0c9104b74d15358854181c0c5640fc74caee14fed6577fd75eeca14070b6d02a9a421247a5bb262d6e62b04649e75bbd3ed8e72752289fa7c1a68096dd96a4bac8a2dc27c44881dd2416387d74a005680a3d229d562d3daaf8dc37b4c87cc86a8c991e9327cdd43ba930cdd8d1e44aefb084b51111965c5dfb0ee2f09112b070cbfc545119aba823eb3f65f26bcc025b39f79be42c0396c5fc9fc924ef1b7ee9ddb71b6e69b579c0a64c5b020206cd3515b8d5f4ff29378b9580d282f7e5eceeb5ce9c09a7b334e62151100cd658dfffa66f4091231bea6c9de8129ec4f5fbe8be0ff4bc93367dc69d9e38c177b23afba5c27fee3e2b73c0037dd7c419c854df7c2412349bab43869469e80527c3ad3a7103152f9e0b03353a596002ff54aba8b14ac393ee52eb5564d63bc2738d571fa3c255abd20102bb299441b00eb988f3a5cfb238ef8c49963b4ae8877e6b317e208821510bf446ce6b06c33717c91c460924248382159198f09d0f5a25c1611b2d39cc6d2ed149fdf0e09a0b0b2bb77067182e386f5f6a55b68808dad98e5ceb0fdfae6a0315845acc7b9c172b0e82190a5eb7c58de4f86d883292a883045c62d6a1b3c886c345aa6158276efa6b93ab2188e47abdd25d332146e980e1b1e043cf63ee35a5aa01ab6cc62f77699dca16fa30e3632dc5ccd3253d01e547746c78021ac307f0ef1a0119ad11504803edad933150981c4d9fd181835c507651dc92a86737e3afd0eb4ddef6182872fbd31bfc6d8427c2f4d3a39bcbe6b5120b8cf2af5dc59949c92d10b1c6a96810564dd335e0755f9de25ec26c102355688c38250df8f96e105136855c8de4bdcd86df03f92977da16908caeeb4056f4a5f751a57ba057ac0309f1c107e594cf3c31544e4f1d93fb9ae7e1a2451e7082cf0c850990ee71ade0498f6a3852dc4fc128bfdb8abdda3d759c8d4f83fed8509cde5eed38410fb9f0a5f30ea45c9270ba2395df645aaee03f56158685a0ba65de3d2c5209a7ef4bdd4bbe0cdc966dd1bdf1fe0be06c7115f7ccd80f8012e5d17955ae0c9e4220076882f30dc5e391295994b9f809c09dbed8ccdfc89669f40492944ff20948080a4ed66ad8166b613ab2f4414762ae493ea6661950e8e56b3758a77cdbcfbf24fbbbf20eacd5cbf8815899a1c3fd20b1d04920025885388012d9c58ea842db9530b7ada901ab9ce46a12700687bde07fb99bf66d0c775218b8454c936f03558b899b59361a0c664081ce8a7858ddbc5e7c5480280411c9acf4d1ec45035d97524e9e44f963532ca5067609540c1bcb5627f99d5c61cb9a6d400f0ba0a74e45ddab5a4e8a765dcf2f3684e3a2661a78ac069fa38163ad9f9713eb45c841c6617697cf8a72c54b550dbe9c22b04d579b09aab0ef4ee8b70ca563f81ef9700c07761c944926f9a76a8c3eee1cf7e7524d65908c47c35b0453dc10db5b75123a5b26b9612c0ae18816a71f34638798dfca21f5073ce771500034f9a71feb8b621356c430b4d47cb1b59ad4677b5c679188d8861beaf52558165f691f65a692e8cb8d24abb74b8885edebbe52fb13dac16e3a8ebc4ef192fd10d71898e93547c7a09f8642aa3b4faae23e48bfa809c5989d3462aa50fd4e5c4095542c45e5600926c2decb4d18bb43b7274239a8dfa3d9de1bb9ca099dfe56dedfc9e120867efcda10b48f7e630506aa606d76e4537036127fa05fffb8b8703cdc8de70a78d014872111a431f393345d74e8866d9a9a633923072e93dbf47c54c4b205c60e67d5155b76f51ab49acc7435525605dd43a10c88a03e08e257c68937bf2984be63d40f8a60589d909f8f09688a77da15dc7b4853339f235b1bd60aa845b4db6b699325885c49df9c40781cc56fabea6201e2f8a9352c28ce321b9441422807e9c81c8f1ec85d240c9f1c8ecc4ff06d6e3682dea3e6cf92f2b74c2165af247ce0f5ab84460693254b523498a57e7442977f51f1c2f649bdf756e7f43ae543f5d8e692820f8a06322667a7fa9c1a5b10199a69ccea22c74e172fed43e550c68c337ecc5e6aad9f7eb997a7e619d47df73cb917a705c3cde5ff344f6fbcfaecce6b734e09a385fe54b224a880704d774581074c59eb0a3b42c59b8ba4518e764c5a532f6655dd839862af716903a118433ce0809376a88e88fa847b4d1c63ee393267b15c1e42a91dc6107cde990ec9ecc7c1066e9480e90a22907c51af47da837438a90cc07de8121691bd73802d5d09d18a2d8b38a28948735110891d1b559a73445838f359a6fb90a3cab887486cc9d95cba35b55693c890830d2", + "sha3_256_hash_of_signature": "d4920e72016edda008131a7b3946bbf7c9d89b5be10f1bbfe4f4344c37742380" + }, + { + "key_generation_seed": "ba7e359b1f669783521ad35edabe97141a816c2fabf0ad0e001e21f73ccf7736", + "sha3_256_hash_of_public_key": "610a0cde91624df75af4de69e96fe3a2a0a5d6bb6a42789dd57991458d3cdb00", + "sha3_256_hash_of_secret_key": "03704bdaf9e04866bf6c97127689d8679a6cfbba50d5f9c33d2fa683fdbc6b19", + "message": "0707ea05515798829f42a4cbddb4a95c5750879e0a584ab503f778015f83bebf6d63c3b48a4f478ef01091403ddc5a9662e39707dbc8502acf50f3e06ed0199cc647ea155feef503be045bea4035c07c4cceda306b8187185bd06c14220f2b7401229969c1cff8c36d499d5a725fa1ce7b44d71e6c0e4e750766183883d838dae4f00b140e0afccb0e72f935018a6314232dc632c5ad3c26919d1a7925bf0f665ca0223439518143486ce92650dd145fdb2e97e0d5bc9d6806f442fe90c9c1f52992e670db2603ad885fa42b3d8bea4e470b7f76a367aaa506e931890b6e4607f59e87a7a5fbf3991eeaee47cfbbfe3cbe028e67bb645d37a7be5e7cba6d7955cd62d1d8db0d9772ea0185c25bc1ad40a09d3e7e9caba72bdc3a6ef3c40c7ed6208854157914a80b5c66a6dec2317fb5a529421c03cca6fc0a3b3d51556e8dee7c1ebfba924fe2ebce8a46be96e761aa6749c0a9a2b2fc49b42ca47663ea3395df22de20947db14fc1fad03805955d67f8473baefe2c1e22bdcc7bb988db0dde4e83e26a16f10b93bd9cfdba77b9302edba0c9afba7369a023ef763c55484f7425f842111cae27e07a511a725f25d422d933f2ec201bffe3291411ac3cd6e91018c95074c18fc780a73945b148154987854cfa1cf1199bcd03519c8f34774453df90b71fea6734dea7191ee2a5735f7a191f527642d53c844b087e9346b07edd0b78c36f83445825e60a13c424f72530e05f75da8d33957faff004deb549985790956a0e7d9b256298d56bc6206f1e4e1e958fe298641a277a2c8b6b9b7660dbf689ad7e1a19cbd965cbeaa4a0d30741586290576996ae668ecbab4f06f2a1d542e32c5d3f042e7e29a41bf86bae29e7029d997876cfb23b10986a45ca029739b2446a29c55561aee8ffb187961e6e7401d726af6d8a5c816b2ceaa9a1c9b780ddcc4f0e4003542b193ae26ec687f8c51451d2d5387d9c3b9eb95981df2de069fe741cd5c15f6d1b12c5b9b94230aba33bf46dce8ac7e26896edcb4f87272c32d19e72c313738855c02c6f46f1162be0a3ed2e76704b16169689bf532ead7ae7f2b26f4d9b22712662beea1f46748fa4c27d1d825d3fe493b5b3b513617c81d21a0912d329c5a4e3a90ef5a29a4e3137d1ce3eee99c42d034e61593a4076ef124bd6bcf8fc911fc9f6077d82c2980c2adb955939441bc9e81bdf9d6996ce578114c01f9ba096d6ea40f4e0fbb18b3e3d25e7f6d6cb670ad26f604368acb6190667b7b7ed3c1a1da04e42ae0087852834b91aa072ad51c0193e5299481221bc9083118f7b5503559f1e2d9e22a8d57932cd0b59509e7d7f459e20ebf4c1d0df71472340e64992c0485d593714d6b469547616dfeafc95089689931e79944204a6d0a47a565dc325f3be19fd44bb6cd4bf2b1d4a78c883154d70705e121b833a4a7e7e80fcdca03f52c1f831ab0d989ac5dbb5cd83babcb3ee74b69681818dc05e33234775123f552cfc7c7bb0b98c937957a2c4e86e3d775468a7cb8d33756ed7489d04dbe52eaa2737efbc4c4d0f55b5a841e1453763e611bac358fad0b5778c6015d97cc42ca9fecc66cf844dfe55587c200da5250b3a419791f57d3a4f672551be885dfe2aa8637d6c890ee8e1063e782fd7e2cb356bf47b6eb93a155d8d64c9f6cca3971c5a7facc3c052a2aa9fb286750f76933261aff5ce408bda8382af8535145f432f78b3b25a768b5da2a211d1d07ab557cabc7a139f66edbb744aa76e0fbf22092e31c92cafc624ee1dc6732f27e8e7632c6eee2d1f5c85b52d712c884b36c91da383f0de9e06e5ef63d7b7a692e5e91ba1a1d9298e26694faad9ef262f117df8115e2e877197a8069a96210ce65d45e6aa7011654acfafda810cccc20c1985d54483dae12b29d7ecf66376968b52fbd727cbae7c9e3dbfee7391d985228aca9eb8ef98fae32bd24552a6b34baa581dbb03676a3a4546e10efcef269b18e1172f560fa0f0344149543551e079c1745bc0425b5233b7d7dc32f751d321638edb1cee56df0359eb6d9863cf3e341a56060c8ef8486014f956c39b751ae239a493a017b2fa5210d374ba83df5d799b7cd92987febb0b2cdb3ee42a61381304c5eae2add4777011c3279bbcd1edd6f91ff72b3c353ac35da8fa843dc5561d3cdb507730e8bef20cf09b0ddc36d47f4c10d82652dc2937d889f83b1ddc30e52b244250d19eea9cf7a3b5d931e2e25b64a0a81b2c4fe933a17beac2e10fd888d07f994e4f2583d204da126533f5e36b62486a00ccc317c4381a8fe11d36c43e71be108e22a98f53729f05a5e0aa38d512423db4bc1d6bfae9117383acf94ae2a737f6b8070858beaf08e365ca84925f8bebaeef5af77eb73a9d3648aaa6493cebddb95149f0dafacf129fc321e558084a44cca4b429d664d90dd90f2a04818b48d135952746ceca76f99b947a33a3bf7c535b187c1971af4fcb1eac841be7e96f429dd38127b52facc2dd6512d8d019e0080cadbf7078fc67e9af170a2a00f70f407b0a7ff469e2f6ea165f8b43eef1779a115089de9abe6b78c93e4b8e3b018686d16ce8ebc88cbc1d571372a3996c9e5967c035f9da6e200e7ecfd1cf7158563f36a3aac3cd8acf52a4eee29dceb03fa3272a671cfc9b", + "sha3_256_hash_of_signature": "5ef6430b164edfe2a97d496adb4ea9ceb63048102e25504983688d18607f0730" + }, + { + "key_generation_seed": "9daef95c8d5a61d3a3a267fefb9f37d6e677d7ba26a3a5bfdbda8c281be89ccb", + "sha3_256_hash_of_public_key": "e6ff0ce8c4947fbdc3d9d9937cbca6f70ac2d9f769e6329830a019b79cc541d6", + "sha3_256_hash_of_secret_key": "4d433ebcc9298b944cbb6999f853d26edf7a78544a9bed5fc3f8c0915ff4fe6f", + "message": "f3ea695264936d537d86e545e132131442c2973d19b37f8c911e3ecef4a13a8b1edf5e5968a6198d26205ffe6b76cb14e353b5e2c9de1bd44ab9bd55862ba1a479833335725ef52601810c778da4a32c497ccfa43f91c72a1499e8d295ae7cdb43f1ca05f0d4a31b30d9a69cab8288640f3f9e081e2c98cc8351c7eb9954d428da4bb374b346a83eff5aa3f455f2bb3fc922f901bbe5695e3ab9892a93beef90fc150b3bb47f6965c229f7dcc3100a4101840417a0e2547f9d42ab27216254a2898368bfc60e7d407271c213233b6913c8e48df10967757bfaf5b5e2a284b8f67c70537c97583786b5185b45e2e36bd8b5443e98601f772829176c4d66f44a81aae7c13f539490640bfc40b83e1c75305b06be60e18a0ab568859435b715e15ba1ee4de73e04e1b09dd15350ae423c131706f057255e9fa8fa3f9e3ade7435a6451f7a2aad0c0fe0f444c4a247dcbaa49e7c926dd52a33d3737b4439c1d40f861720e37bd25366eb5f34bf4b552160f3eb80ca8fb19304e1e4143090f8e965daeff17551a3931905b5cd991c6bc5af5be808073893a47fbfeec0940ef5e7d2f2ee199847e1a4bea447bec40f86f6fdaebece6ff0f66e04193355c9576dd4aab2d796cfee5d432b1d32e13b8903a06ffd3aecb00c169a3af8389848cec724f647c6ba8dc3134ca18586db3e4138601a16df8873a490f23c4d27fd9c3d4fabf2bdcba4af3f0793e7b591198100ec97602d9ba572409ea49d7c8edc646335fd4494577720ea7cdf3b4266fc201de4bc204c0d35cfb55010bfac68ca0df3ac936c9fd2a9c532b8e3461d25362efa37da159b64670060cab833eca799fcf1342c7ee1b80bde05abad08b9ee8908d50cd0d433dda0b120d1980f690acad9c072502ab537ef71b691917a76d3098c27fdc6fad1f1b29e307e17c87d9fa6a06cf8cef6568d9e4e005feefcb5f41a46d91e31b41268367d636c4478921e690d5d57e99da3448773d51b673109cfd3a58cc50c127f34f4963fced6c216e60ea0952317fbfe88807bff4223624f6126104cb46c8d39ee228bb4fc0002287e346e5ace43e2caec07a22203fe3c4aa9008a94f7075f6e449fb89905bb955fa0023608c494f7b73d2aa4e2b0a8a7e3caa889b6b6a6640f7222ef969d46ff6794bd97c5363921461bacda17f2781e14419436e37610e52e3b7b7bf9c1a4b1d80876030f9a8981daa4f06a432dba739db988bed5de7f38378ec1f7d8a46b305896ca0caa5d8ad74002863c6ff91ef25ae96450936509efa93f94718e895a82b4616a965af004038e0897a6563dbc91eb5a6172adba052250d06d210bcf5a250246fc3482e57fcd9901104c5ad58eeffac2860a4da9d2c308552efbda2d4275f3f3651e9935a0e42869b9263fc7ea71079e604a4ec6dc61cef6ac6cc06194def432c1f7cd9edfb0c4b448dae3c2a685bc818b2a90e17a4c1caaa5fc2632f720e764e2b8da314224498119a0d94cf5dce24176421c2736575672b361119ec7c766265768cd9ff1957a17779c11244c1cc82d72d4e3c87107885f71c56da2bc41008b0bc1375c12b3b2a80071ec03e377a93bfb227bd560edd5e5d88f46f7ff9831f05bf262f01f62278d3dc13f4f0ceca0509091c25d20666d8d3527975ca3495f6843b46b5d5b6f5c650e981defb3943963e14f00a0f78ce785a21634c46b531b4f2ac5ad0f03d92372c334ce963e514a1891716eb5d5bb1b67834994eda492719032e2a4f961ddd6d2002d8f52798c45a9da8145bfd191e97d1fba1b395858b0fc7d5f5a54e69fb3780635f70a763e44075075580778676e6b9705b40f40210e597b5aa1aa77bcc3be5005159a4b68cbdc6ad8674495e0df65a6decabafb993cc49c082d358db1e5b3a8af2fcb0049a15bf521986ad84148135cdb185fddca6802c2ade9ea2e82047725d73f51e072ccd799d696d7530f61b16e9b4727c58cb0f552b188f9b451be543bd809b63d66bcdbaeb7aa917be6aef05df559b3aeaf65d5ea12e852d1370efd6197f970f52292f27923a10d01aeb652a9a44573c137257b49d130f1da48e532b3e33d4854b995534380b4549511b39a99145af5abe0ccd3a9dbaf673efc115cb75a9a5a806679907bb525a2bd4507977329eb4c985b3575de6533fc5d62358c21af3dbdd20deefd7c417c77d37dc2a098a8fa48f7944b7ec6f929387ba11e3516c9ea681238650416ffb97ea343d5f227badfdd509b94c1451c54f85e4539a8f70dbb5efbb10b2d82a16fd0c997c603b8983ceb840a7c3b61918d8a97766bb8442c3b9ef2d324e28dc19748417d32f642874a8927688c74bf4f6f6724015c4dd50eb83b85f613fa20938f5c895f88830a40c9799c212b2dfb453ba0bc534f75cedaf7a016f6744cb4f5269fbf0284eb90cf1023918078024c3b125cd9c7501224050b4d20b585472b42a0f494513ed131bcd8f75e223317f56b37ca48780750de0bc81c74a3388c94d93a65719122e9d533274811b76965265d7b2f91ebe3c5924ed2d4dd5e327a6e7546aa2605e4c78d0208db7a7f678caadfb32e6bcf8c77fc7810f7d1d5d50e26d1a0da03b8afcf99904b2b3198670462451925381f0bc404c51f2f18fa7e2c1e8b0c6cf97a9a65e575373996c3e9da15a18d15c93548377677dd713c9828dc4e4ee823a241377c65a2948bd29447bfbe", + "sha3_256_hash_of_signature": "5550ebfb4fbe499cbe503500c138a401ff439c0e6356aa394d60ba841a17cb75" + }, + { + "key_generation_seed": "0531b4105cb209585f9fbc29caa57e64c2d40f0829931a42caf7701717d9096e", + "sha3_256_hash_of_public_key": "d9c35815ed1a6a8c9497e95cd41ec2c9f5ef67cd40bc5cad43d5bd898ecfacbf", + "sha3_256_hash_of_secret_key": "7b0fb9a733397d6c93b15cdfec22aec6d9b27669bde48bb9c8e00e051a3d09cf", + "message": "437e0f77bd0e14d704be86135119f39a0a65650c762852e2694ad9bf2ea45c7ee59df915f5aac128309847e944127294566ffb193d0361dd7111d32b06dba60a12e053f424ddd70674e902e409bc6f5891cb9a76108322cdec1491d3d89a74cedd855bb0791dd6da371a75ae979593b5159fbe9ddacf88506e6a184547e2a7395a46fbaaaf286eb7780b789fed86f257e5036a3555e777b909243695ce89957df492c80050457afd84aad9f8918099ab00fd7ad3528a3d0afe5b52300053575b839572d4d7ce43c255bbf5f16948d40bcc2e63714487afd3638601adf47a324482ecc99fb88574538809227f8c0a5fa7f20a0b2fefda38e6a665550e44b8d5630290a4815621a5dd74a2108ca946241c48661eb087240788808bf676b145442b2de4c35e1a6b8cb1e97e54cb729202d8827a0d4994c6d7f3f406ed273b00b6590006af069d69173b5ea8237b87705f362288ac3a50bbe7e70eb15df6ed820d66290f57a87e51b2c5777c9c95c2a76ecf2e296a7c295bfe029bbe681b32a6d9f16d11c7ca2750e2f8877af5ddb616d8a820de998b0b2af5b0c2c5641f498c99971932327ec2c73c0ef4058d9f33683f60553ad2962370afc6725743c86e591d7d7c20944479daca5e92d66a33ca0c862dc60dfeb5ec3c6e7de356f6e43f06b1431358285398f8885176d60cba218217dc7afe4ad876d0890648052a56812bc3f8a9e6c49f9d70b0a032924b891a9410bbe2f214c842bbf0511ef9017744a0dbdbd500a4189b471930e25216d2588cf8ba39aae7623966cc62d6c4ecc8b00b0613d912e60adf613c8f55b778efb93a513a776c64e8dc943e6272c0eab4004b4b05ce9bce9ce2f2b86fd8429e9a72cb16ec3ded285339edfcd122150f4e7310f669b1dd4cd7e76d282d10314e8abf61d53bf343f3ebf9968e1be8f3785581f675bfc28c893729cf67345d0f7c11d6e7d6da0bff255bf706c986704a3b9c6fa0602c6dc108a59cca70f624b08e4f5393e597459bea4aaaa463a3b08de147e10de6b75a0d87bb79ba9a71e7f5999c8972ba992228b60912aa2d7a32703ba8bc02f774430a2b590911d48d3866396f1d71f19ca90ebd5277743a984e2156cb57de88ebe91bcc09ccb5c687cbcd4e48e4ee110f4075a21f9a051700b0c2698fcd6a5a73372ca366a230a9abd153e4dcab7a33a8226f8458c5892098bc0a95619880156548f300c40bdef81e8c1d8bd03031c690b7c3c000ce99675adb4b94752ea22bc9e0278d0a53a2a19363a9388bb8d6c24a45b5dedd8f7482e9c29603ff182f25856fbeee2b41b88b352f99db5f33d8eab1a1a1fede60ea6cfb7478db7540d3a286e88117503c4d0a2c13d32afe3f1a31d1af9ee60eab8fe06248cfffc7bb438b77d94b5644805cc276f19268dd1ffefbab3c796923288638da1c15e014723a84f8c2dd9f55f7adc2adc13fa7cdc29baf48ca438c882da5f7caa792b7cd984bb11ec4b681b332edfd4ab4c132b08bfb688f81baa3fec5a079e2182c282a3ebe2ad5e4c59090bbb989e6a07d85d604f5ffde0587add29a5175ce65d29fb9fde3e8b49eda1d88ee8dd64fa1498d33ebaf4a847ee9fedd3376af46c1552a150014c11ddfc5047929e2415d3f9d81186a685a1caf2f004de777760f0567e880866320a7b42e61cc994719ddc81e28525e50195ffe4e0467d9a9182b75ef57dfee926d7744485a55e07d1bcd1c9b9b12a60460bff016e9834848665f132e2ff87805e00154c7d9853dbca43d005bb197eeda3d2d9249a621efc4177415bb103893c82eeb0aeea056b40e98b5fe65527432ff33ce3e09fe1288a6e2641011721279253800abc4b73f65b15b434bd34a573e77a94729a78c92f0e791570a416a0876db39a8fda8696fb12e7fa3bb11e7838054e4195164b9676dd03327810ccff9586217aa3d50e7d3ebdb1ae1bf6889df316047cbb278ce8c9741798452a38e48a7138e1fba286b497fdb8b1e7bf6145c5f29ecf6d5430f8e550314db3cf48f27897f312c6d9d6357a880b721e5148da7f789238ce411f952695f4a878756bde311bb4e62f10c2f9939b8530ef70d3fb431655aeca2ad36bb5df0582a07f53f1df8e0325e635d5a5e795c130106502a081f2fc52a9d97c5daaf174f13d2de1ea0f8860f08f4fd5b571e1ab1e84437f3c82bf19b96e46513c316bdcf994bc26fb8461f90594e08e6d4a032c1da38481a1ad7bfb7d5270255bff23ce035535cf478216e6d2e62e147ad93357d62636b1ae42c4e8433bb94ca91d0f8ec265f2793514543aa86b786d9760be5c77aad5a8449a7dbe92391eaafc305c1267a68e6acf0f044fc144d82c917992748b9232dec4e33ec97534f2bf60b56edbff675f0343c9c78e8a8d0529a78e2eed9f998b360360352009f01905c1a4815a36b111cad8e5b34688b99216171d4f57283cd669dc05995bb8d94ecbd3e7b662c4a603bd85251f2ba35fb6ca492c2b3e996fe66a1eb904ccd61b0900e7dedcf136f50e4c3ad5fc312a2de4b3e51f355d01763692c0722c700a544e681a316a1d261fad727e557398e500f15df33883abe9d1ba645936891f5a91ff6c8a7b9b6fe5062718542df4fc4ba50d7f513945482381adc42d5a9d444ca211232615306d7241fc49f08912bacbafbb056c018ad4d6021d99fd720ed6548a5a29daefdce868d71a1ba72d9f998a3f89fcfe526493582c4c8af5c1be065ea29f6155428dbc955b745df", + "sha3_256_hash_of_signature": "9df1e0f8bfda03764432107a11e5b26966cc377d5781d1d8651546eb8c131e18" + }, + { + "key_generation_seed": "7f8515aa82dbc9ec8cf1ded5ab58ec0d08cf686e25a8c01fb1109a3c68d19e48", + "sha3_256_hash_of_public_key": "ce8bd110f15861188bf31f33cf0dd3bf46970f3ac53060869dedefae5595b1cf", + "sha3_256_hash_of_secret_key": "1bd678e0797023fce923c0add60a7cb4250b7c51f63471bdeed8f2c5b0be93f6", + "message": "e4e3edcd70c4bbed033f402ceedc2c265dca10b2de0db00d454c3ae1a0d00c97e1dc8c6804b1777ed21ddf5145b9f9348a931c128a8fb03827f653c37cd95859868dde356ace682f627fb69fcd97757bbe8bd5a260a293d2acf0bfa2c0a3548fe25a2ba1a21f95123d592b40c20a927fdb615e69878e8d7c98d261dc01958a088599d3f9bb5e14002192fc7de417b1074b3f7b52cd2a699091fd9dc3c5929e51cc0259d2255caf0e444ec11257b759978bd4a7c8e2ce8473325b7498681102de6ffe9764334d862e379d9f2ebf9b312fa75d7a50e08b94bd43eef78722d423928fb8e26fda85a345eeed0326a5d694e4729154a9997b269407b7d03818025eeb2ba96580626dfdb3bfbfce100c508170d8150e4980d5d386761f4e8311339b47852acc2a0a01dad90d3978de6536547d4f203ceffaa652e4f2f28639bc3ff83c485c28edc0bbe21d17b8ecaf3794d64c36ffe7f07e8a906cab8e7fc9067ca4bf9b074c7fb01ef99a05d7c0f35d889a63afe5ff18023bf77f8a3da0c3cecea0e538a6dab5c54f3a0d83151595ad3ec4c45132ec2f22f652ea5dd930e692a7c0d7c23de84314caa7c017ad50d430fef42de557073ddba6caa4a787c92e6e28368943cad0974edaeb7addf991cce20bf51c5a898cf0a2104abb810bd4937d23e5d43490a3194b8a109b745e0a365efa59199b43835682e996794f16c5cb874c88d9697b189ac54a1ba1f459623c1563cba7689ebb32dc4fa0bf30e064d119d40c36301a653a4f959c97873003cff7e8e030a137bafe0a60ad08e4f692dc107e68ab40edd0c384875b8525aa0a5ec3aceafe557ec76db5283672f9751afe1166d53542d216186a3def4dfa94e57bffbebd6f4afec3c0f3f40f651a1251a9ab39c262d42313e9f22879645589ea54fe894ac005115a43dd806b2c8be6222dd9f02189d4221a9dde99ecb8c3ef4171776268c12adc37e4ca92eef09d2d1803db1fe917521662ba7ec0c07292c7e2130eca4eeffe53ee0ceaaaff6f4ccfd42186611afee79bc651b1adbad08458592d69fbeec708c7537925658babbe7e9867915c6a728eaf41b0af2effe55207c01652891c373f7a14409d05fe9e26c2e72d688047de9a0954516b85ed6a3230b6b0ea9c5f086720c26efbf8b7f5c5d14651d54c4ea181a707c562239cfc08b2e09a2941d04d587b90134d8f670f734578534138cd9cb7ec04437a768fe65fc5b3fbe818db423a2208e485669082b422ab1257c2529cbf7ba4cb30fa27b7f702418c2ef9c3bf7cde53661df716449c6337c54542eadc5209a0e030ad6577deeacc6be1813db24bec035cee6aee93749d524222535a0277600f8e4f4beb473093c5a00b6666cb319dff131ae4f004eeb1bf71e5d274e3dfbfa246dada9d6f548907091045fccf79b363e695ad54c2f791861ce04874ee8c3375612de820cede04e4472bc3dc19abbb91c42a1c3d7b467837570e7d20a2ca6405deccff1aec03e0558076e988619cb0cda9cc87a12367bd486b676a4f71d40b88ab4e7fa750350dadd1a8f12b70864792d3cc1804be8b7cb9dda532182c32582015c1788b43054b7010229f46bd39000440e7f5d22e4d52eed85b204b344680426aef51f0ce0551feb9672dbf391a9ad363ed090837cac1e721878e65af9ba92a0ee7c7979925fba9f4e452eb4fe3af03b9eff0526ff0a331ac0b8cd27a0c49e5019b7025c3c9870c900a7fb31ff834e04b87db77c4d6dae4c3fee741e923704ee5f294d8f881833e9137158d1ee0fbfcb4637acb814a2a5346607bbcd6bc916235f7875334f2b75a7ea7b8b8ddcdf46c0b8007c9b3a014ec6e634d4173cafb1dd09cb9ed4a123151f4f2631d4bee1520c10c15afeb17198009c2b254c1ff0becafbf69be8c7dbbfc7e8f3f1ef05ff6a7945ff79ed6c317609b9238670dea26d56d481f87ca171ccfd726cc0728c965d9bc38d376d707e6979908b19fdf7e74ecd2d0671ec338fd54ad6cc5f789e96018521882588f888d7d715104d65954dba8907c0b7ce3f2acb802ed49ddf1416c29e8d685c5ad879464819e1d53fdac741f71e31ac0c17b6c8932a4a00e7164cf8bbfec36ebbd30392145b292d355fb304a88a638f991f6f89a398b09f1de4f0b29866029bee75a12d724a52736f2b9f49937f0e51b0f2e1bd2c1bc9325bbd1061e0f7685aca02da735d8fc39646e0b2453bb9690ed1c4853a757ea9dc2f4eb4b5adbcfcbfb0cd2587f61a24b77ca0d6cfcff47a98c7098b986d4fbd0e46ef0d1f9df842f4473c43912ab49f4117c8214a42f3083936c7e8a38b294ba081296a393dcaaddcd0d340ac62511e47da6591836553eedb466da6285359ee831a952e6c7ae3b943636124e43224d527b7d394511cf31c50ec1d3e7a20e49850905d504f1aae477830e3bda50430ebd47fdbb0bf537d8d479cb799b0429c3f6591328299a09f45cf9c6d30d5c1c9203b9521d807875d7fb2c2cfaa688414497122161b1b4f159b66c0834e111da4f82d5252367fd2dbfdc079333fc51ab0d34ecebbe786f984852a596be620ec6cf84ed596425b90316a13b39e5ebfa19b319bf0fd1d6c812f29970fb1ffe948bc0d2e057b1dea15445d71b5f728c72dd0c69e277c58f031f90932994ac5a177926dcc1c570ac1b4b099ed66abf7dde5a5d77d08ef1ad7c6ffe018f56efb07c737f33038846247eeee147e4a5995bdc3352b73f15fce5140410aae3f0af1764e5ad996d01608c5e6c6c96a20274ea7781b41fc532b01b52134fee28f501efd9cf", + "sha3_256_hash_of_signature": "e1d52b22595bf33d4a5316444be9673ec65dcf09f60b99e9b1ae5c09cb83fad4" + }, + { + "key_generation_seed": "5af3838060e0f83352a75a0ec4ace2ce8ba119bf89f34cb4d6b8e27007cae7fb", + "sha3_256_hash_of_public_key": "97860b7bfb56c53dc362691aa3fcba3e6fc800044e112458a29d926221d6ef6d", + "sha3_256_hash_of_secret_key": "5abd2c7d3b597dd1b2669550c44a611330a0486c804ae008a8c2d94352079b2b", + "message": "84c603d1b5549c46964ff2987a1f533b4ced94e67d576a3b0bf1c8bd87a74ac7db640fc9f7ade44ff79b820846eb83367153f5ddddf9dfb7848a13d59436916efabb82dd61291447491d2ca04166fa8680e8e0e0dc98e79344534ca1cbddb531797a61c291606200107002091adfa927a763cf98cbbd631cfe890b0ed257afd34ac0c5280aa7c70bd0c945d78e6fda284cbb7b3ab636bdf17342f2ba28d707147f14d15173d9bc0b6d65fd1663c86971be1fa59da8325e1f3773bacc5b8d4158ef525fde6e96631c51ad142250252a8e5786cd621210df3e24cc0b4b60ac2f013d76db0c73df40efaa05a65383a8892276b3d69dd511937d55d914c3222a2386d1bec0a268e683716af4ab709d2d225b86229095e87fe70d69e6a34bb214529ca3f082c0f2709e77b86b00b4a04bccd343c862333b7c9163857b77e30551710ccc3a803323f5cd4eb5317cd2e6a24bfb77727e1c64d0ac47beea1cb35e5f2ff6024c06f2f391fee76f2e69537673fc0124e48e4e2242e84d8affee6803ce6edf3a954d2c54562b8b76a4edd91e24a8640afe67255605849053b60f558b43ddb9f8a04e987d15f6292962d10ad8f7b47188d12d1c9090c0fe8710dc3937c6939496884bde0bea979839837c61be4df5662c724610c7fcb4631a0a2083417be6a20f4eed094e2145bc72a83a6e147a655c481dcc906e63adc0244d95b6085fc096fbcce81eeb0497f48bb5ef827c0893e331795e3b301dc9f3a91dba9fbc838e044e2ad9859f1dc67e9bcc375442b4eb59714b5ebba87ac9a79c99ce74f8bc75740ddcce46c4b408b91dd7d4ad26b0fb1a4ab874f5504c40e7363838d22aec45c10d3cc2e233124a5cd8344249edf388e37ba43598f2c2cf56d444bcee04a335b154dfa3ca694db481cbaa59514098ce6e0e4138c0a543efafeda4aecc022c824259a06c3d57a70ea15a5dfc822449a27f58f9ef842dcbb636ce293684e1b331cd821594a12634e5594410b6c5e2306dc8bbe62c8b0f49f2f699a59efb14d3cad399f74ed893e1eb43fd770fd61e0c58e5d8cbc9435f4ad0892681a30df4885927130432186ad4be41f6fb7cfe660e23c5e55f60789b3e97c3b622599938b36bd1c0bcf6fdb7e4ee44c92b6a86ca2470bcdb8bab8df6079382ca314bf3a8b3c4286518c356018fd6f6fcdd9be9ad9c228f29135544e723a898f483e9d9ee843e75acb3feac447973d12461fee3d984f3b4f31645faea56852d356c96cd73a6f185e8cd56731e83fea145a2bf0c15adc634dd9e2ffc799b59a0712eb4d2618680c7493f50a9bbf3f7bde1025cd44afdaf4a8c42c9254b1b34aa8559e1cee9bde7b4da0fb3cb2289418110620e505b793b91f422fcf53adda8f7c96d55e26244e075d9a70004642712eac377ce18f88f2c8581694b8f621707dab6d292179b2a95aec5ad6e409d78253dcc05eccdb45683dfffb9c629afcfb0654725d650e4a283fd98e47f37aa9309e2933cc0393625dd81d4a02f9d5082644de02b6472d5d3aae110747e4f756973fdfce8ea5f997e30b11ebd50b45f6889d227d87d9184cbc6ed40e96def8b9236763c9999e21bfc1a74457ffe5e0dc2b16876fe04c2e0f0f47012a767a7ac18d71a7fd65f8647a7e1ae2d4d255492a18aa81d17d390e381b1722bc3c38bccea9d5e73231d0c6e1a96ccb47079e36c994e94af9a318d67b6408bb602a91d8e9ec6499deed0b51a9ae31d9774a1bef4c1de0e7a324545b2af9870cd733c2195c5ecde386d298c33d492937497ea5f0e05c377a4d755dea9d96c61fe82cf6299eb34b857217a2c6733fed64f5dac5f95a0ef2294eca844b96ceb5163363a31c58c88428152663ab0a2b310b1a9e9027ca8cc0db6dff528f9a421fa826a86acb4fd1d79c1ae6123c9e685ba66f5ff109fdff2497b1a50c2e4e7b4662fa11fbaa305a960ca70ff98e5290a8c3a27b4a3cf1705c6df4290fa64f3259fdede7a81cfde4214230dfb9efb20049e905833b5d48923c8ce2f8a104946fb3356154519d950998677c56c8b2c80471a6117b142e26c0345cdf0634e356d80c3be12f4ab89eb41dddcf98188ead2ff420eed3fd9287322f24c62b21f430d5f9b8592ce1cdc946616111c91c667006e47992fe2d5a2aad82f8dd1af3c1b8ba5326220645885cc94e8b2b76cbff7e161e994c0cb9e489b8a5662e9d420913af34433f5bab10ac72c5eeb9249f3c102e1762e862c13cc882d20be16834e54dcc323ea89a133f451b70087a8dcdc5b518eef087a571b570a7966f1c49bfcdc70ac05034d1dcc56edc2c0f57d1aaf16718c67d162ba330aa61a2875f90e2935752bff1ec28a79ead1ac18e70a833946ca6a15d8765e1a62aef46bed232eae89dbec278297b396cf611448c5fd4b36b95cdc54e3394c63b9b0969d6488ff1c700b390e7226f99a945306c6504958cd43cd3d63910a4324bb662a0e5db1622d90ce00e50ce7112193872aab5cee0b8d6fd42f26c2fb87fdf99062169c0be75c85109d4e209dc8a640fed3ec71ef3de8878b3d1729ff118f50f8a33361c6f707f6011454c5d744989ec1beb644fcf99cb2e7c3cd20e6f1656e07c3566c4de68593bcba0ee9f7bd2e272c3d47a3e03985456f18cafbebbc1de74964becabdf3e9bbb9a10b29bf3b458fd50f19d63a6231cb51cde3df46e4bb6318e81e10ad1674a053c8cfe1e72853fd60e6e642642cb825644d6734afb00329839f22ced734fa1421c4334e20f2ecc8bbc2652004203b3b639fbdcf5fda1423f08c3a1100655e4763b8d8356a151d702124d30fdd87b34ec4d34bbb3639464e44a693690e193329", + "sha3_256_hash_of_signature": "8ed26f2bcac9aac42b8d180bba8f42efef251f30dd69e711f97fec86078438bc" + }, + { + "key_generation_seed": "b323d48b567f7effffd47a7c9abf0add5f11141737a8af62b56e042ee498ad6e", + "sha3_256_hash_of_public_key": "078cbadfd010ec18845257c1d3ee10052f042c65e64dc23ae2455ce6b8bafa97", + "sha3_256_hash_of_secret_key": "998ddff0545ec3ea47938629fdb55e6d704f89d8b7dce804d950042eb270f1f2", + "message": "92d5feef68737ece61c6e0078d77fbae97b0b9235f40b97099c114b1586e107b5ed1308a8a2d20be41af129da2e0b38eaf02faef733c7a1d1a387bc55ef008530abc22697d0465aa3eb71f41ee72add236cea9a25995f3689c5a451e2f03915d96abea10d356d549d68048977587326523ccd71c05fd57bfb3c7a853f535beddeadfb84118f6548860f6ba536277ddd7ab42123e93381a385fa3e6cc023c1458a9f94822d93248f36c48fddc972b5d6494b26658440ffbc23b57363f3d82cce69fee4747a889e85343288d55d30fc54d2d0744744dba9977720e8edd2c0aca1fc51b0c6a3c68bb9bb8da0385db1ca4e9ce660cf7eb2382e5e95d2ae19def904a8651dfae53a4d0dc4d057ab1a506c3bd7e1d1ea3fc4623e7d7b410dcb312f037b7a5fde5e0e604fc33270faf1ffb6ecb3125ddfa5c49f25bbc98238c8ab1b903537cd67238995e81b814280a4ced61513d69a2178086d505f8dd1df7e11ce66ae33d4c982f94231957031a258e0ec745672a57a5ce76d1170111b8882a9eb5388094ebbd53ee9ea1fce4a275f9d7060c8da79018487b452817280c63b01b05efbf897387592e2bb3bb486fae0ab09f46d9f2e176de96c59992c10a14ec16eac36102b1d15541607075e67c842a888c87b268e9809148a323c423220dc31566b62f45cce1e2bc1b3bf43b87c998f00023890bce517271bec16efaa33f11611fde87f197852bc2e7a2b44f8c72a6f79b22f73be0611b81efe09253931545d2453939c46b6797cc5dc5a8f1aa3bd8456eeeb84ee76dbf2ebf32598750ed10670df422c7d7993acc55f657e6e1b3dfa1bd6c1cd55fae97e69d2f8f5af368f7da0a63b4065eb6d8f02b19a34600252fdffdf4ed8de2ea9cd2e74d63a6cef29bf02f92d346ecb9a61081ee5ac811f33aa5792f6a1af570a8b0846f3e6ef38452346dd637b19eca37bd1a6c42b20a5bede9a5de3c9f169d04d8c6cf5376d3404f0c21dead53da6c169f390eed7b5b54dbe47cce0b2ad1179ea8fc80fddc7281bd4fe31b9a26a00444af0b4d40a1b72be37501308906149dc6fc5cf02b6f60aff82b975fc8f146961ebccb4d126add524a9b33bb16f6a83c6f3727a72efa2bac116e493e07b2ca718a63fcac8e9d52a1b61479b4ee52a5ed30fabcea4d01a792a92676721286814f3b0f4e15e23ce0c5d59a0c3eb8573c0a2f66c25f2eb2fcff787324721004979be5eac505dfd39f5538e2c1b2cc12d20c1c5cd87299766361aeddbfff743693081842378744879e6e6371b3ffa9ddf34966fbf8dee91b7edf6eec3e4e2f410cb5351f847646c22ab594046ded63347d04a008fbf6ee9696c638ece73b39a269db239df36443868ad44d26a5c40fc92dffb008e436e5c18907f5b18b5e6c5900b41a9801db070d2db651187a4da7e2647ed3e9b6e9781627eb576bee8334374468760dd3b32985d42945d953d434bfd80d7f7ba537265ffcf27db0da1abdae89bbe94d98bc9ca197e41c0839728f964fe4ce30b8cc43cbdcdd9ccbe06fe99debc6f4024f3f00d43febcd62a1822a6d507337ee79d4517aa486870602d4f1c5368b0eaa1ff6c011a9a953aae58c75bbd3dc78d263a578c75cdb1ab324d71b9a065a9af3dab854189585c68d499ae8db887745e20ad9738705b9d2f5d429f12d6462e5e2ef9ffba53ce2f4e75449d2a7dbc3c818e61dc546175a6e0c10ae631df6b1eae6d134c08466ebf6eb5f8257aa10ef8c6f27f4295f7ebfd450629f3eb4e0f4be247ad7f5e80703b1247a4fc277311d69e5d62e0b0201a805cc4f1f807de99420d563a703493ad35a56b2b2dc237112f5ec21c70bf139a9ead8f7e921f086e001b4c449e42a0e3afcd5bc757040a2865d0e5adaf98e37e6f8a501ff39cef0bc364eecdffd03069b81f5e1978c397862fd56362835c059fcbe4d8e2a957fadd7d05bb195e21ad67b429621e1d6872de2d8bfdc91544f9e6ae8c164a23255ad0e00bcb21456f8fa6ae018f49605736c81a5ac0945e2d965f1493ed5befce512ae93ad91daf6f5a151d6c9856dfddd1f877945d932261ded67ac8231dc3ccd0b04dc1b02079c897601e363ffb9a3bcbbbdb0b0a375e69ee4a7135c094abdc237faa2e5f82d2556290adcf82adba8402c4fc9d0724f15bb87cd7a75a1a7bf826896d8ef63c7a2a3c371756af638706270652c376100ec42fa55196df332820d377760448d3e7adc42e9f5d8a7074bd0fa97433b0e2c501252de6939ab948552663a17dd7ff05430fa76e29f0519d650b86fbb19fbed097143fc242573e3e6fa4bd4a2ef6d9ce6932a066b4f9ff935ba9bc26fc2e5031c20ae30a52970a2df3504576108d5f26517f8577be61e6aa9d192ed62cf36aa641da0d274b1ed5ee864b549154eb4115658e6c60219cc5b2e22c49ce3ba76a85efb549117e1207f6df081d0761421262e352182239f1e34edbea4bcd8fa0027543824dd58a20324fd4cfe943aae5e361c367b22f587e2f9bee841e11875b026f12b9571512f72985f98f6d0c212df36a60975429173e317f6acf72e621f30654a6deaef9e9e455524bf07ffdf44642a1826f734d69f3eef4d52f26c06376c8f71dfb65a24a4c57d74b5976950af3a57b4248909524bec47d858c69041eed34e0ed3b111bbc117ab112bbf947d646ab3b7172f5fb726dbc53ae37956e29f5b6b1e3c90baf4e4fa544ff63815fdf4ac9a2a80ca0e8722383437b9a02f3ac538feda7a6d6c1635d3624a385d846e79e956dce483b89c346c1287a1a7293168d8a885feb6569ebdf3f47f8bbb50aa43941eb20001959af1b9b358aba13fd9bbc596ea42a9774a120af091d544e79c50686c26b4fea396bf1e4c25b8ee4929d75569a5fac521c77b", + "sha3_256_hash_of_signature": "659dcdb99de1e8e45f833dc0b0375d977b46f87a43553f59b5d3c527195155f3" + }, + { + "key_generation_seed": "c1cf3107ea9b283419e27dc563ecce950bea78c048a3f49fb42128819959e51c", + "sha3_256_hash_of_public_key": "b6dad82a56f0e95d9713097bde70035e682cb10f55f3603d8f0ea55abc83f003", + "sha3_256_hash_of_secret_key": "98d3cfcf9274780d11bb8c7050cfbfe4170423c2b31031d2bcf58e74f2e5e3fa", + "message": "7f704cef1c510bc2cae9b70fd248c656226bd5686d366528f0d0befc0a8761ec640cd2da7979de5eebdf6127f29abb8607f8a3d3be05be25aace7fef3063df28e22a522fff0b6ff6a0c61f79b02a408e8e1c775ab80be6841e9f8a9d030ae5518e3ea8a4e31e416e087d47919593598fd58122a9e601a57ef02de183d56921811ae2253628125c24f93c84361c5ec99e7b16962bd96ca190c68f3aa9dd60ce3aa7610589813b4fb77a4688308d9bc72cbe918583e298e03ab95fc500209c14abeb3a43baa92dcb11cb523c4d17eb9c6697b56c8b61eda05bf5789166f839291cfe2997b7dd462eda69b0615f2ad82aac0a32f4b30fe8725849c144a9c07799d6ce9d293c25d8302161757b8c8c8d07032d914ea7dac275919a1dfa0d3348ec07fdc70266975722763ef85ec4af9e14288c9659907526566bb3f2dd5dafc0d422568ca3ae52486d3f2c18b667e5622ba7e52c56bf00f82af2108cb4949a09179544f30758b7fb98c49ea160720991b14e2858d648f0585ad1bb1d08294f029bfe936154e9d328df2e054004fc5c29070df9ee50dcd0981d2bfb3aa7d6f637c4ce457c0c66d27e2670107a2b85d1f026bd970ef3fb7e32c60218d5e43a06d9cd26289a937b4fbad2a831425728f3d0d30c6c602af4b14411e9b3c7cf0b4d630614a9e03ac30ba2b024d496da984d08854f1366012c2400a5c8268c2b126dea5aeba0de7c92be0af08ca22e02604a753702bdcd642bbfa0cc91bd8375657a957306a76b6f139621481b6f15cb57bee128954d30f552661f906d8ab42cf260f30f88993bb40c9679385f5c4639888973361216df3c60c57d9b250f64b7634c94dda3fd122713fd2405a7b71f476c263a781dce271e7d0665e45dcb27f7293de57312396c58c40e268f57ed856f536c8feb4b0060488de3c25949d2b7e64207576641b34920d04b46766aa2978d9352c2769d49f8599f3d0439c928532e0ee428a3773fa4d68e6052335c6d93368e321d750d296799faf87b82c640a6e995d18dda002887f141db8ece2584da2fddf848d38357d585cd619b1625a70a5d333561d6de856ed9908d1e377ef7be03b326594808be58f7fb3939e939b73f11dab3e572dba41d43a046b8d2bb521728222d5a77dc886ac6f328d9a531118156d791d64f5df8ff8be8dca32eabc3cb259b0f72b021ceb4db36a6cd2fd149437b251f81f7588ae921456bef1a79fe83447d80caddbf20895667ca0e493a4731eec901e03f66de284400a5558922ad53d4e0ff7bc6c61640ade0274c63d94e96bf6c642b790823109f53c3c27130a1ee38d448239187f5009373be328af866a9b8dd1bb735e8002296043c6ff641a432709148c707b900ecf46555d77644565d5998c096756f79b6f0e20850b8bf0528e78bf5fb4859bd655227873d289cce47feda8414d09ed7e8d380fc4d580c7f44b01521e829e7b0cb2d2f345c517b65e2d476687ec9a4c160a3ac0b01cbaa588644d799b125910812790f06c1ecb1f1e64d5ccf92ae5e8147c98b0cfad5626bab5115844198e8c2ac1df9a208fcd2d2891f4a29009f5b36d8e31383811a9493cf8e143b5ac8a14d48119cc16d2c6bf6826fc47d4b782ffc76b64401b8249777e32c1298606553dacf386a22809b599924a635796a1aec3cd8568064852e54c95ad887d7afe837f6ff676f69ee6288879f6d96193ad94a0418bbba2eed5355876f2c3497448a5f8f3f83b136703d9a38fbb62784cc233df448a5e88eb5f81a0be97a16fd4caba1d87a4bfb08e002eba548f662d496a1478bb7c26c69ca4c100aa6872a4945d703ca812bdba53ac86010aa1d2c53f29e46ad095936ff50db8805df4b08c9580aeece3a6ddd828e7b5d4dabcaf112a6e35ab3c28a6ddc4d98ad1063c2ed72caa50086e6b72090cc1f2afebec6751f27ef51dd8557e53d928535d82a220f62ba0645e3c2618f3424ea1a339a138c9b8e26b14bc32d1736a4193c0c72cc402c3eab58817335c1424bd6f38cfe16338611118b4100e4038d07dca041c72e485c5290f0dde601565dae9cdf657a4c7839d3ade72986af396e767430125786e219bc5736f16fef66b4014e5961cfb4cfec4cb2a32205a92dbf1399e2710395ba1240d48277c120526cd9e2352f7d04d89cc2754379ce80a2cd1ac765718b8ba61ebb8bc6d0d407022e7ac672065fc8503bf5bc4138520cae233ea997463d7c9e00bbd852f12ec17c6f1db1914446aa21e156d210094b699b4117b31eae6386dc0de1f55ccec09aa1eb38cde4602598d452732c5ef8b07c477e3e2dd470737eaa7357e2e8b74c31a117b519bdcef79b6b044148a10468e38b5a6b7b10d74c6130a60a268ed73dc9a25ed68af354758fa3f57ed3558da654caca7150a8e4449d0ef640184a7a33d00ba765b01c442e88d9b4257b93904ace04375679bfd8271a03073e34c4a1c0437c4009a9590cb98d0b5581dc83407f04a22c9b0246de38e1a13f9b1191493818783950548be562f940240cdecd4a50c94e406b1bae04b50a3a19e7923183e3fd356238c45ae6559193e0e846df0fc6878be6c963aa8c3508dc31f766a4b29c78d749c89985ab8f580dbdf7993a2261cc4bbe489c3bbb38c46739bd2516d3c64a93f10cf559db6a0ea3bafee8b43f696a5288c66509a57c642bbeafb40f4cd0649b4ce25b6fb2ef5529b73556051213bb39cc4f1dc8004b1588c8de836699c66ced567998523ad3ac303d9e13617ce6c1d2fc4c35b22a24504c51f64155f24d91d0e8785b40912b3dcedede71a6933b36bb514fdd1d3d843aaacf2c1e79a5216622c20036c9c999dac3a5a2d43fac3b23119927806f497b4048f561a2276fda0302423147d35579dd4411416f0f59273429ac0464ac49b230e29dc124115d18a045663d228bfdac9f57b0c5b4", + "sha3_256_hash_of_signature": "01c00e22d83ab39d49386b3615037da3fa36d3e3329aa9208d2ac0562683ff1e" + }, + { + "key_generation_seed": "a50fc40f0d9efa5d254943dc599f7dcc2f6d197a4d2666d5d69cfaccda560817", + "sha3_256_hash_of_public_key": "e7b0f83fcd737fd95eda24062639fc9004e67030bf843ea228c68f5e12aaeaac", + "sha3_256_hash_of_secret_key": "c446832e05b81658ff32a2e13ca748c01169fb7f74a7d6a188c82047d191952e", + "message": "2e086fa0c4582e0c6ccb020f86a6107475985160bed201760d6489cb05b8d21452c81bd5d317f8857703daba24e968f3164c82a4a9751dd88742b72141734dc0b4a77cbe2ae1c287a396a2f5804519456cf1eae273a5c6361f52c35edce5ed7388d61d01ac040676522c9fd7b02a7deafdcb4169867efb69792210a7069287c5dc958d0953c36f84d9a26989dd3b726be8b94b41dcba1b5374123f55a6dbd6360698551c27d16baafbb0ecbe116b44f11425da45d7fe8aba91697d83b6896a06a7888c97a91406b81b3a5bc8b68a984750893114b4011b9c8beba6f5c2d7d9f2c7a27030555633a0f90e30753a04b1958141af7c1b95ba208da36f729673d20da0a83f913bec8049f8cd032d9f9dd94b2086c61643ab2cffddb2b9be0af996d642b7a0a31ce0eec8c61b343aba980fcdace9ced7be4c9048b356d41002eee0433428846ba4220efb7f493ff57b0c706282eee448cf7da9b17b32d0eb0016983175469aa5bba53489ec56ba3a92a70fda2390e3a5d8c038f496e7c3180c6971a39491eac10d828d44b3de2be64569b907005783e62710b9ad8eb8c9af4b04993d40d1ebf165efdec748fe9f6b334da6a30c568bcbad095998a47242ca16803fe1720fcab85233ad76ebde102a5d93ab98460494bc886bb04c05ae89e157967747f8c050b33cca52ed5e59050965523ec5c4eaf94cf2f2ee80c35aeedd14e65d937c92855d03fc76abaad57a21a42420819ebb9aeb65f031f9c4ba0ac2ea27289e941db89669a0620797091aea3ebfc2ac354e94d27894f444ff9e604c8bdf7d6c00df0e7fe9827171010445e737d0a5867636e3488eaacccfcbac1030c0dfab639ab45c5ac5435e2c5b8244e58c3a6bac81eea408020bfec66ef55fddc618083ed737f4dd3bb65474487caddf3aa2720a6931fc69533b6491dfc7e6e5fabf8103d05f870bfefddefa20822a68a710b517065bd2478ce080e5dea09effba3a136c1bc9d7d8088f736c363b30e2af2a6f2395ea8161cb64079340fa642c7763e3bf0623c968a16263cdfdf1b8334e427955e20c1ebce8c8cb136da8d002d8a9e5da3b1f56668c1c59e20dc3be026a43f40910d3a2b601d9d3ea2bf6d2c2781f976ba840fc986c8af0df84b8b0fb291d1310039d6914f8f7cc6b26cc33af94150253e8eb410344a64344a5a0c06e0f3aa23c68617c6f4659df79285782c89bea3091083a069ef8f048371cfa054de45e32c19a44db5d435bc8fef5570b68d80d5bf5dc06da13c36e3aea341ca9fe20047ac30683aa9d862306534ec93e79eff79fe22e3ba15e2ba3f59f7b8b9314dce31095d3015710c2927b54ba6f46d3981975229eed16c9b17813801c7d3cb3604de9b7a4f18c2f91b2b50c1f43e87198afbac718935db9cb96d9fe048d969635cb9f4dca659ab1612a698ce45336b8d9ff5468301bf05d04b3558d66e88de88427fe87e65d36d3c29fa3fb126f1f294e9bb391ee427001c34126c6622905514ce153682754d7fb1c985ae4da600aada1593a0a214332b310620b1b4e95bcbfd6eb8a241cbe848bab37462224994e0d2f3f4b521dca4a9a5ab10bee741c5919907afd2552d4aa300addf67cec2862420c8d1d8dfff60fdbe2d4a8d03c92e23bdb3400f5390ee4b141c5843b1e2c07c9afdbc70e3fc08e2840ebf3b0e5296e1ee44d12e68240fdf063c07bebf01c08586e8153068c1adc744a7b54f53b0fec3c752da9f6f989a1afea4adf1ad6ae926cabe4e0cb2cd864412daee377de559a38047f31e834a6ce56d4041ba709945f07e514f96d783f32b0efcc8b889faf2b6d217246ba7c07b687e028f23d2409bbc12d6ec0d94ad9697bab6395b7070b6feb2e907a119209c9b7d86af953ba7d2ea63982bcd794a5bac69407bb7cec5e027833b17420f146ae08f4b753bef6ca0922f3294cd2a670127f9d2a2ca78a30f62056a425cbb7074c9a55135bd06ce677abdf33b420f66cfdbe9461bfdf385a97439b3431cd29decd9b5e59ec3adaae879a4e8d5e28ca13e73fcdba51c828de271207a5deab373b1b6677a29acb87cbb01f10cd2c090ee66d472e8db61615a5ecb84a7ff0988dd0df9831bf43d732a12ec8cd50a86add12a5a2ea765744b05f73725ab8704eccb08bd74517f21054e58903481e7a724f7ff24c43d6cd23de84cd69c9e464e67003903c3858a6724247eb929716e170e2d2739aae10b88bc3fb8ffa849e385b4113e78c24de1673fc7e7285e6e3744f3843ac7be7ec16bf74215694ce467a2e859dd4facab86250fece28e0a6a31dd529d08566a6389b85c310c28a8dabbcca9cd6a631ef0473abfd6846d8326561cc9cb8181c1593d0f15efb8129af9e838af518477ce361640169d9731fc139881d452773f21a3e79e514ddaa513d7b9f3399c0c57d21eaa00d44a7f031b79cac9fc304e936e75a0cf8d204a6cc3c0fa7d037dd8acc3a33cf5718061fcd57ebd06a607fe0bb0204e687b2a17b1ff47da357b51a753076cb89422098d4f880f831842957e648c54adbfcc0e488a95581e709b5a5a129da7ec5b00ac9b18b80533f2dd1bd0f475a61db18fc0c4ea655f602b207b572234230c831b26cecb7bc3284797c4bed5a977c3bfbeafea3dbfc4257d4c2c5bb8689830ee157f3b5aa1eac09cfce0555880a074aeb86062a8ace19acdc1a25f8d0e454f50f119d12e707d103f3c1a502d4e358d563e53554395b5d386ad49363978afbca2f8b673a693acef70d1db4ceaa8fa580160924d4f18119be46c71e09fdee45efb14a74db1c688e99e24cb6025e73a3e7f0f7ea9c485274d2b6cf9784cbe39e388f9ccf1e2e8dbfa6db43355391a369def645f815424253abd0b6de9c0a0af156d9a4eb7474a2e5937f008134debc9fc7e54812967fcf5bce28fb5cd43f1aa240ba2e9cedd6f350d556db1658868091e6034d7e1ee5c6645d0a345d46c42e23c6821c360f5acd13f589", + "sha3_256_hash_of_signature": "bb585adfd2f1b7a6a3ed23ee09794e02e128b1ef99fffb99c8f0b44c47470321" + }, + { + "key_generation_seed": "4c0f0ef1ca8073a562d5414584edf268913d53d5fb39fa639e02e900891ea82c", + "sha3_256_hash_of_public_key": "173518562715d459974219f06eb5c7156e6c7ef0a8d4a7c9748d21ad8e1a28cd", + "sha3_256_hash_of_secret_key": "e08780af54b4a4874260086148b29936ed2853d7b4e7b1aefe897175f639a39a", + "message": "5180b7de9a84f651da10d334009b3d65582f3912d329fbad4ae39a9eec78943338c29db4f49ef41e3c50dabbb530e99113440383f20d5a3a8ae279a6201a0c84b003f6717c709c21ae893b6e412d87f8e0cee5a89e60a14ce975a4d42e4f43f4710fc9fa29e9b2afa93441ef5570123aa88aff009e2507a3e60a79cda25652e3ac3ac0c10a816bc04739b6fc758ff9ac467879bb67f270e4eab43f10a633e5932b8d6dcf23814de8643407b17b5e2a91b340f7bf6882db694de4dee4c480ce037b9f9a220acdce84b03746f307a6026531d712c0630e7de3add3a8516ba602d2463e3478008b3252b658fea54de41265b5c81e4e913ea0e2a63309497abf961ec40ac374adc0ff3c6fae9bfac5cc2df475885b0bc636702828489183cde1a2934f2d63828ad1f2b8cfaffa53151b0ffae6224df54c2ac47cc8844b76222c2a3b6e132071150049b6e46aa75dea28c13477980315fb64ce500bf0c6f633ae621d65b331ba96cfac162dd7897b8505257e228cb621bba9176a7afb3a2cc20d7804ddb3aae4b87ffafd3c8dc541d05624db02bd62491067ec1cdf73147014febcfa5b561756d5e7a13b88d1e7b2c0375e1d0de71ed20ca9cc4e6dacdc579f1ab024aae2a0bec9004e5dd81c046f00a2a4cb767c4eb240d205278cb863d1a61def16635c6a84c2406288410fa4b73b21077d8f7a4075a1ddca3d0d334725151e434bda80d3e73593338b07958d27337e32cde0010dfe5e58b99eb27a97dbd1c5e6f9a552a02726aad5a4aa63edc336d83e5870dbd514193367af2274804628b4eedfda3b2a155694e89f5a6798c5d6e036159c1f00d8dfb03d41940e775974b11c3fe4456e07b127ccb44e6fd6b2918f57a6523d7f77f32478d9f1bb539846793d4284e2907830e5ea76054802a266c85b122a389eaf4700629036716e2869c0fc9440856d562711e903a1853bc68582a95344b612e5cbc7c5b2aee23cce4161a75829b2048742fbd65abfe2397cc7d66023de34df4f2df8540cce9781ed6482d29ca4e906716c8cc9596b158eb51bab8c2e00253d6589a99b3d20fb494834b42bbffb80e7b0441e356b541f83877736985f6330ea459c007ce8bf18d84e78e36482d581dc7df97528ce15f68e604b4de62422b3aa76f3e7e5b33a49cba9d89fcf50deb65ee45173795393a50fd4c60cf6becba7e733513537d13f89fcf1c4d6437de0eae608fb11d68b9adc0c3a19a3565f6d62ba81a326ec334b239b212b87320c03a75c58dc8f828c4195ed9d7acddce493123e235d098e9dc60f5d3a625e1ff66f245e9977f9630a40d26e3afb6676f5122a88ce5507bd825757d9ccd53fe574fd0e6e728da355403ad664ffdeaaf636256fadc3283d6f15b297f79216833cf2c745c4c5e17d03260a69178f2216168bf8f00c9889e1e35540254f150c587a884cdfc9e5f7d379be474356c06943e416eb0697a1ae989ab4872d0bdf436d9ffaafec1631c9939fcecb84db2846f12ca395f506687b4a5638085bc6ef58fe8e2abe9f8d51f272ee855e2db84a89d348dd66950b8f43939db897c519fa302594fd1fbd6b6e94ca8ff63a7949432dc2d35c60803a570b1dac95ee0a60c62fd18b3319601ad29a156400d392dc9a14ff50af6752c1f6edc2acb7ecca71097b6e82227de429f1a29c5e38abea1c74de06e6788cb1790ae9f0e8ab35afe60b001f45971d42949263aa62519b0d630281a4c5788d5591b1ef5a003c58987e8665701e5b1c6063f93533094e96820f918c354903775ceb6675c4ce9cf940c4beb8845b4f5e1f642bf505821e5a23122e2d1adb82a63ad18cd1e4775a96ca9ef9493d75ff784a2d4a99f54dc3f87828bdff4b3a3d98fa5a29b62a85caaffbace4592a81bfaa5b8bae6606ad25a92a43140690a6003aa2d617fc707a53ec9d868e33596e098773942d798263f58fe5a1b23046cfa136ea35203b90bea2c5f0aaeb5ea8c24b8b8cba14cdee28f45d0278f193228484bcc7e08a75d0064d605d674aca9019a0a9aaecd6ac672cb8410fee4192e6dca7855fbb1c584cf288bacb40707d7e6f8ba2956f6d099f52bc7b0ad72b5a3ffc03c7b47086330244ea5d393c6b9f256fd82d5cb9436a469acc3f8fc237146895be148749f82d39b7ba4ce47715bb393a96ab471665529ab9e9958b12396c1ba7529dbf289184ff0f635c2ba9df301036c869d52d993463222b70ba778e81c8dc668de41c0356eef5c39f1bd42398bff30f959e115c6b386e73f0fe28a2665bd463c781da1c46d6d4ea284b152c8c12426dc9cc467809bfda6fbfbc0bb4793babbf6ad564d57ae9f5e2b7f651d6ed980f8b1174a126cc58b23c32ba73f5031b3fcabfe7bc360aae412d799cc14d8b252d9f9ec9005b7fca04a88cc8ae9f7aefca94137003d5764faa3c7c45670585c84f74c4ebd1f5ad1f97ea093595592fb90e3cab01f98f06e114f13de67cdc36f3ffb01c3d51ea643c25a3f6aa2c57690e42b98583d925ac7b06a349782a1d33c06bd05a82a7aa3dd679326d948d74a1861926b45db78d36070d3087aa9c5f4f42ca57ee9ce7035bd88a85ce1107c8e07e5ba3a62ecf012bc75fbf97c4c72331b55ab9a6effd78869f1cd3f330526f262f7dfcfa2b084b61e90772d5fce8f038c0f72554467192cc8a27f1f53c8714da1864815974b00991f466648478c5f9bf036dc4083d72e8d144ab10fd32408da7677729347febc79e48e7b87388d9b59aefc84b5b3b589fd91863811a6436ed76b43e657f7ee03eb796285a4d93be9aaad1e1a1e81687e42ec83f3dd059b78bb7f8ec70e6c831db5e90c6b3aa511f36507dbc8e7a77df0f5b9ef03bfefe9471de7c7fbe67b9922260d3703d95a5bfcbcb62d830e20c23c6cfddc210e47cb575957d8c3514a2ed4561c738928f210057896eaeb1499d4ddc70f44e30661e780aaf5c0a20c8553f40d7d3ff6d120511c1073510d04f2de544121ab851e98f666906367c21302eefb1aaa723f6a531c454eea0be7d50", + "sha3_256_hash_of_signature": "623eca7df3ded9e17eec0cce71c68bab7247002892b9178cbb465434e9ee0f4f" + }, + { + "key_generation_seed": "5ba8ad9b66c93cde7e7e616a97fed8aa91bc7235fb4db086cb4021877780c6b4", + "sha3_256_hash_of_public_key": "49db17aaa7e5c66035fbccf67ad9e93bd3112bf0a04d656438877d782ea27ab6", + "sha3_256_hash_of_secret_key": "20bc40587ddc39fee8c27d2a5d342353a8142850ce164e269f296f47400a7cc0", + "message": "99b5b6fecdb52897a1958c5c3d1fc2f20b7d045f551856ea3cb441bad9089c64cb9489db6b63e0655afc4c2fa73c7417ff1b80b9c7a1d659687d2c415b3a909ca30e96849d4bcec6a9a6a4311204936ba972086b2394d86e840770d01550caa6ad85adc0ec851d2b3808e4a0e9830b99a70f6204ed4dbcb6759f6228126039607ad7ed8eafeea28d1c3e25a46bc18af7e01f55fad8244f15de36f890416aa09548554338972c5f88fd9357792819e51a63d0b872b0a4d21ea3597405b52793d50c6cd70b52841d53484bcd3ead004cef0a6bc16ce74cb8ad0848000d8c5158dc16625112d1d85d17a3c1c8bbdaea42c3a43e9930724655592116c4c6d0b8b223337ee4e754541a09d898f7fed71c3785b7f8721653986c525bc00f15590616437d11f9722824dfde7e9615f1fb8488e5327e4d8baf5f79d1ff5e808d154951ad87638910607b03faac3a61fe9916ba65ffd16986deb4169bd24a72b1c8168fe569f3c81f93f3ebdd21d4e806f79fb28550912e9afffb52e97860c4dc0d042c56e1bb71c28b68e416874ec7043306a29bd1f4b9a3e612a6778315e2c2b850d6eab9ff1905030fada250caf308735393c191134f3c493d00b5695775d82adb9f2abdad17fc41fbd7a1defe337c2f8adf69154cc0862fbd43035295b1a9c80b88fa8cf75b36ca08868f881966b41fb3e239eb1db9cb51606a0a9ebcd552b2f4e819e2c30abdeccdde88d2d2f82f3585b5143943c929591d20cef559cd2baf2dc7fe03c9e4e084e8890fce64a4aa9f13d5eb945ad7e3cc53e01fcdc192b97adc1f98d9e773a0177e8d97405808ebf48bf17b689bfc15f4c515e38a855a9266230c9085adc9a6ddaed93d80c3f38bc516695d202b4e89da5b4ebc43788c848f8c4a72f79f37f857edc105f13e4ececfd09302711bc1993f5308b8f32ab96fb8ec3f5ea0531dafd0ab3451f81f47e62c593c8d3e3beee79db06909576bf876145856f5f716caa436c98eab28c5b85bc2e4d7e1653ecbb8bb6b5bd6981dc72d7f63ba06cac8197eccdc72c1481db44724a3c21f7fc60661f11fdde8122da5d0b1d72a29952618b373423a892875e6ad24d0916109ed8e9a9a8d9a68acec4bb5eeb0d00eaea72d8d5a76c2a42f18cbdb3d336b71c70ac73d39d7eb04533453779a1f210bb4fc056b4728afdfcf46675c6ac76f750626d642e3ab117e5d6740154759a46c27d51306587650e1039054b876849882e7dfd807bd03e69021e337dd69d9b097722c6d2aeb517d773d2f7d84d69dabe1a1d6422ea1766c0fe7b8dd4d7283f2985d96d91a132b8ba03ad85f7d56095773222d0afdc5a192d29f3bb0c2539a1c99db4e711b6ace3febd58e45e99c9f5a04cecbb309d50397f28c48bb9cc9f9cf75a52253b634ec47216a1fd6358af26501821864569879be1736b0ad242ab5b8ed16a7ea0989ed4cae3567afe1f8209a028db46db0270b3bc06668a9bf5e1bc1061babba00ec4ec37280379139d19bc6072cc6b7d260a816cb82f9bc90897be3025475af12191690f9f400a914789a860155efd2d606a15895378c827f2a4ff700303962fd96db2dcd2d213eebb2460f0b753bc6902da81d44c983dd027f1171d40a2039997241e09ae5b6165b4d55a8e4c79671a8b8bdefef2c21f81c541a5719deb939f866b61be250af371cea7b7525094c904698d412737f7781bd779365f122ee627d9cd4a68da9d5be1b0431998aacf824cdd864c7365c01cd5a5f480b6ac1e5fead8ffe40d87c1f9fce81867157242285c5e76cf9667919c29a67ca0c0a61d7819d9ee6b792250a358f5691ccd80578f15288f3d5d6d7dd6dfa351fcf8df0223f7d1da1b76711fbe0e7fabd30377660ace7b23acf03abc1d973248cdd0897773fb74e20481ebd3e52657c9296b980905ad29271ec128513284f1b78f38634bf84cb80791a0c5649177791cdab87769d57b626f78a03435c758a207f52bd2a1f31e34b6a122b8701cd9fe478c57cf3535b6d51eb46caf794bd69363d5a56adde6945e9788f1e1dfd045bfbd0a68834b13d6b9ec4ea9c860eea0e9ac19c2de14ffbd6b57e5992b08943ea0283813f3f15e4f928b8d0f13de6863990f5c77f130c97d8be12571edcec7deec4b6ef4835f136da45da70a11f9192478fd8b4846c507410fd11668365b05252e68cb2c972acf50156e369b83bb85e62e4bd4d84c2e9ff41a5844d5d88aaae7ded852daa0ae5c14a5dce64c7e236e9b7b60f5b5ad4d953a2d842a52929491be3555ab8df534cad56dbbb86b28a8a86b7bd9ad1c58c87b8a089324e00fde32f8186b2b74523a22904c18ade02c3e965f94624f8df57e750ea6335e3eba705294b76cd6ada33d90fec1f48de7ba9dc7d8d60a53d2563964188874810c45736c57efbc3a3ceee7238aee5281882a554f2143bdf89ed4bd819c08239c187c12a8b6e763434b92c26fdd658b350f51775c60cbab7a2cb120db8ce8ae9aaf6af559f8cade84c4820209cbd27cc09230b22f013a0e4cf8041e4a789a5d20be9914a624ab957318848addb39c9748c8922c54327048a2e46523bfb22487538363459035ba49858f85a469957df1f4831bb7ffa0564c53233b99b596f5356089949306dedd6b904433d25c4854a80590b964df6b0703b4f9628d6b9a4d3f0a4096e9a0b46d6b32f66d563baf688add18de001da62e33c503a4387ce0920ba5d1e8b69c38e3745b19f8d8b6ca5e1ac6de90edb25fc32df04f0849d769fbed3f8169ea1d2252619a2304e055370b4443cd23e56d4934f9f3fc92f1c1eec626657e6a89c1394e56061af8ece3e2a17fbaaa4d579a99a7998632a6ae2683ddffffd27a27c8815511855f09adff7bc627a7a5c95fe57fa3ef81f494fa7ea6e6ca2d14775a25beaf1b5a3e35ecd4a306545d597e4e44301c3d1648f0a7d841f2f76fe59c6eafa3f5b58907fc4e642ecd28d16a71ee3d295f1de12de1485b9cebeb2cc6c9ac051d3d42b6a1a068533a7680a98d015b09c5b819ffc61688d441c1b7fd71180c4423e64ee940917c7dfaa19f3f51cb5b38d1b2b7c81d10e7c", + "sha3_256_hash_of_signature": "c7b30a71f3795941d51df044285d63dc998a9d776c61825fa9e19d7287de0810" + }, + { + "key_generation_seed": "25d957b9bf68326d2efec93da464f43e3df16dd6571ceb1ab68bd58e87734a51", + "sha3_256_hash_of_public_key": "24cde4b8ee46eb196f3b06408d378bb56ce28e6de4e2b4318963ca4356a89eb2", + "sha3_256_hash_of_secret_key": "5336db027ab22e6b930c7ab64b4b9a7bb6e2bbdf614ed7246d8b9f462d040ca8", + "message": "e3b57b208352a820f622a694b7c3f6f297239ef0a069615dc664c02f1822bba48e11e37bd9749c98facefffb0fe1792a386be10ca7b98cc874c68c36f5096d3718dc93e0734d6d6f913e3b958dc1fd1424818c9437b0fd59728ed46a79fb52c737a1d1d26f04ebac279a7ff6a971e2b69576b712d9224ea18fb9bf4e613a8935f3b36a073b01f37bdc0b77981c8f2804e93c395419352b85c8a32dd77d41da9bf3ecb914173e80dd1fc06e8ff5bf0e4f7424849a15eb7faf7de77456ebb64d10dc10fec6254070c7df387397137372ea3a53dfda7da13414af2df16c1e38c5c70a5f5f44f725d622049256bb15dc04a8d846a1a0dae7e765a7f00c498f1d0b2893b8405be4a43fb7e97881069a49134a2a847184b82eb5a690d87baf2f579619ee19a3d7a7c7eea72d6e3fccf0a8092bb8d3c6b551f27e63e762a30b4a4df2dbc4d119139ae1b135d06ff827846901577700935e0011b65461c2ef9a7b71eea33c8ca4519c7bcfb557c5e1d42d9243f2dc34057f5e0ccb9a457fc34dcb10d9b47f6ec3b9550d3ae4fd593dfa3e28c6cca1ff1ebc9d98da8db869f8c80bdbf8ad4684acb6a779ca9d0a106f26da17043773862681c5dd2deb1bca2ca48d4fbb4bb7c1f765dca3a1d991d890b9a8751ceaff543997fae5b128ab2ef22b3be94499dfd9d8e78fb4c82ca8d296b0415e84ca8b5f2024455b5decc8b4ccdc7bc4ee06b4f0c66e6748fbd07e3a3bc5b4b6889c40dc4a97ae3eb43c3914def976efe3bfd84a093bd69102d7b37c89b458a55b98a1974a13a7685d26e9d816c79585bcfc1042c2af88534a9fe8b0a6c8c44355a6d606f902db40d5490264bf0f352c27355633cb095268d5b8bec985a62d84b2323fe814053f05dedc22029d2998bd0bcb255c162c4bc03f60e3580ac3ae86c37850110e9a1bcbd75f64a0dd60b941e2f57da9d72498b3ea8324eea53da3895585ed2942b9140f260895dc6a1131a4c3ad2b64028bb8c0fd67e1be4c07f808b47daef306fd9578025f9c639660075837b2c95473f7f860d6ea2c53f4ba677a2345cf212c7757bb94f1a4f76d4e96625f6fe051b8246d1b7611bf6fe325ffff8514d2f9a3453f0e77ae8b958ab5b567e541f156c6f4d315b4c3c547d59bbd0d7403e2e6a49b9e7d3fdba338ada41875ceb03830a846a1fb266c0f1228aad2b76a2e3404278dbe482907206fa66487ad2c999867f870c8cb7a70b83437e14b9e893bf6b391dad75e84588e882246d161799adea63adf1ad706c0a3b76bae595d84b21ae9da30bbc0856987f2c2c543d977747b8cbd5a613b92804ecc5284ed23650e9dafb4b76d63f069710897334f18ea6b0cbf99cd590a78e3b050e1bb24c86d6323a17106f0cae3f30b01e4eb3db1b5f3a4771a880c8ac06bcd5a82d4103d0452fd7b54834c1cf8595dd77f82d4ad9ebc1cfd0c9a8cc787e10aa4d1688474208b69ff7ad4da6986e5f62a34ac3093e0fb1efe8ae3a96f6aae09b0e8f6e7a2b65c7387999cecca43cc33f026dc19bbfd867c48127cff579d1d71aff0c4a0e20f9fdfd599a6169df1b85f6051e02290df6f5ede4f29bb6f0c8f806d6850c6534ecddccd75bb8e4a097c70445585740f822e5cebb0e19eac82bb78ebde2ca60a810ac6c54119fd6427da8a0155ef48653515a919b299a306fd3c62b505a6911db2b56ca2f296e487ba02c546eca2783ade8e46a8c78eb1f3d7c04bb24548f92383e475ce6e572d8de1bfa9b3e35d9bd6c79547b592c95693750010a3d22cbb31aa5a4abe94897831b1ed9287631f006a735c36bc84a8c87497eea4873801a733f35b328c7d2ccbe4a41c193d22f972571ba7630b33080793498cc85e6eea1c412914459da175a6db8658d0bd7a823fab286edc20c785c40bfd539924a24af4e3d37bd781353677c76d4672098f5bdd17017012571d9afda05a40ab56998e40f5e359c43dfe32ca10a45bf08f67d128c24b1acc03cbac46ba6ca5a532c105e91e0c77ed59fb534aeecd68735a4978177bb5a656b9f83b202bb604d61a24574c16656e512c0a4cc6f597b3268573e10539d1ba775ed83bb680bb9115011c6ad43fbb66fb37c467249060a1586df27b2cefa65265ccb9051e468000ccae24f08ba941a8180a64bb624f146c8ec562363b32c369f62997c4b1375dd7de64725a598529244273caf8398913c6fc01522683cf1f9f965c491abe7a554f0019514ed98d75eb8bb8565f77c195f629f98163494b4aa2674f92a41dcb67edd1d818a5b98993d0b1198bb6bedabbb486bc6fde039433e842bac568a5b4eacc028cc2544b57d8883848dddee2e967ea85a6102bd0abdda41c3d78447bee1d4949449abaa9b3377e8cedcf04a500fd1a6916e26983e64b5e96fef87b32a060444d374409262453cb1376c349a8b5d1767b1e2991a1a6044e0f58831bd11f12159675d215d7eaa74807c995fe22017e30482db8a4b09ca7800822c75c92ff649fc0728f5a1d44efe7d0ff147274152d5f2f60342c8f5f951d8c95f83c1d54613a182d9dca68f54fd55047f1f90cfecc04d733dfa82cff2618f29a4db4f7e1e59dead58ca65d07cc90c25f804a895d6a82f9375451cc55506d276fbf783f7d4d53b9bfb83dbe4a8771afe21ac543983d68034badc980f9434527f9edaa2e228646fdf75b44899e749cf4c9e5b345222385a4424382603ad6efc24c56e769028f4394f2f6220a9b390d395e412498e57a08bad927b8bd5d76e18e8feb457fcbd3248d218236b07783e57fbfa03c292a9f5719e6aef2eea3fab2caeed5442e89bffb236cb13db2cf9c35a38c338c377c475daf45f8ea822f9aaac13425fbd43d3dd9229367f0b3687d7e82ac5ec2fc7cdb69c99a4eb1b8e45465c6a53f16ac0c4e0c970b8c732af515c09eaf25596f64a04ae4621037b8841fd2b1bbcb310ea23e122b0b9ab96d8f7702952d0e96e4cf79c2a30df0091acda91479ee2979b0054997c48f6a0e909bc52a943459af25553969eb31ce7685369a7fb014561b4697b8bce220983136e5eb2303cca4eadd4c6cc74ea2fe69d448ae6ed953a80363dded5591b27a1ea956df081ce99aa59dfc789d9d8fae952b0737099d467d", + "sha3_256_hash_of_signature": "7b5e808df9a18cccc4a11670373e777d8321a161113c8156358fd68a951b1b5f" + }, + { + "key_generation_seed": "24f0cd3b05d964f82d3702bf0a613139808d49283286294be57e13a983c3c961", + "sha3_256_hash_of_public_key": "85de17237546c9fbde03736d6c8216706e04b94efec0468ba42c871f2e15513f", + "sha3_256_hash_of_secret_key": "8c9b50508491c4b943856ed4ef7a407f173de525692f42c62d0d64a58f45170c", + "message": "89d960d04a3df6984276a3d17d59af9e72b25418c8797170fa701a672c5835ceaa22dc35470d038c6acc5082d2ae329f36697c91cbb1f9e42da59a654462bf19e04352192778cb050db6f4a656f6ab0bd9641ca8ce6c1ef8b020a3d9fd9dff772f38926458bda6e6072456e506ae464785399ad7b498afd4c211f09d0c722fbd9e20890cddc8c6eb9ee75390e6d76d0672fa64d8b97c65cca46dd1f542b6d6014f035d2817c4b9430ac8dc318cf8642ab34f4c8d71fc0e3b1fc961e94b6a84622876250fdc21987777360784d9a58f35e1c9b71f30561ed6854ee9b112e7b20ce064272213bd1a46d0d19e5efafaac7addf4d7b7a519d689398eaf1e67e64ace8e5e89756377e1fe458d04e3df7f6680f8b69815680276acdbee6c8e1aa909ec56994f3ef3b65fbefdbc29aeb0ea906274e838cac36a0607716fbc2b8da6150a4ef39e1cd9cca72915007723c5d2442f7133258234d18a257da2c13e53b47dc6abc2d607b98e351fcecee8ba8886821985bb3a7bd02429ecdc5a27eb04d01dadce88a324ae44f567593fbf730c284414056fa33ce90a6d6f146dbb1635bd26b4f883d4948da47216c70d2aa58ceb3979523c6a4f2f7ea455a97c7adb6c43685d63bd4c51d7ddcb81a06b9bac31a7b255b94052d686128d234bcb63ce713028451b18b981b83da1246281fc3bd2b06c741cf71979daefdfa0fd06fba3722ff7bcb2821fba964fbe9f6467fe583c06d3889a40360a7aa03358175ee75eb8fd1d3368c30b5691776c163764db924fba2362cc9572f642cdd2b11b40fa2683a529ec2100dededeaa70a1e639a71d6a96ad31f70a00fb63875d0fd5c21e56ae57b6e74eecd2ef34bb3e20be5a1f9f1f54955a18b4e4e4b9119973deb76a2a603fb6410a350667ece5c1c147dd00b07a88a7d0e86aa2d747a867ad90ba6660c7a0432e20849ef642a20cf5a20af7e34d139b39dd65c65b36750f17f0b9f1db06cc6e16f10eb289f567b647454a581604f381d66371238ab785585a4da2d00810ef6851a6009025fcadfb77ff7996ba6b091fe4130733466b29fed46554febc2ad291dd966bef4d79a9e04014d3003c95696e8bc39892ad32db6d6ad22d33e931bc87f78114bbbd97b334bcea676f9e9db23c0485ec06d8f37f070c143117b1bea49f06e1a2423d98c12883d32d29103f7699646e7091d393b21a260703e17380a1bd85452702c3af7df73ae7856a1c066013014de62c3c817dd74c44aa436a71490e7bdc6b8b74bf61711fdcc541ad7dc49cf4c3ec154879e048ff30df25065b5641367cbd3bba19606a9a27a64055d5d3b538fc88eda66ff9f26e619dcba696866de54a8dc8580b5b28144f952ffc6dc543e98cc9fd7f4538135c0f4deb4bf892266dcc48a4d1ddcf407be4fdf2a5afe4a0105a20ce2b3d9f48d608de2315240875f1fed696c49cd8d4a78ad26f51b3c804949c536ce35c3963dc1d238516b3f2d297f5c9939a946a0170e185c75087f37acf907f9e3f87a2b15cf81c7ecbf2165f0f3962d11e9c6a7845ecef432ce9e1fbe74c77ea1057d79cb595d47a8ddc1d911c6b97af76d91f3515081b95ced16275decdedced9ac790d73739e35973834503133510dbe39201f9b5c618231184b9dbafaa7ed6623e8bc492170812444db62d4f01925dc4f821c0896a746b4453e93ee51844b311b0a0a51601477bff651eb5ee331227a2e9e49f593eb2988e449e750e990a8a89906efab00e0955c81b6aeb160313007b481c40908130597626935389e47afcb0a20146f0c7b29b567e95d59ced7fa8023a2d69c89443a11e7150a03d09ee6b0f74358141d48e9bcaa3ee081c7d8f8c223f4d48efb3df8a4e287fc5b90b4fd251cb616687ed09ab1a06c42eb9d6a578d72e99d499882d216ddb3f35b0a33d9f2d3d4a700161a5c3b5a6729f197479e78009794aa1be3c25e0b9142613ad2ea508acaef5eee33dacf60cb7a16ab38d9f3cafd2150081b63a3a6ca0163a25fe81206a37a0874fd55fa3068b4c1b25e6325fa56646ee5f3431d33d0bc691c134ab306b0bd2d1087f4d898a529dae08b97683fe2eb8abc9095d67b79cff0e77404c1f7ff316c3cecbab77c710fbf961008047af22805d77eff79f815b21d142f517da2199f6627ad9fd85aa24e9b7f40c7796207a82901c7b5a3a42369a9bcebc24ece13a3ed064e4e748bee2890bb21b8e4845362be9aee46e25418f7ca38ed087e46e24f12012a1312bc623aaba6ed227cef116a3c2130b4b837ac77d86f8ca3553ba0cf5ad45e9b4e4e55059f1d4675291581d7cc9e5839212afcfa897e90cb601cb33a4d2241a5ed5925f6416be5a43d4767fa04f701076ad5ed5ece2d09b8daf11b00fedd2aa2e748cbcbe365031394ef823951ebc52b3e4c79d79234c16575910c29a35eb67c624f7504eeca3921f461d7f95eee39638c402481df7b59310c4554450789dfb28ed1e485c0018512eb05f14dc7a3db5c0606f9e28420d76b8f8534d2ae31aa01e90a20e248a7fb3b72ea859031c67f7b2b043d38f7183165a42ab28c6308608c530a9ca98f82c133bbc313fddd2109838e970dc9989ec14df781a518f6cb56dbedfc1e381250c64f95d0be5f37515437673425374d44811f4406ee2b5130334ba555839e61ae623d283c77247d2ef8b22ed138a526f7e41dfd41fc69a2839b77b51c6fd96d97d3ef8359e8725ba1afa80278fb3ba9c697f7e2bbcc5d3f0f2e61bfcf542d3160ede02cd6295fcc55865e7890342572499347df80ec073a91e00193baf804b884e9cf5c43269824d4caf7eef49fabd8bdc5496d190263c96dbcd287681c19b90c34635ffbdfeafe0601bbb7514fd84896a22895e9b21faeea372696e350f13959fc23533f3e8c34b17b595f3c935e37220aaf644f3a565114c34c7b85f1a3e465470166a62b13adb00a2bcd5a9a3ecd59fb772f09dd6a6e2ad12fd54ec62cface0022f2ffe3eb62db0f4d0f0f9d1fd6f3f11d76da868d2c1c4124915de19eacffcdb31f7ca018b6976260ca1bb2c4fcd6b9958f096313b608e208d875ea5a1fa89916d0367edc4f8890e93f1e660aff16ea79d1e583007e693bf06c172105b3dc24117dd921fb60d3ac0d2e5c89fef17087d885a0794e496e3cbea333cf72a507788efe", + "sha3_256_hash_of_signature": "13854559488d784606e36c493fb78baa64ae9f11e7fa9866a4b2d7c0ef10ab9d" + }, + { + "key_generation_seed": "5ef2732b63a1cbd2cc239ea6fed62f7feb3102715a5bafd8c83aac33702faccf", + "sha3_256_hash_of_public_key": "f52c281caa43f3abe45ed7158ce2aa658ad1bcae5ccda39a7aebd0fc58683792", + "sha3_256_hash_of_secret_key": "82251c15e624e1fc90f4f4da489dca4a98125d5b003d22fb483f4ad33e124de5", + "message": "8337940ee74590eb25e52e78e8563a09cd2d45f650f48775e3e61f9e3509cc8eb7e983310d0185359f66bd80e0da1e45a6beb53acebb9030e310e81a576d0f80c64fce1d1fd77dca27b7c6e02b0cc26edbf496ad2e3ce8484e988e56bb28153587d7ecb02fd8882545e7bf79cc9966a7fede93f7e9451bc48fdbb481673d1c4135f95d68f40f4b4f847345a320fb4d736bf5f9fd347435462dd3a238e4c799e7cee081107e11682c7b558b19177522427f1d269fad81b565be538e8ff2d7193579aee51e50974bdc0b66331b59bf496c87e4f6e143754076db516c9c538410fb38a930cb5ba1e6610441126d01c8eb5f34e2e58424b8b218d9e68c5d8b4f5258eef07ee0aa5475a72ccf363d47d825fa524c16c7b7587c44864da9e4b267f738b87f7e5701147f550cd38774b17de48e6969a0dedf334fa67470419059c4d1607880cb12fa9c0ed23032c7e0f325169eace7daccdd4c2e5097fbba859970d7eac4522c1fea043c9278c1c89fcce95203033b4cea4f9f24b55ba6b79ef88f275310c6e48189efc1eeedab66b56b6bb028726bc463d93d742492841e85d5c837948978d0fadd1c172f8859c802c6be8394a05dada7546ee1cc5bb909d3189088f4fa6d07c573ed7263c081720e701d5d4b027ae54be175536f3bd5e91993cc040311a7d352aa26414cae30d10408ddb44e8c9513f4619e99edc894f963489876b24bb0b91bdc3ee5b78ac0d4046b2e864789c0c779e5af97f8f84f09a26ff74b8bcde66c007970830b70c2a1122dc9845905c3aa7810b40641e8bbb398a23bbef52bedabec7bb54823e64177a73786992dd67d5c007d770938402efbcb3a60281c5706920a9eee4c26c0b251c32b9e1936fdec2928110959e99255508250fd5ba84b4fb314187124072d30fbf2163d36f1480ecc08f7fb8093bfaa72f1914c63533ebb3a57420dc38dc93dd6ae4d197fab790c1efc1b7a2234522e0b408d0648c7ae782f2f08cb70b96cd76b5089af1ef4ba3a4c2faac363a4dc1c6c421f6ae1e9b67461eb02f36c25e763f1a2b73ceed4dceddce619cb313d124ce6f7ac986d6bc344e630f22cb654c1286fbc0ee01c968dadd1edad744c8bc828cf5f316336a5883166ed000ff98d6ce2ceae7d3e40bbc5714f71ba9e25e1506d644fb2de2fe190d327accca79d9b6d9db505cf1853e98f30e9ba5e568ed83e2567c936a64420c5d8f07ac4f65f38c28e88dd7b5209a600aeb81a6d2afa4faaefdafd9b7fd3ad7f49462cd577204184f9d44a45e2a909373ced24ec0ee56bf2e6675c506eda67b1e6dab75cbf1822e20e7a8a81a7729b42a6d67a1dd457fcd19b62f048ab97b3d694254e5c051fd2daf3d12ad627ec37c22117bdee9eaa290d11d56baff0de1037eba908fa03e2f869fa2b27936669306e8e70a0a4910a123f202797bf1c8fe47178bb1e8e8d7ab1c01f30f5e779b2bc99902df15185fed4c865997ab72254162d00858e0908ea95a9acd0fce72e571c7a381cc33e06a27fe6a5922775ee82c973cc3ca8a05717608f8703946c9a89854d627744da475defc1390dc44fcc3a23c47aa8af17240eb1a1a00a062d258d471f31333d0356243dc1cecfc559378b4395f01a970ea4074d5666b44d49ef291ed15930dada66765b165cb8331cfe549c38cd0672f534be60f4d9b4c125ffe747670513b5744676899b256b992e15106b99b794db3950582816612144649210751f3d0dfd5b25cd393e724f7fdef00756d0c8540e8891e592507599b06edfa6ebfe543084ac81858f5eb02d8f5eb8a72184851e8589a3ac6dfe1cdcf286723fc4c1202765fa4f783ee58c627ed494c7149bca6a4ddb420827cdca82dc42515beaf46ce9d9ed524bd00ebd3094f770b1e1dd09fc431e4c244d2305619dae208e65ef385ea92f5a79f12b99afdaea79c9d8d319944ac6cbbe3f1290ec6b87d97785e059e6871fdf239bc404021cb52064b88eb4cb3fb6a871b0f76c12d7b8c5e8fe0a65024ab5b25f4c67b6d15c22b0005b754cf7cbec898b49f4326f1ae4034e5f5a446a96ce08083d48525a3661e10c996dd22dc34fe570a4c8817d10d750fc5c2ed0c24c7cbcba5cd1b2680dbaa3315fbf2ba7457abeedc96b5d111110d4678ea5c7851d25f258926b0b028365799e940a6e17bb03cb332fbc6d713dea7108fc6268c8d33e7a578c94ff75be808c15ff7884f092c0e309f1af99b1a7314fa0f32c8d8e32b3e9d92c9c8ff6b8fbb99111529c4be3a2a4f62884373d0903180b4deabe613de5cf19415dfba7f9a46297ae2f21d7ea420b41f628fd8deba55207606539d11791623cb325f1e18c98aac27283bfab2408f4fd6cc58ec9e306643ba1c0c77d84b3930263e5a76a1ce94f3d7721f0098d54e6c990c3aff69b6a0d82c853ea2af2d3d2b3e96dad59ff873171b55d16ca9a7c68dad2e918174d264919ddcb4b9d01ce622d56c599bf60711c74315c918a7bb97b9513937afb6a652da68b6b0b34e316d7be9f5c282a5e8773c892782eff220667a6a54069c37b88eb1ce676aaecf2015e59fb7af4d30c4625dd8de4805f505e83c877cd61d2a0ba65b32b0dbdfbacfc88ca43e4ddf7a1a4517dce83b7b8acf8dcaad28284039747935865daf8dcfca29fb676ce2eba2c509cd75588fa5e58cefd0694626c9bb31c3afc372ed313c9bb3adc398e89dbdb108dda63f9380ebf9da17b378451634682f9823e209bf10e39f884ed270413152025cdbf4875c121b1e83e12c044453ffda6d8ca2c240ad522577c6898ab6f2abe1fe77f860939408cd193e605f87ff2248fa163ac2fc0f39bfc38503b23f5441e0e364caaab890073266b3b51217661f5df41c0ba925bb425ab3dd7b6a3675b7d60d0290131ead53a4eab0c66baa83f2fb77e74c3c123aba7731a3f62fab8eab2a96e8bbc911e501cd23a088e7887a469284e0b5c27b5cbc1de2b6938cf1af58a47fe78141306cb76e8f2b73620bc4549db6826d2d72873885f6c5311eb5b9462bb4631d314dfb9c836c6f4d9eec6818940c04689cc4d8d11ed9869355617861340e722b2be78197746e2759aaa8d68d1965888e89b6b0f5bf51f94e586b2cb8708f4cdb520bf31ddccfb7cb69e29a7ae8aab12c11f431de40fb9e82eb5f2b6ba1f9757f1487b63255fa69a755601c2fe17cd1892d5a6799c35d05098dc133bdd71318667d47c4671", + "sha3_256_hash_of_signature": "81063ce8052cd0b3f1a64897ae2e5a36395133313af439ffba3c050a942bf05b" + }, + { + "key_generation_seed": "6a27b1666ab6fc4483d14cf84ede49fedfe05bb24e008ae8a01c52d83b8d40fe", + "sha3_256_hash_of_public_key": "daac3e14249b1a4f1fee8afb1f00d838e6b22712580d889eef4bb99df67a72c7", + "sha3_256_hash_of_secret_key": "d675b73a63ac09a90948b87f139f31c0690eaa89dd01990e3be11f200678d313", + "message": "62215248e1f3afb19849f758d742f8afab595040c4dc520d603c9a80fa9cf2e97e4f4bd7350551fb667d606bdc31a45d88836cd376785c01f9007d47df95c1f4d1e30a927a13525409d91c9f5145c0b86d3b44e933ca81e4ed9559ac17940c61eb85b2d26d2c47924ab80acbaa3d9b1c8855c13ee45f5c8047c161aaa5321839a01783b21a5ee90cf91b8285c4779465b7a89de3d74d482080f68eb2d8b47429d5475356c50a92b3acbdea5786f4d6c2a304ab500490f84fd1d0f21acbea325d62d2657f3889b6f591a7f63d8633c061cb14b8266a7fe17642dedf1d08d9ffe369126cd780d9f99fc6262b5befcfef35d33498cb2cffe55f2f8d567ea8687dfc6e7d49a61fdbfe768c1d11bf5b3b18ca52225b096490c97cb9a0b3b2ca0762dcc36b60f7d26fcaa4e38b1f3a6279d889323010d9cb0a97fc488e09b06237e6eb0166465c2cbc2b9cd06f155759b6c93ca0cd3178845e0f3a2d20a68757aaf3c4e74545494462ccf28f6f51ec0fdff4f1e6d98fc5b63bff068fa7be1764bcf14497e71e424c9389c5dcf8c5ce1dcd40b82f1d75c3c3970da433a92a04de958766ac5eb3645f4d21882f7071383af8dffd6cdd91b549f143dcf59fed6674441eeb03d5013e90adccbd7e3da115535ac855dbaab7f51d70630dc00009e726a16deadb12047d85906cff315c73ee7d4e24c9067e3b772f3dcc44c25c7cb8622fdd7b8ecf5e9c877838d71d500f864a662619b1478f8ab4db2dd09a111acc99abe737ddbca06e88926c4e73b5f5d21eafc4b11938feeea5f8d5a4c616a342b54c9ce371817aa2409a55a3237be85a50f05b33d35aa86a62e85a01cf34ee7dc840a26fa1b8c6b307817c062d9a2e7163a3b036874d2abf6531a772d4031fdcd59ca79fbf442cb9155f90148dc3b723778e699c6985634185c3ffdb966adb80a3d1308150b12964142498466506bc0742783c27bd3472a5cb45021de066c28143ffbc82b5742be51e93bcfde1a61e661b730d8760e108b80c859e4b3a07d483a6a8967e5f01b03ec8b63a20c6a03755c75f419558878a5eb8bb0b2120f183e4becd4a104eb4db62cacf5f9964583815334a25bdb75724e549211699ac3bc9b2b5f58f1fb33429905df81c9422f8b84e95a7c36dec6ae9b48d4f502d8ab59b69e9d112693578d143a3f111ef00844303950f65ddeea6e30f1286de16546f90c4364a5c09755af3fecb13983c418b2fe4ac17bdda57e4d597e8bdccbfbe4082c446fc920e5145bbafc67fadd9799cd8c7714510da579516ed39b3e22de319977fc77a9ca61ae8252795d11724aaa866c1ffdbcbc1ff91af1b8713248864a4e8b9c59dd12863245f5048110dede7fe31ff9836715886c37e9642dbd6c668ba7ab8c2b706cdd58586eb7227b5768c3509c1f66493468859e275700ea38ba69064179f6036d7b50bd232b61c9b9659492894c0057dbfb80329a76cdc57b2a89bbb910483301ca0bf6aec7d5ddf86644ff52f48ff6c7cd00406cacbc09aa251708baf3276a52be2c7b42fb6a9036c318529ca98940769a67dcd532c0000afb5fc63ad2303e94e09d2cb40ccbe47faa1dd22ecf528179ad40fd4bfd43717864149243d61ca255344c52743200ed8385a7ca6cca24cf967d23d07dc2a3f9ad5f3240f4f022a6c6cd281b6c492e8d144a2f4641957ecc65b32c9f74bb468524ff58f0f3da2f5a56742896cc8f99088574264f857dc67cf04c4b63c6a08fc534229ca8ba616cd504f969ea6e3c98a517355f98a9e884062805b77623239074206e01ad2f3fc9fe9ff8254a5d3525c3b2f0a692803500c967a2e18511ef5b8845dc4b0dee9338c38c4b1b8b84ee63923250eb6f9e9c272617c7895bd538a6f34d3557812bbbfab2b8fa6eb5e95b9bce33ad3185cd90dd536a68639022c079b5ca7748864d37d45fa6780a45aa991f28bc0d3bf371ee2ff0c913cea6db38e4a278a4840ea1f255f8e83b6b6c5e260a49d727aa42095a88cb8120b51dafd764e690102f7fa07cea2eb86ac613e7be2f498f5767b622d04e8a6f272976fb058c3334cf8caad1d180e3456c210763c974e431cbc3e25ead8b9ff9243628d5b08d92cbf1d5df29a85b1a04d2999b3c669227b33610121d543cf4a978f8d9365c0ff8affa92b07fc8c8604a0f357f3c669445685b6a29898301a5afbe10ace8d64a47009c8741d7ce82e9900643900a3b92a26fe5f24886c06ae0918c3f2523c320699c799cbf72f0ddb08a0f1f63d6dc2f021c78a9d44503209190ee4be654663679cfd292292d71fc4ba6233a196ef9e95cb965852773404b2622b565bd91fca6747aaf7f4eaded7bd3bb53645381b687ae04b8d8a9bef1095eeb39a0beb4ea89badb4655a1afc7eecb7da0d670c192297cce0b31bbefebfe94c84603ba8c0b7cc73159ff59c01a037cf2c866dc40d88432cd6c2f1989351a4e41343cacf7bf2c2b395c863709d6ec1dbab2af514cc771df14df095dea8284be2b65097d8e6f72ef3936595384afc0026956e819f1657c901b92644e9d6d32d0d95549729b2cb3d5efac9c42a5f284abc3bf5cca5b08161b09d9a48ffb2996c3d4383d65b8d1f7fc3248cbe84b9c05464f4a76efa005fec342edd56959cd26cb0dae1b61b0493a4b68eb3d6335bbc280508f09d84e0c5f4ef520d92cd34d69e5bab76df5d2b72cb41a298d370ebeefcd6c1904b956458bda581efa6b3654be402ac3a971603f23f2b543c5beeda5f018543b72c146cf04680bcea31b4a238460329e2bc12f14c804fda3494c15452223d2477c9c8a497d04eaae7de09d7d7a879d3a5dba565ae1a38f15e69c18838c487c0fbad44a068c42efb7d3f5ef488f91c42f25ac564751f0efe0ece7d98bb1b3d0fc42c9756f4b8f9daf1fd0d414391155285c8daeaaf380bd07e43570f14e9a47a87bc733f1e676233f17bfb71aae464aed68487392d339ae064ae27bd57f8695f493ae56ca96c0615bda8da37133dd13c2b21da189a7329773fd8d51381bc118645440b28fa4f402ef84c4091d3a0bc4d206bdcf9007f5de9aa1e6cf7f6058ac6b69fbc703e908c4221f9065147766e48f54be4b076406e2f9ed19c1be982e636fd02dc26267c3ed989e6ad1cce62e7b988fa7c1831e5126111a4c3c29c38a1f96ccb3a04132175fa46f73c634ac6ec741b135645abf1dcea18571cf9a539f5cc935bc6d32beb1c7b8b3b5a141146ebc12dbbcc17bb4900cf0b95ebfaa52190afc6d8933cafc9", + "sha3_256_hash_of_signature": "5c12f8820906243232f7168e98bfeed95e3164490b8f36465fa6058cf76db1fa" + }, + { + "key_generation_seed": "2a855572e7e2add2888022bdb585b61577a75a31aa8acede59acb27eeb2936ae", + "sha3_256_hash_of_public_key": "c7b06be89fd4a9baa5b5369cef791a329592421abe733dc8897756f8eb420a44", + "sha3_256_hash_of_secret_key": "e548282f79dcbcf0849cf95699966733e664c467ec7efa1f169f4a4a9532e79e", + "message": "954511394b9d10e1ba162861802a717e24ee42a346c9ed280c88e267a41ec09d6d73b6076e7e30257bf265b71a0b6e0cf408f02ba9078811be94d0f38559e9985463fc9671d182286cc4f18cabcaee1a3e5abdbc384fb27911168b54a387171c0524489fdf512e4d8d2f65050cfe7405d8df63a79c6e42a76f4538907eff4dc5870095241523f56fe8e389ebf1a1cc47ddb9f0188513d5259be257bda5be7381f22392cdc2406e0f2448a80f3824f2670f61920c667499de899f0f6b397381a2de66255e061ab92cd864de75c9db7cbab9fe76ac38e0ab3389530b4004055268b289b40d79b32e5ebcc74353510bd1627e2d5dd0be7d3dfd04138f6e3ee7526133dc70490612eaa5024be6fbefab24e1e83d8941a113d8b871f3dbc3011869174888cb7a265d7de9ab99b999c19af9b442ebdc904fedab52cf40b787aab35626417c5291f2eb892f43e698a8c65cbb6442a4832f33920fb2dbfc50b8e996fb227f2ff294c385a330957d2fada9f86839235ea79ecde6d9d94fbe7c79a38d40b9a8f241f53b921107ff1c72624c9600ec04dfa1160f1fa9e5d986a5a363e9ce8627276da73f5db47e4b90328884cfe93194cffa6fa680f77886e4a7a0fdaf13a7ddff6984b8855e1f58235babfd5106338fe2b075d4f10a9fb3d3c5f829b7c61b02b34e9bde6e62cbcc3ac9f467a6ca170eb43e632ebdbf6847f781e2469b4740fdb83da34ce34a286e3b363a72cbb13eb66ce1de35d8fd77dbedbf45c44dcd16e6b58a1699694d9006947c8c20810e85e3ebf8fb2c68b967743642d86556ab6958e545ab83ec24b96f2b4bb99cc8890c3c1e0fecce26ce09b6d99000694f870af9f642374ff0bbf61efc7cd5aaf5667fc3fe5745dfaf7f13fed70fe070ea4c09cb1a92d8b7f0dfd4b4a4b7dcf4ca6a97043bcef6346f1570f37b0eb48db8d15c8a82ed69b0c7833d6c830414c111c987471e84d2ceb5bd973dca34acd3a65d7b1a502368941935435b78b8f2b74c2bef127d96651247bdbe68eb7e466b9ea2a64a13c375103d7c8f7d30a13cbe184bd1ebb19f3274e645f5c7b82efdf09233d8ad146dc0715266963fd3cce6f8cdec20743bf1b7f57c101ac24c64d568923203e1a6af03a700f5a401ec4572bba528e284c151f1d108f7563858011fab32b3776cf2b910d7b21180dbe75742032791018258f4d1407c9a213755c5c91205352df919b6f14be056243df6ac2909e52c9a79f6917440667719185f1c5f1aaf40d873ba22956fa0bbad9c35360853333a10a0841d9d2e758a0b1bc187f6bbd31c41b74f9eeef1f7a28bdb7ac3d52fdc6fcb3ef0383a06a61188548963e552716d2bfbd6c2dcde496d06615e86a5cdb76a03bca2822aba85ec6807ebb6918ad2948d193ccf74f4bdaf7090cd4294c1785dcedb6b55886a848284a6a4a88a496800053e84a9f2dbf6b334aace11a5a540626716302e259a64c6316ed543806b3bbfe37563897e83bbefa570312df908c1786df0fcf55069edc336501a5ae9d4bf212d56a9cee811038656912238ae284575ef8de1285b763ae54adf44f91b6dd9e309b7a7a0ab71ec2e4611831b3ce1c9dc85cf907b52df7406b06367e7a43dece72dccc57d268820ea021c27056e3c6b50e7ba7a59b53539a6b7b06b35051e3151c23f3bd3c889b25d0ece1fd0df1aedf657fbb096ca1c861acb0158501ea1aefbf6dad11bdc325ac1ced3739a40b7a83458ef4f3453c0f6eabc1a48037809a90480df9dc4ff07daddc58df2733d49a4fa53c2a41e55a4a0167c6d33ba6e752aed3a125dfd6a0322cd235254505d7b3ced7a0dee7eb662acfd30f8b79d1a872998cbcf15cd86e26809e0d2da0324ddc90fd12caf9d8e4eda437fe4e658d47d67c95927c4b5dee965b940ce93e6743917296e10820a7101f8f633c93069e8b569f4625afd4ec61bfe4549fdd06c2290a91ac0fb40cb1f55dc8bc1fe695c73af603840ac0351f5256e00555c984e79a09e58c566d1a117b7e569beb5850fb491fd9b982442b55bdf53832aa65180dcddc2f768b1a1361994de8c25f3608ec853d5982e0afd1f9fa70170fc3589ddaf958dd840b4b502f8e2697d01ad7ac2233f6a16d540ef8d232887d2b4fa727ae2f038a69af3dae69eda8ef6bf1e0b67d811160b75231543ec5a4d0778b7b42fc1dd6732385aa4400450b3caeefdffcf147635cfa4aaa53de4ee3035bc40ce8670016384bb877a86a15b59f3df0c5d624d3d2b23ec46913618c745330a96c715c6f0bd096487e89b917384cc30b3d20a332f1b4056462227e98af9874ff1d18df2a6bf84ae822ee737f9e34ee8c69f23eeb9bf38ed056f499545f405759355c104284a6d08a9efad8fe28288b2084336a6479a6d42404f3e6ff3ad1dfc63c8aae971af11f2699f32f57ad29188492ce07bc1a271035b4d13a686efde5572353283a0f3138f6dc05cc35e5e5057c5c8b9e12b0164c0915adedf40a6e23848fa59adc0e65bdd2120486942f232315fc94b4676751a35aaed2828889864c4cb7dd95a662a475733c2ca8f6997a9c822c6c8b9dc95a8b4c367e613e97d3ec6d6ddc2f81022ec21b3a93244e3bc8c2737a7724a3cbd480b26819eeb2676fd383601d79fa266ed3f9bac2a98ff0109ad7e43e33e108d88c09ba82afcccfe98f50f789109d99dcd0a2c61947544f3666edc621b5d5ecb7088b2430a611bea52be7f5edfc6e2649f5e81f6df72fa9a748bff06af766a60d2b751b23a8aa95cbf733359f7c0cd19b1482a6e6572d1570349c688d78cf8b8c7dd37576dc47a193a2c2797d0af7504dee303823a8b77204ae7b6e91d431979798a7edf435056251d0e3f26b2ca16bfe3422cea0398d30f0a0dc06dc8a93d27d13650e5bfb6ba04c93faf0d7d06f99fe4f1f52a059fbe808179515fda48eca714f0947fe9a98f02d66fb0d80952411cdfceaef6aba16d92b8f1b82db151d7dcd7fb7781ec55f4a86c86011fbb9c5570ee76897e7803036e2fe3cdc2d5ea7a613897f3c69a6ea734e3811bfd15e90d7256a0c0c88ceb54ec6aac151b435cd2a870e4a02087c2b847c75b00b44bb3ca6d4404c3052bd308b8d5f595277592d26f6d5a2193cd4d650bf931fefb9deee61032b29ec0412f38e1cbe025b2891c59574c1450d9e3d8ef27940ef712143f06f38ddb86341a7fc781e0fa8971dad13aa7e93f1858c70a71a40164211ea9f6a41ae90d19032c2ea52c23375ce3c4e59599ecd6855213aea83f8dfc5cc70f58a62e4dca17c09705c0c099b29056592986c03cf5d67074735f2bea", + "sha3_256_hash_of_signature": "63a908e022c7f6ed545fd4e539aa68a45d5018d905b40dfe21d09003136b1779" + }, + { + "key_generation_seed": "7967e9de70a7f95e69371f812c2fbf932cec07ab4c235ae9e8a6799f3f537d36", + "sha3_256_hash_of_public_key": "17cea86ac1b2c0aa31b9943f4a39aa89a8c2b4ce8595753535377a2496a02914", + "sha3_256_hash_of_secret_key": "312813d92c1a60530c245ff8ef7cb28dcb71f65167ceeaf78ea8ac344d7884b9", + "message": "326a4fe723be9363acfc000705a10b6cd8a7b25e99a34b4a354cbd6f50550bed30f6c4208490b4194ab79b24b093fbe132c299df924f2ffcc2cdc6c2c9019eedf4b72d7f0817825bd787135927102e1da041e9a78b501b42dce777a79ace604e57df11775d7b87e75e5b00adac90d1add78cc5ad348c7472eec6e6e06f737e77115a9509a6ae6570f738dc2f21314a7ccb9d44add6e1434cdfe3614bc73a6b468f6691b60f4f2db103289a90c4fb2bf5aaf87826d2beb0880fa64e07e9bd30d4eda00d6bda01d1eb22bcf14ee797a859c9a0d9034e8c5316201af91388c47e1ddf061c9f45e067a5f60b355c98f8734559b8f1b82f47bd9cee0224a1d67d40706333523c34f3582b6c8cb47bf7d0e4fbc7d7cf3dbf21077e664fd59998338f4dd4a423c3a145ee1e994aacc1a48f81a7e9fe106008db93a6626b8c8505043ab864d93ae3972675e69c3825304086aa3419216ccae7f7d5117739e99d8f4a0b658148de33fdaaeb9967ef56677d2028c3b584c5cc1c096f4da16799408b2ee2fc3482ad2f49293cf4097a78492470099bdb90bcb4fe3b245ac8b3c53e05d7609e34770adcc147033a8fade81359ff63c3fb90c5a498c98b7a0e5ee9cf4d287759acda4bfa3965ca85e1d1c1019e7fe6d82e5e66a717f94890277e6db1eaa6f3291fe1bcd7d437094749ff5574b8728e0dc21a143a14e382937efb7ec1b0fb3f6f9c0f547f470e3b436dfc7986f923beaa89583d8978c433e0cb0c4e98516af1ac797c778662455a57fef45ba2c7865c1df5c502edb01c8cc729468091bb96be9da9c298528187867eee9a06141daa15f60cf719de2bd15010550b92a41f12d8f38b54692589aff51a9d5e6047a0d9b707369992251df31341a45b01b05ffed8adee5810824f903ea59f14fd500aedae797f8baeb470c0b14c4eda5c687e4848a85b30a8e8f59c45d4c9f0c65fccb15f4d4209a55722c29b6cb09aecb4e53fa3aa602c56ee3ba6900cc12889e7b87d5ef283af1586764519a30cf60833c82f0ed15e39a8bcad5c6aee9999e63d399c5cea10ae1f53b04858ef7896aa29fa541451fdb685734c39470250545193caf26c9891f7f965904ae10e8566bff9b2f465bbe13d6ea4a79586e68844b9fa68b2f992565c8b0ef5ffdeb5878cc12a0571ca3aea50add29dd06e13741a1ab215bf487be7735d1634332f47e037253054a21e0ad8d8f011334cb5951f833d4d344d632bcab7c373cb7dafe8f3d79e7e13bdb1c6cffa474a9fbb46f5736d55f3466534596ebd22b29107a8fa50c1d0e62f0533e343fee038fc0c3040a6df2d318bbc8420019b1b148d6d1dd2fe428c2fd617ca73f224ef9af9bf6f83cf1006616235471b69dd4eaf9f32529ef3e1dfe6765e61e246b519c702351c9cd66c57065ec78993d793b082e3685eb06f2530b07862277d339a52813c99ebe16c06c4c8f547d9705850e770982e8fa0275a52f430ff2422a115ece46a9202caa0195789532b1444f1507aab2e4303464e499989f21c7d881328f18dbc77d4b9b467cae244a93053c0321dfbf815da28b6ebf483eafbe634e9947bb5383fee3a31bc03a63fcdda5e3e46d5d3184718c348a83975728714351df43baf91787caca346dbb819602f18a4c4fe90c4ce307984bcded89cd2e4aeb66318c10d95afa5be53393feb981c21bb1411bb9c58818bcc141223d66ed5f35f90c05fd4848617220dd72f5e892292ce20aa9a0f9ad54022cbe94d2c86daf3fc66949ac35d8e122b02e2d155e73f4ce24d7e85a5c301dcc173ca8ec090af9dc7f443c983280dda27ed4b9bc71f86e84f7aee39e6a7e9bf5e43920aac858f0f49a06216d9d3984cd2e3575c0fa6ce8a5e28b0f481ccbaab450fabce8a1084ef458dbe257cf09d8116136c2cf1edfa6cce31aed0f1f8278c1c8d9c79846886d48e3fd311c015bf2373f7caa71aa26b011d0df5a843ab53d7e7f0466ccf49c5d4de872ca87b8895101ee0147a3dbd391beed75fc16f65814d56cb29273a5f4e5400fcabf85040505c31d001df0023726e9c1f7c29a37039fdda73b9b99acec3a029f7c0dd61ade7d5e835e1cd605aa8e583bf8dc99285e86cf91f4b4827a0e8956efde2b495a86f85e78b954341cf3afebe8db71c26b9b1ba27b47284aa84e55b1c2afee733ac596a10186d9ab504f33e34a06ca931d7633462b04b9b2b0d4751b0343503bcb2a1893d944fbdb4be63de167348a1588e6551fd9cf2101b0b4cb61422655fbeb50d64cb9e87a23007a39821ec3aba391485347624efc3dfda4a133c537d7cd8c3a549bb6bef9a52d2edf0a8892c6fc3eec3efc3c18741c85bf24cd3b36ca04ee77f654ed5595a0e4b9316ccfe4d2aa6b4a66b06f309337e363c9e39829c8838729f19811093dfbe962246473b7a19faedfdb0193f63eb85ef308cd3be5831f35ced36d9448d0ea8306044f78946079210cf89ff78104bcb2964ce2af9954d53885d7914e4ffa4ac7e9b3d103922fd1ad68c0a4592f885c5fee51d52214e17035e8681086203b79b5eb176679eb3263b44ea7287262dd84bb98f6639b9657ac04e397d69c634a0c1181eca485e467d62631ad2d9afd5ac5b86ed4005fdbb7404b65bbb826f1a2334a481b9cd46e0ce9c414a162e84368089f24149d7d05ea6adf40b25a708357aaa5a28801ff100f69252810188cfc6087507bb5bde1cd43bf72b1b3207ce4f7e65a18e5276613d4beddaf21af7b964ff69965c47cb03846f7ceddd2c5133080fc632a4f0b3495b2d2751727cf7681f28675552df2a0994e425a922bbfcf84189b8c9f43058d691db3166c596f6bc480efde06bdae7b9c2985a1f2f6441520620e193d7b94ab46dba2a1ade44e2b006734e6770f34b0e2122dd7f4eaf045164dea8c2fece7758630384c00a6b528a6ecf07045b2dc0281c936a540904733149bc65b0f57acd9a5e41c2adf83fd6a760b169beebf04644db1314270adf86d01cc2cd580c609e78bbcd9d2694a89f9cb6dd36b9aa2aa5581ff561b5417be2b52f3ef2581e461cb0690782f33862c52590643bece0a6141dc805d8f56c4f64c1bbc49a3ecf1e8827926796e5f9335df47da6d3e4c14795b547116fd1f3351fc55c28b543183fead8df7da4dfbcc38e224901ff7bd83b16631064cac4a37fa632f53f004374aa19861fdca515af91e66186ef804366d5a1b3b4faaa60a0c4b36b972a9579548b4cdace7eb85f1f68a4e4255fd994c1786975e7f6f0ba87d0295de72876bce37146a09edebc0164b9c4911ce41ef4d48130a27651bd0dc315fd622cb6d03759d35756806332658b5b33e768860c1946569aa45130486ad49b", + "sha3_256_hash_of_signature": "81f3b47e680671d9d9f4c8e458f6ef411d6c48b432469254d4610e6cc90e7e35" + }, + { + "key_generation_seed": "5aba340a8e541568fbef49e77f94cfb4b3a5e9cf14c6755ce6412cf86cf62898", + "sha3_256_hash_of_public_key": "2dcd50cb0aeed87202ad55d75eb9eac79c14707d200aa9acba90df30b49505dd", + "sha3_256_hash_of_secret_key": "c82dd25291629d1fa1184128723ccc2ab3ca44a84c1bbb8bad447eb04258eaa2", + "message": "efc63dd588a7230ce08efcfeea534f5a0eb005480ad1d169c386e476715238526e936fea7136e2d8aed60de31cc91dae4e764ce5f93624fa7f72b87562fb6ad8996b5e41fd478af0af8338a7fd9aa250efd2f2d20364e8a88a8642e8e38f38583abf8d3be97f14c3ede66ebf8ebc84385cae646cded8c5ce8f06910ba7fec05d828446d558d6fed766fba347da2e84da247c34266aa31c328804f4e3aaf6acbb0ad50feeccec00d20b3610785b9f1ba06a0badfb42a8f43de3f7bac36057ee0b4d2a15db040a8903f767f7352995c8fc3e06ed1b1322587eee5b31806192e04b09a7b433d08cb2a340942cb75c51e0f8409f907f69c5f8dc316a227942edf7a458974fda76c255ff4f1a85a352cd2cd2a21507e0f37451060d31d0847528b3ed5da3e7168cbd0302f1b03842e63b3dec6fb37357e37fc3cc26721f290726a47ab3d4dd8fd1778fe5133726c240e7b3e398f3d809c6c469680b9efd25dbe890d6936b76a52f97aef3f93872b76506a95685eecdcbce203400d182252471b99b7f4c6ced4cac8faca7682d0df07bc5904aae042479855098cbc41534f0ef17f38f1bc8c272cf72c1ac4a5564dd132130ee676e7d7ec3cabb4e85ac81945c87de08ec60ced3fa0ab3e83c18ae493a851434bfa2c4968b42acccf3609539c62a4e01f8bc159362e15ee91d8aa399d8bd8d67ba1e8fd646eebb4583812293406b05ba5be2b1df9620e6fe3daf8cebd9652bb04494b899f407c7d9ed1c4e77ffade24abe56ad597bd438928e05b0363d6d2685d34d6b51d71012844415c46f13181b146a3af25ae4e8853cc7c7ef6387306c45180a6ef9e97abe1e7d5e10115752c3071b6a213367e8b1a3d1c3703cc1840735315623901d772c61d55ef8c47db10f0eb7582d7a043018dc1363e93f315dd984b8002ea7bf5bed38d3f273276ca577cf99a635cb6ed9d6525520793405be27c86e6effeabb1e5f84a0076bd151cafc59853424de4b3460c673b0820d76e15ee47b6505d2d5c179db92a44042f3631c646d350ea9721b8984660a76018dca5c6bb1223cd03cc844dc9371d32549d9d645f75d2683fdad1df6434bbe43200e506ed2a815fab511172c70f99a85fa3970433e8955b2f9389f23c10141b5779a23b8671eae8b91991b78f635fbe8e627d3e79d91fd1e6e90699640ba3ae8d7e4cf5145f1259cc76ae50b1fa150d8338a9450a5b6b90eec9c94318bc78c9c7715a3eb215aee6443540d211a0556813529023e5a581623cd6d19bef0705a5f69aad4833a57c308144e92899ac5683147cdbd279d5c3a55bbc5e8f8e26a158a3e42f8c5b858909b024b4ba4069e26de66460ff4a7dc92bd54ac244007b6ac6ce07a31a2af3323cb55f07b8f480d279308fe10f2ddb001da6c4aa132b988ad03fb63e0eb06544571f5505cf377a81153d6fbd4fa2b7562074cfaf587ccf28dac84afa58809c0b296e0d2594d3582c28596f5af7500e143be7b49c63d04f49bbfbdf60b024daba5533f945ba90659758e06984921efeef79604059eb808c9fe1bf9bc5351a406fbba7f5d8fc9f891488e537db14b216a0535c9ff7bf8d5c68a2453a8a48e58fa7bf6eb76448d6d0bd05bd4628c4b852a236a11bec0f67118f1267ca42647f6f2303509094c9a7f3a07b2724abd2d9b56b71fa7ac6cdde456ec209be76c419855a5151ec9ebf0e0cf1b86f4e8e81b8173960f8d1c8affed1ac7b818af8e3bc092e2b209d693e80b11ec7da39ca93223e1b47c6127e8ad40a78bdb0ecbfa1f39c84cb9ecdf960abb39884627bc4105c53ee7bca4802b92af60241420cbb36c407f46cc2e953d7e3503cc82287a8d68d0e673e212173d80a12257add5256652188c00590dadcfb7dbb6b35507b853ea5fad4f52e02230cb3d3bbdfc43eb74780583e8dbb851e0257117f4a39a6676586216220c1ca21de16cdfe6e1cc99ea7c989916ad2fed4a8373cfcff02207529bffcb7b7601317450bf430bac9ce111b0fba8d7de6627f863078d8e6286b2d34856426ea90ffd58705444d0dc12d4feead0ffe543811e1ef306f40939922563832d06e6dea7109087ac051a361ea9e755856fd4e51388bc7c40c63e0953c8413ab0cbff70c466e15de5b089d095e8ee8a64e929d26ca3b71ef0b2360aecdfa89284cce08c666f4e0146362f0bb84b87a49fcf2324ebb96dd941f00e2586f7246436eb66b1e04af84482d8ecd2bc8ef9955cbec62afdd754a7f235c7f3c41cd0b36a9024d426b7388d3c33a5a6e858846c0fb0d88ba5798c923f9b43d14a6661c65092d5c5ec0f97d84784fa336ae6ef57c7a5d04804b96d19849ff9074724a5faca538e32c6efaa5209317543159272ce50454fe1e7d068c8f5ff3797a66d5f87758627ab5d40ebe1fb7ce9d69287ae7a5f349a5daabd8a8e7778baa26da0eb237034a3366448280237a165cbb303be6b33c0f11c1e56c50a84384a0f6878f2a99b14cd3b6820abd27d2011e0c37f8439bede65747038a5ff7f00daeda094331523cdb7e10f1063b64a584d3e9f0655268f89dbef3ea3fa4c6e54feebf8f0046c6c811f0767cf6fcc9b3497db05582774047a8dcff6a0c1b5188076e64a9d5693195075f2a05e507a5a523eee4537079f9e5e79210e4af056d6624d45a0eba553ca9bc92171451970102cab57dcd89acebbd7025008325c61145264f42e4d14a76e5c2f1c129d4c054da00501081617d1a27012a6e160750dba73becb5dc05105bfde1f1d0cdc837355844b291b09015fd610628513c1c86ead373730b99fcd4a552fba07163ce9cf6a3d3ac0525593f0648256e8b33fbcf92af58ce26d0f036e11230879dbb789507bceefd2960ea320236a224ea74dd2aaac541664fa3ea9430d4fb09c878169a8af1e7fd4be5e7926cb0b6a352b25f452454474107286edaa145c0a0573361522eacb618dd9c8b32bd1a8a5923f4c698cca0139dc640c1d5d557ce889bb69ce32d85853dfbb0f34da2cf18cc79472906b67f6bacbf287f31de0b9e7a01a356ec9b64653cb922501ea1eda940089ba0f293b667f482e92438805cd6851776cea0920cdefc4062c9b4e51f5aa1d7ff909cc2608b6f28ccf28d574bf67ce80d4ddcce28f2ade0162cb66894b5b2da0eb975cd95ee7fe72fda2736616c8b571fac94bf8c64acd1642d9431118f08a62328d99b2b9d90bbc915db764c4935951a59c369c72060cd9f4273bdca0c295294008c0ac3a149e8ca5e8bf21042f5f21c067147f3bb52b13975026a9df7246afb1d053670982ab316509f2850342913e1322758ed89da02dd79126726b1c5566c1831ccb1d62b3e271875e62cde0df0715d404f95f580b63923f362d416f83fe5ad98eed584717fbc2cb7d1b00101200f4eb4ca5", + "sha3_256_hash_of_signature": "949bf3ece250bbc83bbe0b020d1cd5ccc4087cd3c6b3f383d6844ef9f97d3734" + }, + { + "key_generation_seed": "df4853f482cc1d0b3a2d71e9eaca064e57c5d100df79bd004ba81b43eacec401", + "sha3_256_hash_of_public_key": "1ad389b60c3313d6cc1a1f4672d0c034d8cea0ea545ff3ccde2464d7e19d10aa", + "sha3_256_hash_of_secret_key": "ae3b42166cd34e5c257a353bb4f14cfa6d7e01890c32ac7de76d972053665d6f", + "message": "acb414eb55ae5e49107bd0ac5975544f83104f7264495ae0bf0a6d9594c422c16b99469eccdfe8b8000875b469309891ea42586a615d146de64fe59277a61631b2c7f7379cd52fab3871bade120ee9558d1479a91925634578cf14d35df3b5672f8b5f9f956fa9f7489d6e37e207fe556017736f6b147a8cf664d0e0521d94737e18188a1b7c30296ccc9067e7b55d6e0f2fbd875f42fefecac49510e324968b07372deb10a31c585457e0c48879ce44bc78898ecefac7bcee90d0f8925df2b52d5ac81692e0160f8fd5808645498428260f592e29bb90fcb07d0424ec79fb081840cb827caa4a9d562183d10ee41d281e26ce3ec0069c83e1e446ef82e2e30debe3f409e0a9e6d1550e224db15dbdda44341e4ed6f8b8984716ca87233197528547d090058607ca141424a13145f1e896555288c5e2877ab3b51c7f9248d2d56a8521975bc4eae3d009988cbd73c66931bada0725fb8a3448d43e0c7364e9494fc4e295a700e79972e1ffd626d1cbe0199917851638b192ef9f5c03223f2bbd67eb59a5e8baec3db40616938274201dea1ae640f6ee7e047cc4c13f80dc65e3fcb5c62386015f4ef1bfec561e121f9bfa9b2075bc1c4730503fdd5debce8a535eca01b9d5b021c290854b5f3d49effb263dda34c4e96aeae9e71a686c009b205994b46cfdf1f76727ca67d415b9d21d54312cdc6a8ed0aeab96b580d0b419e2058e5d843c17c96d156549962f81c266233ed2b795fac40b1992b626457f211f08106ad86f5702b9deb9323a0970ad86125eca836e0a3d6ccbc380d474049bd96ea246b8bd9542793a66e15b319aece6bee17adbba7db337d25f8f642774030a2ff969cb5671f59901cb109e661e55fd5e75eb2a96dc37fec76a82eb89d020b4916271cfb0cb3342494fdb62ea0d253fb8ff2e91357b33d96d41530b8b5e9550fe9b3f9f34fd5a2a1a6a8beb93ccc322622f3b5e8487de19af57cbd1481ace02779ad928b17a9b05cbeb722c783b088b5912c2d67ce5073f1801c23170deb1eb6ddffc4c33dd25f94f4fbe59d704e478fb49dd2142801c37ed8f539ec1782ebd2f3253bbe19c5a048b9ef41824a811119f3a6ad2a0d4b77338e001358c61a9794572b0c46eb1e0e575d4da141a415829ba8712b791b625b1b0ea840ee745d9ffe1e99efd782ba25859351f443654995102cbefad7e59d03c9a502ed7b77144d0566e4bfac086a7dea356cb9e5ac02dbf7e81d6ceed4a33da8d801d61bab5c01f259ee3a99ff7f6d7bf8f2160c4bc3f890736074b000c4c58fa4615880f93fad43d5657c76045d7c414e6b85f63aac91f04a616184e04ff9aad513ba767215fb0331a369d36c0ae9b1ec1268f1d0b43c42b786db23dd66465b3af17ffc68c67964c2fc9e41eabc45db68cd2c3d95b8bec787d994bb8e9cf1dd7d4c563fca5d80b3f1fe8e3c7bfb7d171f5b9023bfbcc0cf4371b63c856edbda154b4313c47983f4027f9e61e86da1e8cd787e3e6b50e1dfc9201b9ab92059f8b6d1bf7856cd55c5b1d6c4e6ebf818d481c56f66c79444f5a6544a64a7d78ead33eb805a6ac4310cd46a2331e707b9b0950ca12092402d68c1cc5c3f269dfdb13ab34b97eab50b0745be72bb0fd2d73bea5dd37802393b635e42a0def8544a96e7f40a8d9d06b64e38dc406bd59ac5c4e218591d20b8dba2125978096517ec5c03f9bc6f96cb255e216ef82d7c7c873029f9e1d98ebc0d8e1312b84b8d02e8d680aa56a506c8668b5b9c56d04cf68e37c7cb1b9377c867240cd42fc7fbde0ac44e3dccfd3f877c9923ae9cece0cbdab00ca530f434a33f1c939fb88adef4d12acbd8b2b5a139a3fb776d8223a9846465c0372b8c3233fb5280e936bbe9fd49058961463a4419d939f4f1fea705eb63114f0a3533638dc4d3efd620147770ad877e2354299cec6e5c18924e78dd661697adf89a77c7365522d3e8fc0855187139f7e43e9a0629ee321b2cbd9f007b05c22eff56fe48045686b36c5bac2267f37a2e3d4e03e19b1e422acea31c2e9f3e7541976d4e2fa03119df9c4cc2d5418f0fc7a467cd98e290695b9530b91d5df8c626c7236a5c0fba73578b9a47491ca0ad26a144b0f23ec23d2c5b2daa03bf40130f14b9a427cdff1f232c9cf02426228c570cf1fa7c00a773bc0d70858588542bbf8f581540870897bfac8387cbba3416a846cf9f4f5d3f9dcedd080cc0de9f71b93828b835430898e82896cd3f30fe2af8349db294fb2a8ffc0848692a0b9e8a66ebbfc0f896f8d03e3c6a0c27e0f2177b85a2f6fe31e8aaf14ea5c1fdc54e80cde47ae27a161264680107023cffa961e913c4e6af96c0be37ad859c334cdb8bbeecb5443662739d027ef1b9535a5a46e2169933e419454025623fd6779f54c622ef81ab9289b50758ea34f868ec85aee589b08962b85cf537bc733f62aafa95fd81a60d5c2e38d6ea0df7d1390bc5050e2463e3e2e3a769de2a94abdedfa0ed67cc0ffafc5a05a3b0fd37bbe6967bed8debf02a42cdc80bdc62158e184fdb6672f7947505e2c0a6c7762b1145c4baf30e3d32434d22707044dc99d2cf2d38f15c43abc8632382bbbc9e0f106565906f7d4948d30fb19edcc3748100397f71e1548e58a5a01876d0a12dcc80000224221c4abd98a5022506d24bf4d9b9108991ad3421d4ab9cc393dcb8d744f97822f95cbb2640e73e401f044fe20253acb8b32a75feda640e190454bab695a23b14ae3ef60b00491ab22f622daa89b6b2e6d18e735672fe0eb2de269e4e386c926e23b865e1ba22dda688293de144102f7030fde6df653e4106c08c2467ad7c54d1df0dc5981004876c6baa8720f70942700a154a376c8d45dae1be74910148ee3f2733e591e1965fe763b58c8b28af25e9b3c633abd83f1c0a4f68da2e0b85083bf97d4e919340c0437a604416c4f629b33039bbf2a1f561548321780411d2e8ac0edae76fc3a19f3c84c3be902a1e84fdf69b11a12dc8b78ef257b5fbb5d923ffd548451a52c6a3af31c70266ae8a957b2bd72a51a034a2921b8e19321108ac303b0d2e269d032c3db13f21d558c82ba4158962f2210e1c5fdd96c98d6639aa844f34e40c1b9c909cc6af1e97a8dc83b78c72b30b7ae400f44ca60af37770b3d9147f7d6f5a327f34df7cb8891e71d41d723cb18e0dd324e5cd22ae0d9f2b1d2bfced0288b7aa73af4fe0a8181ba1aa7eae966d0a240e10fe5735d98326a106d16dc49f3fdb19d3a8449c56a74153655600e4c9e38d302c6d4080017d93c628388df94860329baa289efa4587f079c6f03fa03c54540a0ab4b067ee46a5a346f2fbbff6570ed0166a55c258eabd62ad90f060fade84e8fac799f7928285f58557a72e055b535d00bd9a4880d10c05c07cfe7a6feadfcded880521803e339f6eae3ff28a0a471a003358f952320f41a0aef9d28", + "sha3_256_hash_of_signature": "1095c0797d1181de464454bd5b85d80e07cc3c21e005658f465f586a9d16c662" + }, + { + "key_generation_seed": "95da16b844baf559c2cd6e68b237614bb9927d90811106347b5849fee2f48640", + "sha3_256_hash_of_public_key": "37cfe993cce210443be74dafd992fad89a8b281105c9b5cbcde6c280d838dbf5", + "sha3_256_hash_of_secret_key": "d4b7d46d1e3b6dadb08f64bfc230845e5fb464bae6c901b30817fd5b00f01d4d", + "message": "5f7522ce6bd0ce6321c27b9eaa6f572616201f283c5ec171d0ba47662c2320897805e1551ed438f3fcbdaf9de6f3a19dc16fe9c167a65b6e52bcf512c919561b548496a4a80af7ce25458a62eae92ebf677872482d8647c30c12bb1f080c6b9a56560d64fab73db17487bbb007c66661ea9dda14601ab27a100ef4cf4b7447e51418651c03211f8fb884be91f3980fe13e00ea4ecfe6d54882059a436c90bcad80e4101cc6c0754417545f2d167629f80a3c5ffe45c00ab2baf0494d6c065872b03a987a5ee818b3ef11e47fe1747f49e2db6a14410f0b1f9610a2d6114395ef6ebb231fdf71d595cc1171db9c89d6cf202e42d4fb968ab8105fddb2aacb15fab8014b534cf468d77ecde2072623b7002620b7ac3e78b62ad673feef9f8e97e91acdab171fd415b2d15605dde00d074a770e36f2218f7130f13e91fa4c88deea7e854bcaa01b8458d40625a33e982f0955b83080a926ec240e31f0d9bf477ee3a016e146a3909683410d4d09ecdf32eaef580402f0d416dfc082cf1362e8b79158bd57739aee56dc41a549e534c7ccf3620c7d7d95b92994a747d5efb8ec43cfa8189baa9b75fd54694e512fca388b71a5b9ea591ae9cfa34183de59d284ab16b2effa4b26a24a0e615b38b83088a9827eeb5c29b419bc061b033e0e3fc809afdd3de948412677e0bb5136854532639f3ccb176d54ea1961b5c527ef66f4b3286a583e86208aeeb8ed07d9e6bf1beb33995f76ca480039a6130775895f19e3cd4873abe3bf2fa9de81bf0cb04575dd6ae282720b152cf0ec6a4a04016db0f3543d8272ae56b1152b02eaf22131420cb194021f97060d5ce52eb21b57cc93964dd21344786e3888617152d2abd829799ce47d20158aa93f7da85ca6146c5bb94b512da053c35bfa8840ca43f6509a1477603fd50f5e4f9a7cf8d2369156989ad638d35d345bdc859c52688211bf7ef3f4ad4944657289406bf01dcbb49d560a11840ef35dbc0c7f9c96dbea76300cf61997a87d70f5ff8c51aeca2cf0680b6fe8c4025e1e25b62103d248cdee335f4fcd67597103362003206c507970ea6d78cff4b68b44244019152dbf812675cf667e5e13c8596eb6fea3903bfb25ed08f902722a37f8e460e37a03a2d6adbdf79da20052de658390484b83bbab28d039a303d7376bf555181680b7966c798a1c6cb215257e37739de7b9706cd1cf3ab031f68c82d6ecfa507c104115040744d74a40c49245215639d0cf4a5a7a10098e9ce3564ac3c44f0683ae9d3094784d354db1af439bddf63d5cca668d8180264efeceeac0be1b8e1c6418e45f9ed6c779ecf169143b034cd9f332989d445c83a8786398c507b9171b4d95728575539cbb29c5b804268d88f2b39af1f9572b8daa9feeef69c4a77dc64bf2dbb5e57f8b33ab151769b2d00010d67a2d6f188d6d5b35e5e1873fe2b327e42afb8885a842d26c246f7c18e6bcdd6fa49b300c65a3822121e95004928104017cbce2ab95acadb9802bf4bb049b8e96468353d649654c6f69d774380a5a387d6414dc3000540bab6eccbaa088c1068ccef20036e5c8342fd512f55e6794bf85fe15721d99a1bfeedc218617a940c8c25d4dfafec677d2a719b2cddcd302294b7fa41aeab5606f859cc0d638ac94b99ac3ea48c687d278eebeb396dc5bf2d2e89e880f76b533fa54efd30d8ee38b34dc5f8ae62c637e9a7e85d99e011f62d261ab4d3dceb98a8972d3482cf817eff476b873ac56963bd60183b359713385ba82f6e24be2d6cfea6dbb4ad2e1b5b790ee54d23f64e740502e887629b346fc8fccc3338d0f2921131b84590b32c7cb82cba8bb3b81ef7bc5cb12f0aa0b3c6a5b2878dc4f868057c68460c71d40d4263ac5c8b8317d2d0b63403c7549439a9ef227268372ec3a54cf8ee97714bc4b55007f92b1a32238659ec1ee27d6f2987ab06fee84c3afdfa73240963f076a955bf3c19410e1da6a19b3ea3ae2dd8766082d3295d35436597783dafdadb905465d05fc21fa8ac2737a52fa8aaefbd2ed83f12545c1fa3198ff225d37070694c9392738e89467edb2da3cd1734ce398e32bcb1fea2e4fe1260a2d9f9edc3607a8ac8a51d5da36e99b31903025e0cb157fd2ff5b51c9191cc16a9ccb870b4060cfb0fd900aef62738a58c5726f5164417f084ef14fc0953e3c6036b818c21ca3476b8cc5f8ebaace257a0315031a03e64e7f749b9df99bb56ceebbaa4333bc7270edee90fa2715bddc38d44898a41998b2374b6ee3b8524d3a385c03868ee9479355092c4d20ec32deb51497f4ff34ae7e7ea4828c288f46e5148de28a8c660ee132e5b5489833dc66205ec968b60dab96c2a4452a7019bba9fe3d19d5829129e2a9c75c39416ac8695145f2b62eb9468198cbd48d7670ddc6af2f99f77e7acd01a34ea8e0e974206fbc22656867d09807b980563e06a559b0c3a7e6f43cf8db75b18c0f90c12ff3bd43abce7df75d17e631c08c974322010648fe2e2bc940e6510fb8835df8384eff3fe6a264687256c6bc0a5f9d2ddf208171db55c4446b03cf27796bc77e3c68d8f1252be21877d7c53747404420302ca5ae1ab57e43b158be8b707360a2f59d6a473f98b816fde2ccedd92385202c419278e8b840dba4c05e9bb65f68ae2a635a29110329e8c0c02f6fb5eee41ed225051ee975f92da52f93eb1fd7c0a098f6d1421701537298651313514ad31cb333e9c5da719bba95e73878ba41f9e2512862a80602aa2de1e1d086576531330cc7bb8f0cec38050b3cfae5c8b1d6cb849a579f2294f8ce80fde5405bfa3e6ecb01d5117203a4523591ac4030397de9ff81d5cc91af3002590f5854e852b88667638b2d052f2a7852425c8ec026e48d9ef5e73d1993d7f3fd7f704760562c36d2278c9ce131ec6aa444d7b2eaca3ee888d9b2ae122688dcb35455e7de31562ba618f1183308b30d07a5c34020546218101ad42ac5054d4703587ff60e860a60375fab12734912058d5b0b06430fabbfe0c0b43c22814f56dae9e2713325a31c682c13f008b9a3d4ffa8a454f0f64a9213ff2d557a4cbc64ec6e4eca0a976cd9f27497ba544dbaa3e2eca0f54c2634c719b9c3a2ce37bcc8158a880baa72780f8b1d3494f589e2af3044b4fdd86f4db2df0843ebd9f3518870f55488f41e234ce94e907a69d28bd83347702750db1ae2eb1454cdca37a8b5fc90091f548babf489e57c8919646e977274fc972088a522fff9f9306d2f0ed6c01ff92cae8440d7f3526b8c186d5b96942cb08032886051da2a9fe77e38beb18f4fb25f1152edf9d61347a00a844929976a327be46ffd3e2ee0b6ab1014294ec5d40cf7071c36b11127ff90720596c1b3065e7de8010aea469bb4f4ac5a6efd20591cefb7b94b2006d85ca475fee556f24cc41237c631b75eb594f8342deb4f976d73aa46563c1aa6d0b605a16152315626ba08807daa6025cf62b29176f3a85e4bca483effea7e5939", + "sha3_256_hash_of_signature": "dd5b9ae4fbf82a62198b71a7c07c071890719ffb1decb949fc6b495f70aa931b" + }, + { + "key_generation_seed": "f258ff1178cc42a3cebe238c8418b4974812a05f43b8fa95639cc46bc0738bc5", + "sha3_256_hash_of_public_key": "5efbe5d2bb272ba6f2eba421f28933d68c6dce72de68c14b8b845c421dce77cf", + "sha3_256_hash_of_secret_key": "ad8e7971c4bc435ba0474d945eeb5d8f981f7514b8913592f51b5e6d38cee83c", + "message": "9ffa507328b2129c9f05a22b81a597fd1b8c27d554b36fd3eb150bc5fa0c6ed967ec5be6f1e52d3bed1508dc3c841360020cfc2ca1b0713076251f2935efa8500573cb4634c78a1d0f87d994e8e2b0bd265a877023b54d9a33282c12397dc74caab07ac2efd140df907651bcd1b37cab2d03f77cc28872291f1cb28fd4bbb5331c2a18e02120bfd2d9ec0c8938a6d43681dc03527fc2bf59703b5160d8e25d08534eb5aa5cc9c10572257d9e4db29235683bfe1776a2d9edacfba1adaf66587bc451d32c524c7934556f94776f91cdda96d2e5caf91a39503d3a742dc5a0efef7c1a13666e200c5e3fd7652d200adef51fc5136281570b7832e0c6e7552972e43291f202e6f916c916dc3fa48858f3d92b1b7efd42de140d43648aedd7c7379d7a4b71751a3348b6bba3b0db71b4c99c41e085e5536a3f0d2bddaa88069249e21e2d9906191bbb5c8b45353de72e00270431847aeb4ff6230cebd1969a0fb68d6e302b78da39adf6c0e681117c8432e24820b9ebf38838545e95cf7aefcf1e9436cf48e87b6c5181cb418132c7bc050b9498720d7d534792e0585f05da2735b7e68fe35dec358da1bf1681f7f62329bedfea3d12bfb26ad9403f3ac1db96d828050f39dce4017b45c5dae4d7de9e9f687a9d7fad1ae0e7197184142f6818a63d5617be9d8d82334a12e68f2eef88a0da3a915de63629550d8a64df591eecdbd1b89eb40ae9f9d65815271693c85f2ca41bf45e4fa16ef8b17d945ec61e757c6c609d8afaee32b3ca628842db255b619f6562e656f6125fb27195ec82fbeb9c14330dab649cdb74f523f5a98244194581503356b5b7ec51e2b35ae889452d3457ead713c0715aa7382dcc510b16e771b3a5a91949faf5e29223c8f1f861bc3b4e77e095bb61aba00eb29c065d6f9da9b4413d61b2202547fb6e34671930ebcdce4c541b3e2dc90073867a47197e08c96f74ed81de5f10c37c062e8d82364d67eb185cd098cac1bc3c522e4fabdf2fbefb66b9ec6e848f732a737fa7b935ef2848c29b1fb94044996eef006e251bceb5be356f286f0fc85e5cba627b67398cbfd6c0f520c6f896353fe75ba323d8ecd9d3ed2997580e7e1e49eecd91982c5da650d6b128068b8d3d72c1ec4bf1fbf121ba96e1cf5f247f9fda7018cb609329b1c95e59e112c393c45ef7138905902227cd21a39ce30397ff017495bc98a968fb497e03de5843e64923683f2e402da63cc25ad0ba13b85e3e379b08deb39542c06a268bbf44990447190a1f8adf0d3ed9ed9917886210864cad84e7c4d1282c4d3bff9dc23e4fa68ef6b0480e76459d1b5e0a7cc0cfc17f59531c4c1cb1d416b7d009ab50173f706289dbb68201c305e39fefad87929ef933006598ce0f0242a2c60955ae487115b4c367a7e49488491a6f044fa8b7afd81f6da09d29d4befe1b3c9eafda4f17d22eaae0b2d1646906d1cee65614640b53479e23831c56ebe12b92997d5fea725d78ca75f4509eebd3df4f741d6b2770521be2ae63ca365fe1518cfdcd5088d58cdfb8d3dba76731f74760a47c9d619a31b7e318e957194ac5acc6867cf8c9c235043d5c09240f346fea840ae0bb16094883fc801da0befac64a021f6f871413249e9c7f5cca92f4eab5713b0f2cd6c950f34ba6fb1cfaad541bd5faea45ea5fb37258301a49d7bc4657e3e986d707213c0f836b030c21593f11518eae3a8a95a2efc8b9839e79cd8cb0e6de59d5a43ff8f81fd35392f0c0659b7679542136782d559897fbcc0129c22f43a30cfb27e899a8ca52453f5459a281d0cc21f902403a596c7f69cbf9a64d97b935ab384fbea5851d831e8420066826d7e11e34047d18cf08283be8f29a8a79b0f477c27bc41b8ea4aa010ecf8ece0d37389ff13e235a4526070f96f415d41af2e053fd4440ddffd69799456e7335cc6d9f4370008803f7babb6c58b6996dc5a52649e25463b5267c188e2dc39b3258636ed8689e5c02e00574988b3af881d30e9eb38ac51c1e00e1c0a411ecf37e314276221d7d8713f7a449e38371854ea26520addb58082287faa1f77fc04095499a3c3a331a38852a287b24040c1ccc054086964fb1ee2b328f3de21a986507cd20b4de4898dfd15045324b93fdf85e5392de0f32c3badd04784012e97cb9ba19472b0c20eb0a71c89149ebb601abaa4a853f2c75dd2622235ac30d97b9d7b1216089b9cc8e879660e40ebcd15203404a8decadc42114715f4d8a6a10511bacc4ddc23520445a95fa3945bc95878bff18728e64de8b7767cfbbaa21f3ef2d92f3d7dfda792bbe4e5b3381077658bfbef8db95b64f9f2a44917b38df6f9391118978544369c882b218e7a7a31afc3eb9a75a28095c4478dc81f9cfa127bb749cc53898409365170823d65a0b46bcfba0e47cc0c5f6ecbee09131f134edd254f4f58b50c486dada13195b1a35739420a45be6558401f64c3b6ac94b73397925c20545621c7ecdc7da9f71a755f84d27f2c6d8415d37f2bf1966a76845216e41764ab96dc2e14c12df3684f7683fdaf5ec771db7050f81a4b3e516c7d5c955201a18f436962476c1284531764a9397e0edbffa8c3699929daeaf968b4524bd98ee62f9a0db9cbf99fda80cc6c57a5ee1099b1eb29799a5b5bf5593cda26ce2c66dea3d40545465c1d21f5b9373556b9ed0ae30e90b836003ca83f78e29bd8d49550286dc2de6407860e9a9cc5eaf3e1b1c73fc2d248b81b1cc8f59dabfb5daade6f2a0b38e76d9e6d0125955d08de7f334a56a8f362cc5d883d56bf7babae6d9e425376d34a05ab863a0d9adf7c6fda574fa8dc60965e021532c25ed4d568412d4143fbf2c4ec2f230d08337a4e546e01f7c1bff4c97f2f27af400caa57bcf398aa5bffe155b0f29a085d5053dfbedc3423818de8fc597eeab2c1663d8c81c71cb876f73ac854286063a2e8bd8614d06b80f3bf56381179342143f4c89b8cefe9168b6a96f416dc617b9f544f9df65ca6f4f7a84a327909666b70cffe889c86aca706a0a1365e248d6b341a004a27d4ee344f03ce6e85d3573e272d48210df7c3178efb7bfbef7765d24754673c9eec14c7513fd8de6386b0829ef0980b826ec9c77c81d1e3b8caa65992db9c2f8dd691c520fa6f233afaaedbf287a57a9a66d2330f4636f02ea3148c4bcd2c8b114d48a1027fb3bd5008d732c427adedec9969aead451e166954fdc207c1a4ec409cac60e42383385187af44f136f91a8461e62eafe6fcadd1e491162e46cfbbadddb72e5b54b7c655cb9489e7f4f7e55c93d3ad50cf84e1f47a706fedf818a5246bc755d6d18ef18702f5a90ce51812a67227c5e5a051133576e9ebc18afa18c1b05c854d343727b25bb10e3b9a3645d789287858fa43734d66ad831e8646fe604286544238dc99acfe3c8285230fc784bb73360f72ed34795b1c46edbe32a346bfa7f534b500c6c9d3ec26ad7ed20d1500e3dedf141df3c2f92e981472f0010a48f25429329ae92cbbb918246f5a53212703c75dfa15d014801a830deb75baa36", + "sha3_256_hash_of_signature": "a3e06dac419d679abbcd9e4ad2ce6e4209e95030841dbf2d4c5286e9f5ebb7fc" + }, + { + "key_generation_seed": "5efbbbe99cf5c2b6830fb8e990250be308e662200526889ea973c8d33823ec19", + "sha3_256_hash_of_public_key": "252fdc1eb2292873b5e40e5cb4088e9cc8e4c26dd9cb27acfa4e16cfd9a699d9", + "sha3_256_hash_of_secret_key": "6e233e4b947f5f21b049b246e909dda6e2d9f5e64cda6f002f70d056dc5a5939", + "message": "e7e845902e852b331ef9923416e492c1641236e4e72408d800fd70774ba32b6b4be04b6e82237a247d26f9a33afc4745c16ce0554774c68b33cfc6e67ae34e42038fc6c324972642338daea75982c71720f1ec9542df94b38434da34a2003fabd9daea1950b7751da6c81aff7d03390f5d63455d417f5d12a510337a16197ebaf921b6a7a9a9a58f9696418eced6b27cb8efc8ecbd9b68714f721561af8553a0d84e30e009a8985d011cb994eeaaf88c76f7f3261b47fc174155c138db2eadb09a06073b211fc0d27113e8fea0da56e181cf532ba8207f5d80d6a30d8bacba540d49a81a0763a0467dba7883766ed6358e809261aa3d8b757c839b532f272c5767671a3a8bf3391b14f5e97bf2668a4e98847f1abfa21e2370870ddf24504f89b3db71e210c46d66ea7296d65c926e2c955d899ac830cd9d06808a68e9b3722b86e878cf21a5e5d41d7f3cd95d23a6344c259859735ae1a953ade13ca103692b33af90ed0345c7b038d938f8f494d90cbd3933b2a80fedc2be57960db23ad018bac63017a04fcc510553226cd86c74ab90e13c72a1be12e4d751dc670a98ec4f81e9f8954a693fc7175ba7e50d340ff7f15d568d0abded0bb1fc557b1e55971b4c4ce8cc1b4d9e239c73b1133c9e1672dee36a2d9527f315c21764648643d866b0e2ab6d2dee61d838bc5dac183fc511c4501b6e535ecc54f3edad6e8edbf0de7cb70bee861b2bff0d41bb87ffc0ebcaee9a6dfb98d31d35cfb6dc0442fc285ad0879e7b218b6e66453fe04207fe814c5f72e49406b48fcb1db145753dc2a2d3e9793594f7ef1a1a6339619e1040cde605648234a51b2f6774b31c7f9a77c2ce3b98819132bb725d288c65901f7001e05fe5326b6f701c337d41c8cf8748ff9c276ecd398c725c36c11857605f58c0b154dd9f3c1b4649ae677533eb0338b7475254e273b786c2fe7db4c13468caf0aa2aecd55dc1a5f868c8edffd8be8deec20a9faa621c4680f3eef4dfe4a79794fcbc5f8c56eedcc3e1963569a36525d4f6a5bdbba5d12966fd8a0fcc70783fd9f61613842f80d000c9281cbdf28c01c6f6aeac10df1ddcd0322e00c4e3cc801ef091d9c1b01e84dce725d57c800d38990251aa1d1206ad93a7dda40f27726d6a03d973150f7a88703724e314c0953d56da6eac442a70c2a08bc66bfa2b0ee11e185131e352d10dd714dde502097af0ad155aeeec2a6b93b149b75dbb898b2b3a7c5fef2f48d9b12a580f54c4eef3ff83a4f13f2f194af551d4800ae86aad6efc82ce460d325cbcfee3400ae939431ab4070d7a7cc005f270896051e32b1051e58941530e250f05af19ff416e65ce40655fda31d2e7a6158e07da08fa61afd5319b682de44afae146129a8b769c1708a5d3479b6c910b2ff0fc872a4a41aa8bf3ee16f80011d163b599d18501335a2be10cf117dda094fe01596c404c14580a7075d04ceef68bd8f813d7de6599f478f3de9ce60b294cb7ce5284a61e078939d08f3d4fd998add3b92532aa54e0c31087cf14bf4ec964ebaad53bd15d04e37948e94917dde181ee3bb2346335ffb403b000f5669019c5281d88a0e771176e49dd0ba22e719c0b731ec2aae9c898e74b2967bcbdce0d7d73057e004bd62269f4e7f3823dcc18cd6c551104b9b896b0ad138dde7c3d761138641bd3eff3df1552659fd97bdadfc59a05cbc622a4492a1b22cff72ac197d61a4c5a949aa9ac09d4c1112f4c1b1cae353c70278a21663e11f27e9ec66ecd4ad56f2179a3fcec37ac3a3f4b33c06bbbd4c8ce8e74825bbda3e58a2e2d928c2c6e6d886274bc0e2175ab03d8721c664fbd6455db2960e3aef0bb25afd3cb0bafb71a2bd18a89adaee00aadbc7e4ae70ed4b534aeeab88559194755f9656b43bc83e3952000d9e2295bf3391904218a015c786de0144868ee4aed203b261fe743b7168788a0680f7484792a3f64782b2b1ed9217b09ae9845dd71ed363f18e8aaecd51a4f5913aab33fea3fc5f1e37e0cd6333d2a8347cf45eb7c4ad967fe6fcfff3565743435ef09a646e75c7e968ecf4202a9b2c23aa8118a1683219b1155c2cabc95c696704f5b270c6d213332649363ae13ec811e9a1090d1603eff745e2fa83379dfc6da5efeced556e46a8a5ff1f2a5c0d911b95c20ec2465ad0c96ae7e16fc36143762bbc0734cf4d6134dcb0d739f7822470e0abf66a0ab15ce0d6096d3abba2ca4c81c1c68bdc252a8a4ba609b7c05ccd913ea56126f418fc0b06de8f76ef651f8085604c16e5910f3b8651ab78296b56b78326e41ac15774e442017fe5b291e5227ef5a4b78ccfa96d6921c8542a8a984bc87e2678903869c52c2568fee4e23ef3cc466ce270614e6472244a4294b31f9438f7e43437fc9c9c5f3efb0f4f0af2110a613661dc24a1c7f7a7f8cd14a943821f16f94bd874f1a32e305db4776cdf6633446724ccbb2488b1b06f0177819d53885127e6eb717c0d6718366a8b8a089aa6ab17cb2581a75ec748123b7d0383f3900efcff77d2e022e90aa41491117758221a0b149c8ebc23cc01c17b9fd39118dad413a391cfa0a5c614208060a61646c7cf1dfad4abc3a9cc5cd566db2ac8faf392c9d8e7da0f84b941d792a8493fbebad30d0daa0d683dcc1583f0c9019622eb6c92fbc475babc8b626319be2264ed873ac063f84b7f83688ac99d732a1e3fc12281bfb1e1e63d48bfbfca619bf4b95f899c50ad0f5fe4673347df2bbf2ca21bef49c7f8440d95a83299960f1e42b457addccce236946de80fd4862baf36387e041deaac3c9751ae345512bb1f423a3b4ca8d3a5e3796d289641d3424ff22670a46552ec68d7d095e8636441d777dbe2e9dbf6b5fede5318516c3886b943f6adf17d8b7cd40b20a48233c9fd981145b45a5cb8f6a88eaa36c270e93e1d876d7781bb92a1fd99727d8e0ae34c73398ab8781bb342f5aacf4081459ea5ec20c30cbb6122344c457f92b20448f78e1a2a291202003781ebda1747061c6ce1f8bf882fea4fb50bfe638685cd638eec15bc24252567025fc5c16ed1f5d98dd90c76e720ef7b4e25a20d262e339c5e5bb5a9cf051bf5fd1f63e93452a179277b57956821cdd901f1c01e634ae18485708a6ed8f592ae2ef3a9d54c9734ffbadc6f0b86d0398aece9374f9acafef38d4b97be9b932b9852f97aeec435311a67ae344ac1985738c72f52b3d8b71f64a916240477fddc5faf02f8224eb35d310fea03fd2c5933047355a438676d92eadf70df662d97c2f5e00cb293053699d51d302b78145c77ab03f34eaf170eda5215436faf0238a4b0d41d29f36052a5278c7d8af9a6ffc6e2b6ffc4c5d524f7640a7170957f3de2451ac75589ce328b61ea7179fd990da1698f5c73bb8639a4da2ad67d364db04771ca118c4055c25f1120a0643158c07cd22b375d5c1dfa26ffcda44921f41d4a504b2279dff03421cad19960f87c6b6dd8c29981cb66c9731f931e43b0d97c6ac9862e2cf711df0ded8e4d06f3957fff9085a95d9fcc95610fde22856b229a3121d8b81ee83dee4a6a9fa3fe8c75351574cb000bf7f3746ca1cc5414aeb23a2", + "sha3_256_hash_of_signature": "f62c62a43de4932ecf1ee2480f8b84a340302f7ccebd25cdf9f50426844b19fd" + }, + { + "key_generation_seed": "47a048d8799784f6ec385eb984e70c62ce7c8a107232871b69b99f7bf4c3dbb5", + "sha3_256_hash_of_public_key": "b8551abb47a3ed3c8bd90366fa60f4514d14559b0af1ee0d8e9abf22d81f16b5", + "sha3_256_hash_of_secret_key": "ff4f930ddb9124c83d58811e720733b9b8d0fa8b14b4f79d15935d94b471c9f3", + "message": "34fcf4626248b979a7a8d306cb9ed69c4ccb5cc3729d2692e0ba679d5c2feaac54a4e06d4efcedf78e19357dae263e1b5d107fb09618a9c34f54f19a738a66b95e6f88e20e01f879f53e8f4c371b571e1438ff70e0a8cd00d608976e24501b2ddd323efe6c1302a318cad821c6ffe641672bb80ac62286c69fcffd93422911c46d43dc9a1f00a73e19ebe6cc09a9801f2a1da708f0f1f98e7f1a18529010823230279f487911cef1e784a229d9e311bce5e2d368e6d613f791ddd617d0f37f604b786ca2bab754e8bc4bd3da37e66a54df1d3b268a5a80379a30a52b1532e8cfabe24168d83cbfd61e2346f901c361f771e0be3e03dae8cc30614c10fb8dccdcaa5b9a25ddd8d61e61f60f22308e12adc137d3d8c53cf7b31984cb813758baa19ac178f2f0cd2155ed674a7509a3cfa7ff66d2d9b1e60be50fe7fb79591c500f66bb1d35edb80263f4b696a3dda0b9b2911d01e76e9070d99db93d1d0c3874cffa776ba24424a6b453526f7c44eafabe13c0750f9df33e82105930139e70b5cf1b09dc3913d6bf4a4859f67fe814ff038f0fdab93522a35e7f81002a395989d68b8b7e4235a09837cc6402a5338da08e7c73dc63c43bac42054c694f4931b80140d6b104edec995cebcc5629f85d09ded8257626f9fa4079adef81d044c18bf2277daaa41931b62a6028f89f95f06d8a8fdeb95eb2eb1e90c0d8523e0b476b158e3040f212390ab2503021e8d6fc0733b963cc6188fb2532829925b59c8255d89f10b657053d0fa1d8e76c84826a4609284503d3a101ebfe7af93edc423ef5303cd946c8b570511e38eb04bee0060e678d03e4134f84f279a570aad0332417fb2099e3f1f279ce7d6ddb080c5d83064d107bb560b21183ae165cbb54cc75313de72d40d1cf5173455aa55c5c356d7c40a2a7023dd95d3f89b515d7598f800dcb7bf68b707978ecaf55b794a17559bd1e913f4472b1830783bbbab5f23a760c78c46157fd1b429c445494cdf92fec8bf9fc217d3ce2697bb6c671baa793cd0c1c84f579f0daec400beada799a9f417fe4744145f21c6f8559afa7a514a0e951f03e5e68c17a8e5816f3fcf41774d26be2edc11fc3a42cfcf00f817c3d0fbf474fd7f30c9c3c6be7f74fcc79fa6ab07cab037eea7d83866673a74c087b5f7542804071d53ce348d2e836749e35af0fb884d5d53abb195ae1ee6e9ae35dc91be359bcd510a7801fc243c07dee92373918aa4f8a89eda3895a52456f7244d1ff007cc7b1a52cbef4c1ade1c2c0ac189ab24b3f260475e1d08e7c5bfa30a1cdd71de5ace80d5fbd1d0f17198b79c8eea0365d139f2ae73cab6fbc9a79786896de0ce7fc747d68fa4abab662a09e0e409f7e652153352bb92f5da1836b0e92b0b644c821b2dd2bd0af193ac0f8cf5b8d88432f0248dab09b46fbef2ef1899b5981e9b33de4e9927ae50890fefc35f681e075d8b0169a2e16feda6392ab9858db87ed18acba25575afd1feda9fb3fd01ecac13c245df6972f65087513f505187c4e8ea54b6433fa092b6cd3af13f4718693904435c55d273060fbb5fda76074691269493e86f287922d074e54eff04209b2fdd3417d8436d1395e638d57db75d68f4f819141b6daf4d13a9a18629cf5f84b0cd02e7a397715dde5476bdc467218d11aacd6ce399d9d54645bb27ca43076b7e4e57fb4f7c4f4b8d0aa949719d731c3a927fdef1533d773cf1bb562d5ea43817a5acefe9eb7e51029dea143e8a1d5f76f9bfd74a26c6d38f54194319a1aaabc4daf45efbae770b9e9d834c09fe45c15d4bbc0251d3df2f2f23387dcabce6ca7a59625e18fd997770d164c338d0692af97c749fb746c0d3944ca4b2da6d3ad7b8c3aa922fc029cf9ac5580cfeaff50cb2e9044211ea522bb5769beb7a7bba0743f345feea9aa9da6ec5f0579cf7a5aa4dedc832fe3f65185a31fd49c0d259e3b7f8fa96e110d130f588cdec30d0fd4860ca6673c46d961fc68a4020fb03ae24b1ae12967ec1ed19abec0808a7ef89521152033f70f406a7005819d28dfc556c79de18584088f40be40a555eaefa78e3fa3d9360a7cebd963555cf208dc408a07ccc1369f98bd840f5c940721064e6c7cb241ed0697af0facf36f05632a504870abf90134a01af00d340f7a5d548a8078c2049600ee454d15eb8ce58c26b3c8185cf9dfcdca7d4b6dcdeb82230f993d51e701d8387b06bd45b4b61dc9da6d3b4356f50c1d4ad2b467d36ac092442fa90d1deb014475ac7ce90c974063459dc951decfa30d2de4c70fba39a8b6931217d0924ffa783c8c3daf048908e4aaeaaa3b7c98846278afdd1753252f39caed7d334d8575ce3ecfb2edec31afeb2bbe67fa929a267376293c2b2f295cd8dbd66106e1d9518be1798949f3315e0454d018c2b706fe836fb37ab908d9d698af495bd285a74e4cfc7612d42121f43fdaa7dcf44da82897b820514d66b92983a3ec819d2ce208d688b6f0aacadc0cdd619d815cd231ad8dd9b6dbad9c47e16fac098d0f4279ab52055d2ff765af6e3618c4509fae6ab00fa23980efb19a26e0a6ea4c9a7dc699121388748449c429b28ad2779f5642f05ff58b68ba3e289f90eb27ce06392616c080d659338caf274d46a90d58f2bfed25e8d4a8c62030a5e89f6b1a5f6112a38661e2f2b5a37bcbf050812dcdce9c0a939adf929c921e7da0c30815da318eb2f350f286441cc92060c970077623eee68b8c6fec9fffe780a6fc85fd7af90172951337af57339e98049132a4cf58874a7418fb7aba0628b6192bb2c43102ee6b1d7e824725d9c75d34a8b69df4a6bcb1f96b57767046c99ec6352751e2fe1075bb4092672379b3518ddc884fead5bd062b0336ea88bcbe0d22e066566347feb617a322bec561e9aa9d2177eef0dfeeaf6231ad56d0cd9e300709c9317b3d334d8d2ac97f96cf2f45b8582c4128d95da8ca207ae34d3daaccdb128c11694eee6d3e8e6ab767b6886b1f7235d85a4d9c7c831c5db8ad8323f63927a638e19497cfb308285a03ca2c1fe2ac4d919ad11511ecc6f28e7d0e0a614fe21b57bccdf83535c7e2c40840ba0014247190c580378454751eb3f2361d7193e160b9516f7ee1d683b336b873c8ba22e97480a61f002a73844c78309c0a3b31be30a192a62bdcc3d33a7a5ba1f6ae0404a8558740cae46e5fd15971b41c0bc39665a9b92eeb3328c328b073ed5b3720d37a1c097af8a6fddc3b2b067680e6caa760368b0e1c052e804e9f80f26b52596202ff2e0af7215999eaf7d3ee3e8916744e40aa1154322dd068aa15960dc38671a4f5889fbe709ce1deccfa80b9d33ad2fd963fe0581a2ed7718a27ca62819d05baa3212ec7cc1c5472bcf579ad52d5e1b2bee637d9827851c419a4cb91db57b2a6cb4433c1bd209648f1fe170abb964b272bcf0a263ce28cfa3a9d1449cffdf643e37ad97182f0031cb334a1eead23d63a5c2d0a675d0ed000f37fd2153e1afc4ac01692701014927601203ed2b8a477ccec45c1f43190e4fbaf2295e32a9383fc7915aa76950a301abe47bffaa9c294292126934ccfc173115a6ca96f3945fd5f924a5017125ad5aac705106eb852ef3190a24420196ecd37f7c67b57162cbeb97dfa", + "sha3_256_hash_of_signature": "3ec2df2f28ec769e1d695b9e100f09865a731bb8b6df8ca10bab7afa6d5e4169" + }, + { + "key_generation_seed": "1d9e243a35118bc7c50a50746e1cf19c9fc310c7d54181fb95f44753eab1b94a", + "sha3_256_hash_of_public_key": "4db8ed7e91b805d9404b4b612476701daaa337cf3bde02be85263e861e35d8ab", + "sha3_256_hash_of_secret_key": "b34f0327c4e4d05ff747e87ff86ba3722ad4d959eeb236a52a7a896ec9b41344", + "message": "96ad5faef409b8a4c21acb1acb596badf387d26656be3eb17987af59737e324b7bf8412a306b0e706aef73d79af753d9b0064ba9ced8dcea966543fe748e2611709ecd1ce6e4dd8fa812d485e91809a225936675369574b0d104a258e3353ee0e021683615ca5c7c531fb29a5025cc7f7323860443dc19c9858f741eb9d24a9f6f04fc839b67153214116e8b7fa982f338445830f915f7c85c88c23ba2a3ce8e2020a9d8dd7b18efe95563e3924d2a341826af51a8584cd026b1c433ef0221145ba8bdc8f73a467b33a9eb3e8cd2a4d671c17d7c28aaa539d1c5bf2f4138639afb89ce791daf0ef0281d52598f4c13d210974cfa1f099a0fc70b1dc120e5c00c33a2bd360bed57cce069060d6380be2204852d8bcfff4918ba0b70b0bd1e1d55dc1d68db1d20ae713b0093eaefa1e33d40d9bd95cff17568393e9bbf5cc1287325d2668f65dfcf44ace2f6c6cebb62f1433e69cd19e6c6532ea93682b22c4c4a62c6abcfaed08ee64f32723e56205222e4ae0831ab8fca8c265fea0cfc66aab1e367201752aec11f752b963792c071e42a8a1ab80658a0c6960147ed740cd07f307cf6a644a98e1d2e56c625acf458d0bdf6216a4f1b9c78ec3f14850c803a4207c894e61a8aa88840a27f2b439fa7cbaabbc789102a95323e06e2c324859db92c6ceaefdca389f677082180fe3d6202ff60dab9f87e3b84841c0a4eb5974d893333f7f1513e54ea4ae0731ec409f69b77089fafb121300042880ea59b7927e9435eabfdcc1019a96e145d5d157998d620e7bc6945dbd6cd78e94c2d89589f8dc8a01cf1b295a26b091847f034937f764adfd811f52b3aa187f3f49273eae5949ff34b64bc86ff11eefe378825d526509483e7191b33333e5465ffb025b269f898ce1f83ea549f1864b556c729f510118921b69594f67b8c229236ad3aee55bd7082e027b5d342c976a549e01618288944de0b2c77473a25201b61034b334968178afab7f8cd1feb6a25cf8dce3586ffaaa861471e2ee7f0c22538fb3c95d2145965c4673e6489764ae24b4f048ded77fe3487ae175f6d4898f69f9fff276470a93daf986a75f685919d98c9c609c795d4785ae941c782b551ef382f47209aadea19066ae5d3eba7bbd99e91943f1e62754a42ffc8048f7b87f128ccf6c96bd760b45f07f740e94491874b06cc3450aaf55bc664b407c57369cabd2708a9c478dff64d292d96ab71eb997f8b71cdd6ba02f52c5035ec26e8111ebf8268cb00df9ecd63bc0d557e2d2e77a6363b00daf25237e77dad03f929e5e9b39447a70d4e5f4b90958f312c80d594e1b1f3d0d23f2b0d9753bf3544061cf0c0f841c440319e74f9b9d15b91eba1e680ed6aab7d63a97b48c0a4aaf314e8e77e2ea6be9dcfc7b5557fec1b996a37c86cf6941325ec356ee75671726bced7d2157be8d4c62cf4bd0420baf2c4223597c0ef75f7a7c9533d14be0d21c37f06faa53ed5ee0ddb025862417f98d2f188895395cf2fe72185acbea952f55cad7ec2d684a5ab94b1257d7abb565b8c07b88c6335ffb9d2fc6f6779cc24fc3cdf92bb3b12ec54360a7cf3579632a2a65c518e57015df1c616c857f83f5f1aaff693acff210dd1e95ce04cca9a0bf385ed6ea2aed894e79d5133799393469b666209371e708d4d279e1ac5ace28985d0db2765d547c2902b715baed5a4fa3e7aa42645f3bbe1e9f3cdb87b1dd8dbb5aab08626591921cb49e552f8ebafcbcf428470719ae40b9ca847f31848f39e4d42049c5d40b0bff036e5409a6a12e7924148e60b64bb83386079b54486ffc8187302893b8bf826578d9ca03a1291983f21de7f6e65458f8942dc1b135c6c8c1fef4f3863a58db17112419590ae57b9425592ff22e596191e5ba7c513ec315ec3476c95a149f6a5ec1cf24870400fdf46217a23f42e0b61157c3cee23e7916b4475a94b96b917c171b1a34db13ad98833e457343f94a76ee226fa5b9f3066c2fd69f14d3aaed1b31f5114780442ebbc88d0de5f689cd910e7464d73423b9d4e03718c5c51871250d11e27e28df1268166e3af328a80d9d335f2d27d2e91dc61cddc7f733e345d56c11b6130875d93d527f93542fb352407185e7ac07051af7f642e34fa06b1376ba15a35d837c1bfe090ba67a89fc1e307dff3f02a988ecd48fd229733f641f2609ec8db14b1a5ac170b104f03c2509d2ee6844c716766d06a6a25d957530fd68a8de6f1753f83ec19ea2deb1a4f9c7986f20ff60a7508ded6547a85baba70577062e8144ba0496777a5218595e021937febad4bfdecac29e3fff2efe7d598fcb86f93a734e4c573e1496a6282a3b40e817dd3c9d631939aab350adc703899ee3bcb1b5eaf6ea8420dd6eb2d4f64a1818aafa97b73c75610b6005f1edc1ec7d8f8db1e5d3e9666c1292515105037d26f2c8d83fee1f4ef5deeb287cd7c1e11960218c1b8bb50453488bab019435065aedfecd8d218bd1e751fe736442e8d09ce7176a71c06415a30b070693a68bdaa5cdf62351ae665f37fefda9481e62ec181ed24f0d0649ad01c89ac422f1b7e27895e55dcc2fd817346d361fa559094b37894c0b478c68a1d7564d089d9d4417d5c7372a33ba475a81fc129f3259c5407bc7435825b415782cc84d85e69d9b44b32d78fa255a895cfd55319dae677ff89d93a3884ce9401775563ff1788cf3ac11cf96daa199e7f4579a0264378a323fda64fad2349c09465fb23ba09069c7fbc79e7288a82f9165268f6842e0aff0e250c21bbaeefb4347d4ef1cd51161dfd29bfaffbedf71dec93f4157a5c18995379ade8d15db59ec4a8b308c2eade1b7ddab55ce2220f3b3ae8cba7c8211cccb3846a225b438f4b37df54363a987c5c4e6b9d20ec3c0096317d11f982184b75d8effd168b7b41317d40f903a23a2649999db36caae31ba5d91998a684d30aaadbd3b1ec154bb6c92513bfc0c47c673254f42b1fa36b995cb737668cbdc2a0d1ba838e74e0e50b22fc22dd048f48b6d1e89e1ccce5a226f63ac7b8e6e9e8ce27050bf3dcd7d0f35f47bbec1caabd4d619cd77302ab4ff6f56dfbe9f5821aff2d72ee6a628daaae4440edcc070473bdaa54ccd775331ac2812fc5b9884915da582eb36f85c7923f06d961594753802efc5883ca484fc64face42de6c3105e23cb90663a3b381d0c6a7265b740bff0a1a017058f06e39a74bb07b63f883cf914fe675e7e5ad5ad44c9f90ddbe23a125d9be02264edc13972ff22ba48ece8890a223ec13addbe055a8b4e03882677fc0d94c9053da6ced34e132fd83810a793350446d60ae5dd0d174b534a3b6f5bc1b497f9406b5cdd414401b6dd881ceabab12cc51425e88a81bd9e14bda18273583cce0849aa48dba1cfc49cdf29242c73c99c87f063b8b739aa787570459c098405dccef78d6d97c21545f2959df9cd62f9c38ad9a849507c23a51714565642dd76c9103154327985f7dcc701b795a7af8625f06367adc11a7fd7b6abbda5b2ff6a825dd43b64a48ede4eff8603a82159a6011f9e626171e4593c0e963595a6e068ad05feb12378c71ae515a82c293eb7d2b01b333cbc7991b44685aa7513b3a58342ba5d094b773e6a27f8582f3dabf54def59974cb8a2499369b5b64c7ac08d32d75fe37371c578073dc83b82a828dfc325976ff282d3f6", + "sha3_256_hash_of_signature": "d89c77e0d99d23bc9ac2c21b76e446583dc7095021b9e5dd85b822872a43035a" + }, + { + "key_generation_seed": "0a46fda6ba71125f3415e8bb6c2d8c00601107fa563e7f6386486a88f87701fb", + "sha3_256_hash_of_public_key": "2aa8fd66be26fbcdae42b786edd38bd8fc43f1552ddc4c6debacd01566f953f9", + "sha3_256_hash_of_secret_key": "962fda9a5af2278344b5a5bba8fd4438a57478d9e1367c58a2d751a5df59845b", + "message": "2447d338bf1a375b66b77fb96cbe7742508b57dff4d33a368ebb8451c2c67b980d3576e6588d8678b285ef288a8b5c9c2726c4a550e764e47fffa2a128533a7653e480288447509e10013ae1944fffafbd9e2baca0b3c7069c07a4186c056fd3857caddadd5f891512daeeb26865f5c89ffa63a64c85a08e41ebe7bd8786a8add571a4267d5a9e426840a0b988e197a09f3770b5b0d80d65515cd4d8390af40e6150062dc4b8661a8238f232692c152c97b8cd5bfe7b5ad863dc92d99744d769087b3edd81d2e475f5cf0224b10cde6fae8dfc3519efdbe66805ad4468d84d3dd93430363677360da8f56cb58a6b775ff6417c1f324380b15c9ba668eb0f25fc2a690b483e856f3327b2d79fa6259e30d7f76199cfd21152b7c6ffc3fc113f70d3930c08b3c1eb1bf25c100c5a930eec2c52664f092b89614943d9d85ed86a2ef666a94f9826c3d116a2bbe49443e2c11748c977716381d9463da8d09612b80a6760e5a6fc5f59425eaaad6c8342c1ea4beedd5d73151ce213c0b155286ff22cd28e3bb88e0cee39cb859900d1e0fc19f6a7237bda8e51476f4844a316752fb347492a928eeb07aa39abdcc0164d1921b61352ed4ac94b82c410a56505633bad53a3e649acaf64c43c1acfcd4715fc594af6fb9e85b0b7ddd6e8621bd12a2bee48223a97ec8502c16b550b03087b6e87c1a860d36322064f8febc52f2b7c31dae7430870259bdaa5889852e3ae6f61013f5ad0d38727cf9d90c67bd7bb3b82d303c6c35383ed86fd5b7ddec824ea198ef780be830a1f2679d24ea6e2feefb979563f511d188f409f0cfd0050fd418414d01e46db3d23b3a90b24f4e96edd4f863bfb333d6a826d29eed167738bbe22c516c59fdf81b032bb55473a5ea2a1defe71c95a1eeb5c028435ad0379896cbbc76877501b054cf1fd2f6d7a9deccd70d0c07111147ef568dce514de96eed61600029c8d103b31c8b344a700de630276ba2c5633419c59e66577659538a6381e45584c7e1d6ed978ab0af89067ac83bb70deb6f2c58e339a5a66176a54d985da6e02002948c62be6f12314240fe18b09aacbce82ea462586b8316c3e0aea00f9998922f8d956120e53b4178223f4d2934a20976fd5a72027c8f4cb33e9bbcc0abd15395151266b6cd5b4a9e2fc1725d8e9ab2cbda47b507bb25ac995edd51ebda5fd19caf68fad8eac57cb5ef0c6fc861a73e64648ee3255db4c3394438f49377cc4ac2fce1b6bc812e5d282f122678713c6c6d452a33c632c0aa47686588752d72b0586fe5ec2464a6db40662fd2106a19f67dccc45692fca03685251d512642b0cee436c78d94c6f5f25bbcb41fc7e5b1aecd52b846a0b70eac93579603e9870f942ad4c1cfc9d49b1132777c6f1c184c1537178e5029067257a2da2827a2ec44d323d13dc6e4e1b9edf5949d4324228687fd54f02ccc3c4dda635fa546a5a6783959b1c48aa9d9c9f6381ebccd979253460857d3cb1c70893ee6f04709e35923883ee3c71c7f33b8cc28b9136b3ebe5f52b9a76817f2f74fdc2f12b459dff32d5a295be374b3fe507a0995bcacf1e7b24f4501b29f1e8b4f2a8cb394b3e459a4296f6439ba59ec88305ab045ff40b1dab4f672f878de1f9e46b9326cb3e2f3457b83ead8dec28dd079af0e984a69ed882e1cf21036578485dfc2debc9cfe82fce0383b4039d147c4c7e31e315fb57b9093daa811f4ee4568e32e5625abe76c5a1ae42a03441dbe766d0ef4df607406f7d489275e8c5d4470866f9049a4ad5c428b843dec3702e86e177e4b60181d2b5f099bebcb25f04c93d087c72436e87a9b3afce78fa31e2b892400b5c1071f8ae0f78ef6f7d71859a97c17ec0912d5ea27afeace739fcf66f489ec6355a3318f79649881cd6c7e96a881ecc4ff6934c3d10d99f1dfd00592cb037749b025bd4bc2832e206c1407e600fc2170c0bb57e5c7af0756830c2a6913e2b9c60575cd4a394f2a65c50e40a43cf5ebca6a8a32335707ddf4633bac7375dd53e24df20af30203b514d3793392e38fa8429b050f58b28cad0146f385809cc7faeff8b71b2bc93d2c6f72e31ae2d07cbb3cb7f43540894e01654edc71ccf4f361a847ec5b1d23c2d4680e29f0e1f992eda3ac41ecfe614fc010a2eed1bad87a7d17468d6fa5356edb25e9008a9bb328225f85202246816e1a542e1dd746a5fd3e064faa1248579d31cd3d65f8fff36f782622402db328c7850d82d8d8a52b897353a2f8b95624d2d958fc1c3ae6466eacca2a6a5e6add4a582d27e07633ccf697fa02e243a4fbb3dc727b718b5ac0fa6aab217e241627e69ca46f05ed6b496a739a29edaeef76992a507130715be555c68a7eead6e8ff3a378d8f4b7bafdee3edb9ec094440e31bba717a9c82a117d05edca2370003dfabfb2efb29510466f74e76ceccfc41709fac4cd8eaa998357170a7a293209eb0bb83dfe5e2f6d73c28d5409c55e95068d647bec42db8098f0089ef8a5fc5976bac421c37dda6c4227bc1ae5ae229f067515cea3d794c8d85564af208ae0fcf836b6c0af41477f99c8773d9dd1923c5c07e1fd508c7436ea93383797f372ef3103546a5278a4f59614a5d182344f0431d065c35620d63d4d001d7f626993241362e67d1bf41419858eecc2626537d44e2e23619381e96cfa91b3d8054681d298509d9b99e7aa99cf8742e37637b24136f8e1b487e9571e4c24ae5df307e4c7c62e55c47132ae404b33e5367c6f24d6680be32d20bc58370145486fd5eacbcf98eb7e7fb6293044067af11879e91444025fe52e24617269be192bb71bd9f95356edbed9df352ab56a854f9f531889a88689d3f161fe6155c6c1e8011d60a46f59c7d08c477fa652b559a80567076b4eac29a85d54c66b35d6960dff75a696cdb17ec9a7b74dc6c3652dae866e8758170d055c4bf60fa1238448cc9e29160df50160c4b0dfb36bca40af0bc5f7d490e7dbca49535742eecb90098a0a0fbbbbc7af25c0ca9bc039dfb555dd8431af188f7c1d0ff786d627c058a0b9a15f26b58aa2a5992bc8fc5aa14025ff95f294203b45ea081e28f094d0d4ad671c885e67b2e9e800f10048158698d56648f67bfa8cc73dd5afa15c1e48936b2596dee34459b484336c20cd77e58bf682479f9aef2fcda86e4f3a2fed7046e5a3828a9b3c0dbffc25fe699f25629a2045a51242e310cb369b730a5e81167758d7fe843261a598e4541b02d0db4bf5616ba07a440665f7fea6213114b6b1b38bc033d70e845445dcd18e23d34d3d6f4a52f5f904ac5d8feca5af1123658d09613209ee19954174a1ac7a8c7f9ea288bbe5a0705f3ce38f30ed5ee69cf5208d461efad51c456507c3729eb338ce15c4c253be21e81f082b0847c6871ca0fc8b3e80115fe2bb8cd8afae69a3c1429d21f149b7446888bb4dcb639819efee665b6d6f69e61452b9328b4887a7c04e9949390980a2609a667267035b11bf862c1131533ddafa518221627e0ee7e4009cd48e4aa9d0753a9ae82aa0257b69d569b4c53f05a75a521b327322c60398db0947d205d2a33ae51cf2cea8c9162dd604f8edbe91f5199d19efbf9896a46389e7bcba54b4aa57cba0d4f9da117f288133ad01a9a9b2a824d54f74d4172be2b1e5f0d3de60c13aa5b668ee6a45397c2e39573ebfabaaba48d1ddb2ab6453fbbac8dcc05349404889c7de23a16eafac8d5e541457c32cdce80cbc", + "sha3_256_hash_of_signature": "c5c0f3650f307111c535c8b6ff1211dd32443c19365289c560d7874e34a1f2c8" + }, + { + "key_generation_seed": "5229dfe11090effbe94ee161054cd5ff58b31e23f567b282db42eb1fe42e44aa", + "sha3_256_hash_of_public_key": "ae60b50f5c678bb2ab899f66fd3ecbf92d32fbb85d78c95f8f0a870675975b6b", + "sha3_256_hash_of_secret_key": "082ac599d8094568e37a8855aa54b81981b38a43557a11ab5810965c09c43297", + "message": "aafa792bff719a3b794b2f8198ebd1556889c8c61ee6a51470ac9b274cb162af44a26e2ba5ea7663c4c78b4b66b322ecaca8f2ebb6a610b51d7c4399f4a64a870c038797cac80f709ca5c3c9faff7d797963e60983b584130c1b99328aadb2d261217cb95a535b8518a78a6d2f6cb8400c2aaa2daf451391f7b8ab0277a3af88e1ce6f1d3dbc386cbaff15308f073d29838692e645f566d4b3db4186c259bc84606855ea88938cec4f7211bc9b461e39dfbb9e44cbc273e02d4314a037e0a26d60985ef5a35f069d8b51f86e9b6801ca067ab75565d73581ebbbbd98ecb5af47509c8729d82ea0b35f0a376ebe6d90108cd61fbd0cec966c17264f6a87864457f41162ff7210049e6ce2b5354f8f19161e0866d6bc3935815d9267c600dc529521fd092b126ec440d49b8e3a166587657b52ae9e2923644f72876ee94a61d2db0ef4dab33abec0c47a6a725d4cdabd06d4f6a30bd7c90db3778c17b7d8ce82a5123b798d8b47c7f3e968c9e9f82a6eb3c2bdd8fc06d282f5cbf3050f6ff71e2edf7a109f23ab47f427bd75163162c37722bf70a6bbebebe8fd9c39152afeb78c37d718014f739f20baad1597b1f9c4e0b59fd82b834d83daffc935de4a3272d7c2454508c07502943e90fdb56128d6e6009ed09ce80a9b60d51aa2e4e162f7f0c362f6886bbcabe29ef6c7f38b742000b9d152ff709082fafe809c5dc9bcbc6f300b0a7840d0d36f39567d14d8227e7145f7ca670efe917e0f18b0570da3e05dde56883ff12bc0c76c2a1e9feffbb728d991769b7d0b0d34853c76fc0655ae200501c28755f57934bb9f46a3c6ab1dd8e0161c698133f4f2d7caf3392576b4bd2b6f8735d80bcf60656e132442bb7fcfdae160a2dfe3f3fb8209b5c933201785a7e8206096b84a222a68e62501846273f6a9145820f87f450d12c64ff79a843e897c8394ad54aaf4f3b886fb00a6c37b2efd0f6d4dd639c9989e7ca30e4f12eef440946b61d7a28904e1d74009b6d1aedf2fda8b5991cb37795a8ee51bbdaaea34a4c7040944761b9b4b4c12f455c536992a0852f7f07a9aeda8e522591cb4831b0c79fa977ab6bc49c9730186855986035d2c6e5a6d93da43e8825753721978aaeb433ce2f2a7d67c1ffebfea6f6059474d3022817a7329d9dd0e4a292302e4a57174b9c5346e4b6d75d65882ca7339a48c6e7af776a8515014a20e4390f6b4f4a19990fa725f5a69b9c3bd4e8bbaeae49979ac19600a3cec6de154985e236c3d0684269974bfc82301ac7196675f618182d7cf15ee5ce3b7abee0deea5c72f54cafef203d556b31327089a0c0de94f74458cfecb481adfe3cbb5da422bd3626b00c4572b4c2bd7584acd9129a76c616aae51f944becc4682aacafb8e3bb1a42a6a8e5fe7bdeb43305a34a98308ef2d49ede4f41361446a9ae4dfc1ee13d12821be0b01e55b865b563633e5a19dfb6425cb60159c147b18a6419f5085c5d0882656ed533eedf97674d0babb6cf32f696dec0f9921cb3dc9e6021fa198d554b1d83c42a0bf214fe4c0431547384f45aed9190cbcf98ed8278e8a03d551fa284c8a26218f0b0b58d99879db98449cc99b6b399dddad9924e6a7eb20a0f1fdad2f8138bdc7b445bc01503c509066b1603cda76fe41727ab5e027dcb15032e8f66bfa84544d22c501aa6f62b02c0f8764387163ccadbf1ed7238e7f16c80e6c37afec2e10ffb95ab0a39784f9fccd8ae263758abe392727e9ad442a44738d77cb61a6b1540ade751130489015ae5917c927232eed27bbf88481f3ca0c5ed2c31dfa943b2ead4a8c80b4946e3c138a61baf43a72c7a25e16874cbae254d3f14c154f7c60ccf665b566799a01e0f769b60f73c17c840e0018c6fbc10eeda3e35a77586b3a5936b363b2d5cb25c78a3e3aabbb84f1e64df47f97ae1645650fe1751a724ea9bf80744d0f33da6f313a3cc17d8f261585b62a75c167126d899219a26210dc55ab6db2b94e6993849b4986f988efb07478d6621cbf4b8ed772e61b0246a5582242fa20339b2d6cb89ba1b9210a318eb4697fd21efcfd230de9680514a442a13b29d8cb2627a6970bb97bf09c79c6ed7a27247662b25f39c8d675b0747f1a6d9ebbf7cfa7bc51a7ea3a7307ea4fa2a463bf53a645fe701fbf26628731cbc18636567ae633a49e59f6f049447803fa3d4f1f79f38026de9b07d8610c9f01befb7054aa46e523e001c1ec3a4e7084de0cce596dc63d9c1f1dc03f35f9b1918e62acb2640102e1d520e900969d53e83d2dbddc80d1dc54bee99531faa5a8d2dbf8346c7ed123587353dd63823453de350545c176446845bb3522a862f5d675419da901cf7d2d1f7050abfa3237d42753203be251b0364379232d2d9d8642d52a60f6f4cb09ef29fa1e6069f97a1175f8447fe98a813cc182e33ffd8b8cad93bf32a60f1a9e63a79a7f7fb9162783b89bb57f3e73155ced1d0084d5ba967f76c89c61c1a3e944f3b6f78d6cd3d1139a315c5276493481f3fff9b6a6b40c920eeed9efc74108c6bba5a15da736680a23db5672c5a32abda24b49f2011f44fa8ff9c73609ec195025f0456d753c848dc6296920fc32dde2174d37bfbcb86cf618aa0d486ee46c5e1ea14a3bae4952af5d4837f9b8122a19d1e59b909aceba6c849c8b452cd6cef877a65fd83e6d0c6ee35886688f1d877612cb8e671d83216a1f76693d6a4d6a2ec13eb6ca2005328b3c91f51b352a707ef8180f320d6e1685c1ef4d87e3cb77fa549bc12727e59c11bdf8a9631cc272998253028cecee8a2914182b90f586d80e7ece370979bde683f37123090012ab9243a4c145d6349c2791dc44e54956c5e9b59fad017d3ea27d85b48a896671a0ac14a73b5ab9145d8ba6aebf9ea25ac2e8e2c4d16c5009a83d0e84ceb80e95df2cec4cbefc7f5b90a84d408e8c4855f9aa2987d9fc9d8a451f32b367bb1de5271ed35ea153b5d400a6d8050ee82f519bd930245a96c9727fd24d8b94dc53d4b4f00d03172cd6b7f2be163b6d16fd6247b01988a6ee6ce7bfeaff78e983b8ddfba4242730e52b57876e3719d1f9f6cbcc81620f848d23c31e3fff7ebf2afe5011e6466b1889e7ef6281faf8b18a012ceb96796fca9b28e78335dfcb85bbeafaebb0fa75ee2d0d391ca97e05f0fe43475135b13613206a0d88438f17ec8e604b007afdcb9fa1378b7cb96675e0b19dc6fb02508e05a7fdaaf09297a3884aa051b6389a52f921f8ff31970fb082df554226c2613b80cc1adff770024d6bf011c0f028a012597ae56f36eb6b3e864d79639810b8ba7258b18192b5caa80dea4b140d3c6f1d707acd2256d676ae90980ba80e10b44109211aba830ee96e1bbd248315c804d391a86ab7d4b3a4a37fed90d9867da4b93fc32e79403e5d78ae99af1cd2acce65d4f3384d9ceab71b1e93b99704c64caf17b999234361e378b9362d14be3fd9e6c268013cb1fa2ea8361749d635c0429f796eb15a685e31dfe7a76ae870eba120331ac830f8c486f6c0c4f07b658ebb9274a463e0eea101481dd6b58835a303ace802ae79ebef51add98a67b7ff7968815acf4504b9d360f7c0120a00aba1fc558e6cbd8324ec35e0985294563a8d7eccccd9e3d1557a09885770836eccc7aee0f18b81e30f85d695440b5bce29945cbf60ff402b281942d38ea33a4b03e9fcbbbefaac2c455e8a03ff3f35154132c538ea16f0605efb788c3ca8435f6d595f776433585094abc75ba581ec59af701f66dd6091623e4676d167", + "sha3_256_hash_of_signature": "e42ce3fec1cc0ff6721274d0051f69d5cbcea9915a60df1b53f2d8bc71b77189" + }, + { + "key_generation_seed": "18aa77795aa6d7ade8b6cdced81a1959a8329677f042283dc8ca71e13eb3adee", + "sha3_256_hash_of_public_key": "594ca85dc61931ca41cdb4b67d59dcb364aa4425e24c4eeed1a9c0988a80eec1", + "sha3_256_hash_of_secret_key": "543fbc8e3647fcf78e54454ca7df3bd4a0cc0a6b4118bae2aa1131cf5bfb85c0", + "message": "63ec08b711ddf5c66036a13f574bb7be76445a1d1f83c7732b9f4c25fb9e799d4afa55817bcb39b974af92f3730767ce7d863b6a3406450dcbc5e0145d10b7d532da6e80196157c38d1b6d3c173f74d67ad8df24ecad4d9b59921418863a38270b982c4392225edd1845aed2199e2c38b36c7e0e5d2f3cc7f6803926d977c59ecdac67ca290658e72bad633358fcdde2a4b9c40169a0c7cccfdd93e4da3c3838e9308533bd468a9128c5a141c4842840e45bc8e4610a7c5e7535834c5ec73312a50197c76ae984b3521883f549be04e27d97580e6d85d0ee84cd0b8c65bfb1aa005c607de82da70021f8f90b7912c67dc5657e1882cfa6da3de1ba4ed823789c052649debc9085c74528162243133a6ae5c1c6bca3f730525b167d816485e40c208affa8706e3d74631eb4413032730a7647548b77579323eb03d36c2ec37d2389d4a17305f607c78f3073a2f4b4395bbc94af163acbe3c990306ba3f89af9affe785c3f6d102fb2bd55f0c1044034d6a871293b31a1b38e383cb926baf3ab4b5f79a47e9fa7b77bcd58aa35a7f16ddd11ff642069a8a327dfa800049babaab4afbeec9fa98adb9796fbee925bb70ee9e96540436e1473e3ae4c56d7099d8dbdde755a7e101bcceb596b9415f52374c8a3a73ec66b229dfd8cd7ee7d2cf1c5e7f490c7d9381d9321b15f84f640017851eced1dc80d32da3a0a57adc3ef37e021031866e278c7d51ff5ca8e9ecea1082423b41d772c5adc61a8c71c3d4caaaa3433928d7931ee715875bde2bfacaa0a7f799b45241c21bd2ece4a5944fb6890bf24908de58dd3c76173373254a36b0b2ac7d67926948cc0136dd9a5079d776c297fb6a585c290d5dae1c45e91153299eedb731e527f0f62e83c1e93c75fc74f9c7e63311562b0a55459a0d41e034c3af637eb29bc789e5920daadf265f42f2707dd1ad490b5f8a8d24a9968bff11a0c364a779ec385a9a33edb9cfc7dbc672ba60ce5f421b40634270b982d619f8e7960d32e1b8a76cecd13a3b0214dd34214cb5bb7fd530058d5de1fb9e4e88adca05926ce1f5597100f55dcbf64d47fc177ff87c4bd9f6ed7670fa7b7d339edcce6fc1eae069e0c303138689ddfd23396c145b79afcf68125989c8477bfc318cdbd69d1aa6d3ee41f4b1f9be4be9fa58a072412078cb9196556ee56fb7b2a2761dd04120fcd9ae9736f599c8b96bf8f964b305530a6df1f94874f36f07962f87acc0b285eda64d2e4857e26bed40e9a5dc0327f1d91259292c608d6c6d59804dc23a34d1f9f1b69331d68771e41542fc5d669cbc3cd7f8310f87e8fe8f6201e57b475de2318ea6ef9f7d32a728a44334cc9df28df77038c37cba62ea8cc5ee80e571879ad111f35b6a154fdf8d40fc93360d547d02f0743a37ebc4af178c6ce36c92ce6b80b6350202d2978621684a19afe1474155bb962014587b1f5a477092f42bc446d7811c0eb439a6829e538077abbbf03f515f1e6ac018efb05af79069c2569d2cd7140c4b1b47886064dac695d59fde2d8fddb35318d33edad94ad4fd988095b1156fd59551f0658ee666186369bfa84e30672e4659bfbf7963c377f0039e08de2c2d9803fc12d97b5e67ce9536af12daeb3b9903d8d95f336ff53286284bfe8d7ad13ec21c2a9ba93c9a97bd7f6148de7c8cb41ca75a9ecc8f9cc68d888faf6b3e75376b5b16f41e7e6b76a686eb365365e2074fb1d7efb1b285a2357b020fd3e47b89943fbc1596f3fa8289ad844386a691f33daed4b7a6a6729526160f2d32ba7f68ae6678564fca05bd811f208a8fa62f6731f23d46027008246fd4bf3c454a39ee225245e74da5910e7937b36661548a55a2270a9d27114ddc94dd9b9d4122289df0a5700222a977f15fd8e36afa1c4870bd3ce9b658e2d83882aac5f3db814346240ff8c8fba3f36e52ac9b441c76b6f104a0931bc45e202addcaccfb93a486a7734a6d82b9f6ca911448f988626846d413d987c5ac860fcc0d5f734269aef88d41a055794dce832babb7e306f622e5eaefdbe1cf195e320a1aceb4834b3e70061ec2d624c12eb35b16e5aae73053a3290d4bb1f51ffdf48c1a7218d365db7fec15bf0f710954cdec54917600014bde3a901dab1dec0844d7ff148eded9788cc85c0cff26e5895d91c56ba6950c0ba8fc6c773ab4a6091a5de3ac335ddc2110eb0144fd89b3d815ef4a26f718c1acb5723af1da5515442a03cfb9d90623fb21d78daf441000e285e9e7c235c0f31e258e6b3feac048db652b83e07848d2e9357649372b1a55975b2ec7fcfed19d0b6613bfdbb4b5b01a9aa3128ae137bdc1d8ffc3a38b597578042cf183ba8383c289c3d92f6b70aa9b3364e9fc5d43f3cd3f310d229912e91d5806c2a11e0bdd208a2af438be77b43680e2de67918fd414338a763910e1316965bf96bbf7df639266d075e90ee9c073011f6783750764fbe4906ecdd94ee9fb7e4aedb23ee88ebfb018c44fc8bafc66e6b454a3d0e332c7a6b34c2e8d1d26416ff43d768cc36ca9d3168355f1a281a6b2eaaeac7b64aabbad2156a1d781a78a896248c56f3491a5dda8c22c231aa7ae14bd558f66e6280fa65f20b246d815bff1d3c6cee6df9b4aa7f750307a7bf73850e6bcd22ca0ad74b4afc13cd4aa2fb7e7b588adb3a46a23ec88a34f13214b261a283ae8fbce8007c6ef6be255c33218aebecd3ec27edafd252994b70bd67407620d26e8567f4c7f6d636803b6a27eacc3b853706a8d57adbf7f7e142ff149c35119a6172d5884ede7c71e6c34d1b485a684dd56c9d670576b75cacb870a68ea7ff2bb461d9e2fdbf500b2f200110265a3cf24370a3f480da66f98fb5327b4cd796eaf0e559a5519f3c643b59e3b89d05d2a9f9da6732cdc2996408b7fab5a734310fcd73fa3fa5cacaf31ab04ec0b9734407c6dc575350212239ac9092da5812137bfc40f7735bfdf9827f768fc0363fc8c5739c7df828075ea2bbe6321d5a8ea2eb7e397c3d58a953c7f0baa69a96ac8110b125ee2e9701f43eeb87fdf58a6e6266be1136437599e26e8e6e853dbb6ed9df3931c5f402fd09b7e203ab36eaa6eeae72e908bd2b9cfd379bc9b407f0c882807bbd2e91f920eb24137002a48f1aaa0cbdf89fde5c51079f1d8cf7a014207f1b40773321ad952d77ce18ec7b48f2ca054e65420c1132ab67c832ee22ffd8672803cce3de7e9fd0690e55fa1af5f11611e3e2c71ced55e3e347f4cbeb9c93bec2b98e48495585392471af0ae589257ed8d01792112c798bca5107030f207ce567594b8433490d8ff1811f21b03a42ad0678927183321355e3d6908dc1125cdce038cd0469d72458b6cc5e67eb0d78c20819c6f3c4518b15cc63754ff8679915e329dd46feaefda5249ed7e754e7bd55c75cb764b6cc36bc06267b2479cafbb3f0bae32a93558190b65c85dcdc080cd56d51d4105c5b0717691d4db1893ef8ad550f55855b4123a38d18fd67b588a3a4c2a6604e874d721359352b235c17ab1da2758712af8179ff433211b93078735f909f985f557d0de52cb9203ddc67bf9dc8632acd8d4f90196af6bd2e79834371c5e9fdf5992adb04aea186af36f56271f763acffbf94df4b0512ca6b7ca8ff486504e565bda367e044fcd0f25fbc2a6c720867f95bfd92109780d2e6dd60ce90a4ca8eeb8c4cab289dcf99e687b017b37695c3b99b4fe97d7e5d52bb9813c04d03c9ad71770fe0986c7f3a3ffd3a261ac771de88c7acdef253e5ce2b50bc5c576d132b68ccc694ba883770b80f5ed7d527cee816527f69ca2c101747a0088879c3663037db5b", + "sha3_256_hash_of_signature": "19c025ef5278a952b73b93be126f1d2c622b047a23951d86852d0692998fe14b" + }, + { + "key_generation_seed": "4b2d6ec32be9c5d8fa11f3fc0008f4f26b945064d98362ad912f452692ac383d", + "sha3_256_hash_of_public_key": "e483a0a0afada0dc6909be99c51fb78fd29e4cf2968eab16a332e44e2e68aef2", + "sha3_256_hash_of_secret_key": "8497e9b9f8af0edd0d602a26ac1f0bbbadf5ec22d00de278704af16ee5b05dd7", + "message": "7785a08a3892c97d5ebfe52475298ba444674086d63e17e1faec96f6b10723447fc1b8cc758d1724a33e26518798183a4b3c99a7da54038b86473dfab8e626eb3bf54de5581e04450b2821f5020c466505990b173db9f030cfcfa505aa04b37cf0a063876843a042f17aeb1728787187428f8d1010d532c94c7ab2e1193994bff0cb56415fcd2a96be7f7fc2c57c8313e795367a22b6a17ce3b803083a74fdbcf030d91c957128099d6199686f2bea618cee111aa9d55a6f9e8966c102d849ade596a1b576924de0e92dd91fbb01cd93e24aa71eef219a78430d84965672fe6af091d46dcfa9ab906f6240913c1286ee0a152666ecfe2c154cd3fb14dc0f9c173e30fc9958a75aa6dd74822af7acad243fdfb743e47e48280990c2870904ef1c902261d0bd6bcfda91412bdee9a28c628f218e7648aa0027d918b48ef30a9b18390331805c6739bf6a2cb69a0de8766a7b3a448910d181f6449565a363430ba1c0fa8b11e1a151f6cefa3870c3b1d8cd800983ebd41b48c5624269efb440df23ff9bcb31a4b02f6505dc862b2103f76137fc6560f893577bc3fce92ada27f291305f2345ac82a846854f172131b042735d4b76c6ab2dcfd32bb6258b23ac790af2af7624451172fa7a29e0c5fdb3dc3b719b274b2838ff7a8b25f272ac8ea90fa3c8010ac7f65633eb43ff7a0a95ce99717f35d3c416b0e0da30470b5aa20eb9e2b66315b9407a4753df8bf505b8066c5d57ec4ccdd2236b9c58bd7337925191ed7b75b92c9cee626f13eaddecb07173c8160540fb9f6a4d43a1e9ab263b300c08966c247514647dfab3b420202529e963a51f8d23bd0f689bbc4d67d5a603b876e8cd3ec0770f0d9694dfc30083991cf3989db1812b4ac5452358075534190f012f7c0e47734c3ba748e04910783c0b845484461dcea67a1ec731354b902557486b484f67183fc711d10f906c68cd01f46481d040f084271dd784e5b958ae05b65bf5d207efbb5fdeb25366d6ff4161ca3a1cb71b2b9f90f86a315d800935ac0086d85d907a036c4333ea347000a0755550b68fe3dd7686e416483781b563680146697d6fae8333c24adc8a2436852ddadf6061e2b16fd3829c0b55c2e9c2c89f64cb8da02a6706498cf0330742083e9ac4593a1762d32dc4e6cc2d9f4310014fb15debbea324ebc2ea1e1660782559b9b39fbcf34c85fda9ad350d195ad7587aab621ef7ffb63277ce35ab43b01977c9f8dd6c2ae7b34fa7b35d5fa37d8b3719e736f18734cb3a2468be9ca0832dde0b958925a377fe6751c4eb8ff1ad295355302f0a5ed4e8f8c33fd5162542b8ed7cd985dbe3c84401830f6a7eb9d955ec74c7f98b02388b4e1353317cdb5eadaac9025038cc01f8655c7fb9aee940fc4b282748b39d277a7fef462038833a9a8eb50a8719f68b3e858825911f294a80faede9d4c1815844c2632dd20387950003dab80b1a58e541a5e6658af7d4cdd91fd1c08735b584f5c69c5ca94f6b7f97a4761b127db394ac72e902db9eb4b3e0b884c448ff2763ff9add530753263688cf92bb746181c17294bffc2a0b3969a7bba429a481c425b24745cead66286f5df04f1e4421c56acaa668e87ba58e3b07a062d1da60cc6b411667bde6f466b72c9169965bc7781da78a818f779a9b3d7a577f71a1df49aac865a0d6f2668cfd2c77cfa8d306a14dbbde4d3a3818b07dc89d5f51e117f7bfd007d60f32bb1b6bb01e76862398371fb91e0a3d4b39fd9146c47f627a066618cf83c32e5c82592b418bd2f5dcd8d42234625974f988a6f729c60ba5eaf18c77b611dfb187a581e3a10268a965f650fe242ce2fe08aa71515b59a6edfc9cbdae22df3aeb22e773cc2eb373619e9cda23c236ca3f7845c2136e93849d9f6aa1477f4513358cd8cb4e21444c9e5709818801eadfca23f2c23ddfd5b4ebb6089daedd14a21ebf3f7a8c1c80bbf7d37973bd156ac5c4462d29dccb7eeffa22a8b6ce433b600532f33999adc39196f01230614767285089fb262d8469dc66d24ae0b77fd05c3ec02fbc5ee328319409b8e2d7b0ac6801c1c8ba86f793c2037c71e2a25f114e9ee0edb3b83076eabfdafedefa0548dae91e62cb7c29c03413235b8c6eb9f46be29de8f5d30e8d97db6f45687dc4719b1024e48b7dffd0d2b474b2032b4e69b6382e603d4777f3450e2e467c6d9ab2782c0ae266c320d36bf67bd6b86ea9721b22741684d9c0ccc774335430071a5410c1e34b4bc1a823a93a38f5ab4781cc593b13a593867fb634c0c705107cd278c6ccee6d842748bfbd2ffd205c6bdfb3ac87f693c25c832c86d96b00bba0af88dcfbc8ca4328765de27fbf1389c4ede28317bd0ee447f030990e957d223a5ec66ced9d16400af6da8663c4e4111b4584f8f0066cdf8258d90c5d7b439503e3ab3fcc55fdf933e06d704416187aaf86e6c39695dea8b8189ec1299670be03b6a636889cb7f10f04ccd67278e77886cf3f6e2a05ba8d25ab8664ea817642acf5db4d9b3ef80e169463edb6bfdf67172e88d233609b091bbd085b970db8ae0daa5048ca42d6a54042f42445bab03f9bf1accef341b7349109ba0073d3715a9073ad9bed258268aee9dd5202e0edfa5720a317ea5cb41706c0d235465becdc8e3ff0d628ee5eea6aaf1bbd3e18fe9217516893df115e979c4cffec494988b6f9b86026610898c44ab1547c5f8ed5cbf3c3a837ddb6a444bd3e803e1824e6ab931310fe86b36587f1b34b0b48d358f4b97e9774213de7d92571380be2199e703119c5b9836dadfc826b71d588250ac37de0ec05c5823573c102bce44c9f044507671c4e1723950a3c0e14968cbabbfeeb049eb723db9b23cdf0273525c29cc5165530a1f1cf830d3551dd6bded53954947d5c334dc9c71907cdbfa109ebc52d6305477c14159257af8c51c6f09d76fc0085c3d969ec60fb09145e66a8a7489611db3fdefc35202b8aae82d3cdf666034beff49fe49a45c5ec438f4118f338545532ced916de78e3bf82b4e55907474386b9c172f393efe895334f7323cbb2aa7ce7718bef5e7a23af734bd4963fbc7889aa5c50f3955b904b5e577d71b21a293d766865e3f8c212de5ea084a9d22748a8009a7d1858328a1bdf7ba0f4e3b83be9707629252b3339cef796696855a574b4a4896ca68c3d6a6824e3f593069ec0a571e61282f8a29beb8bd788f7b351a8939cdad9e257587a77804f2704f49db3305514b85b449aee56ee40cb2a75d51690194284aacd0855b02893f8dcd3091629dc548705a1085e5cc33de7726a0f521c149003df380abdae96bcda55c44bf9bfa1103150f049563e848a8750625dcfdd9bfe02e1e57489b5b3aa28beaa80f4daa562deabb4bb6a27125369415885020d237a92ccc3a23593fe2183225bfa2ff39b0bef9cb0425375e256bcd572175483f713bd38f937f2b3d4c1f686c5af60061e0b05cc3ebaab0ae8ba21e47a8318bee4a01516046363d152936a1344e17a65e08030522ec667233145a56001b8d065dc2fed0d2a9f02c981a8962f984916314805dab644a5112caa1564895121d8b1fd046f547be282cf979752883ec79af70cf59a88d960f3336f0ae61357877aaaa34699a876144b65ca5b77a684d850d09b3d42cdbfc4539ea103f8377cfe5f9e5432403fab416662c4c83226191eeb7f82b01e0819c081fc40e7b978669c7856067e8b582832dd0b92588103c2616ba2c7774c46840318ca2b1a3798ff7ed9fec087f01798ea2445b92e67e2446126a7406e82ff8d3711311be16e9171531a95c966e6befea34938e6f5fa660f7c7cb533a119377f1d26ae6ae51d805ab96a64c8b80d6ee137f634b384c2e377", + "sha3_256_hash_of_signature": "e87ee4c9227672458a77816827e4e55cbb7f85f1dd6b11bc82b9217e5fe42576" + }, + { + "key_generation_seed": "196b8144dfbfb47ec01e96a6b8443211d6c9c4aa7853a8131b5218349bd6d953", + "sha3_256_hash_of_public_key": "2d69e08ce10e899a56c725b6ca850a385041962e37e2bbdb9ead7c836615909f", + "sha3_256_hash_of_secret_key": "66089ef1dd0577e12e2fbccd0d85279da8ac69df7a3b8efb977f6fbb038ae4ae", + "message": "ae3dde9e33719040345df8ea7e4c0b5e2cbc5cb80b34fddb959e2da1d67d74d2fbe5aab07c6357a9f3e5f6ef5379b4c75008e9077a1eb025f9023fe32fcd9076c8d2b291d0becf2dc624f9e752b1eea2cf0755fc9d4b2e4320dfd042c68577d58e61dad075bc1c3931aba78b473c0726ed495150d6a11a81dbbd1c840f5f1faacd54e3470e0d994deaca7e6e324a9fb4e581ab447a4ea026da3dc3c7e6ad55e88cb841e069eca63404cace0e3d4c8b9cec33bff6aa6341aa1eb69ad799c6cce358ca94555287d01b0192b1b49eb6f705e54fbc86465c4ba70134afc9a53c1c3a732e21b010002b49b7cc6f5237b794bc1d1f1e30a7f1eb95d195d5f26b46a704f77f80b092117ede1c340622ff32302dca7e7e43c2a4d8852cb508403b1aa8aca27a86936350264811550dfef05d72542c74d6243ab9d259202295a63f54c836cbf610e40eb85e9704041a51bf68578b10f7985c752dc35788e7b7754358082afec9e4b271d36974eb90a46f7d703b0cce941c3cd072a88f931a4ffd098634be0921d089e46637f88f9625b7df900a276b4bb75fc75921c8a8b6668df9946290e11fce4565a76d39d8fa55f324253ffbbf81536581621dee664a9e9e4f4fcd3a9765706b8ea833125a825b1cb30314b7c6c78b301638ead4311932fd4611d78572180ee441648f8bfab869874611c153feeff88a45f7a98206d0b2d97cb7ec2144f045225af5a9925ae7fd3db017e37259b7a2ff6c66820ddaac5651b2ec2e5767ddbbe18256b1d0d0f96cf5ee04266b8adb29b0ac5d55b73e1eca8fe724ee174b76ea1c0a54896e2bb565075f1669d3cca171657b66f343a634f4250287f853b52182b9be50df29021673db1841aca45e7263dce653f0dd84338e49ff5c6e3bb42f1a3c7164704a2a000149114d36bb9231606eda06c712a904c1e323c4aa3eee0bce6062a9cb956e004407014adb58eeabf486b38570955c30f2b5c28179f86cd5ffd603cd441a1fb06519368886bff9c2c127abd079346d762e51c311f196d5f825b45eddd4a48c7c2123e10a3d369d772750987edb96968c59441fb2f47f8e33fa4ced3006766c06bb6b339ed94b8fe57b20d96f1a27a61966289d8ff5072fd11d7ee53defe0014a11667d0a6c988bd16629fb53f269130b22a13aaba2e9f70dcc93d3bf6e611efb006ba585fb8e8720357e25df69c6df388fac792f87cce801fa49a8cbead1698c11b82c4f85fdb4d52a2a808483dca7334295bb3b2658aac18857878730831622124f5a254a464de459f3528c5194220e5bb1779c8f5e3866b0d60931a1a47502d99e2b186785658def57aba676626f9ccaaaf449609b07af7b57c78fa5bd06b2ad2927ab491ee461a94ac37a079d9bfa02203b09f7ef180c1c1c430518ff2d3f2a3582eaeb6668060a2b544e973e8a2b88733a902a0a80f8e4f30ac5d0223c1076482eb2ca5ae67039597514a4866061d5fbdd99694a060d0d0ee43a1b7290ffd7d796a9f1a2142db6e0f154aba8720396b6de939e668447c81cc828ff9d2a014fe001ca718c1d6acf4c08bc7796d344a29fd8913e4ce71e986c46bb66c2610fa797c9e1639df423c338d7192638f621d83a6802e72e38bee3aab064fb606962329997fe908597e7407cef098d4591e5e6011caca701994e4acf572f7c91057d3da06058a7dffd3248ee3333208bff27473e6f1ea3914c5b2056aecd7aee07f8dd26b3c2b8b9656ea4260d38e8d5f23c925a4476754240d0702c5859aec2329e1cc3e426bd7665b2a4ee2e75b41b561fce79690f64d1068dd35a294a8e8cb43a6aaa901109f0e09d985b6e323c30a017e75bf01d0aaa739102c1a6667ed48e60dd4499eab862851558dfd17229878f5bef0cc29fd19f59835579f3cdd4f85684e0d46d9618a205de3b29b0bfa5fbb36745b989211e2ba711527d32cbb5e35830df4549fea652377ebbac6d52787f9ebc3cb687ebb641bf51d3e22e98fca48f99584fb1f3bed3f97f33ebf656c5795055268f49985cea00819a07b8f4b0ecd7beda95eaf11e3498fa7aa414c54c38a08a841b012ae91763be911daef803e2ca385c9d4cdc642a0b343db6534c10d9e1755b7b2de543afe1d3c90981a7bd907e9cb14367243d9fdcaa8776aee5f65ed6dc02f633bcf9f57dae39e8e8261dc10029df7b7124beb67dd753b36892481ea7cc54ddc3a60ef8d4dcec4d5796dde0e7453bbf0fd93fcace97ce5048d75ed1f34b69a392e1734e262b2b2a1e246331a373b5cf1fee7bb46096c76349b0f19be63fe539dcd33a8450be894c2dc21beff0de6a841a533f4c9949289037d161bb97dce31cdff4c1e0ae36b4192594dec3b021e8f3d5b500c244cb122974f8cadf125de0cf832a920dec3a6f7150585d0209651b0faae0f74a36fc8779115b96136805ddd4f6f3a69c06af472f369f481359ff834a0fd2f9ae899ea36b9b061b63d07c1d4ed7a373acc40ead808564b05fb0c6e656a80fa3865aabe483848d14d1dfd66d7ab1f353642ee3417869da21622f6af551659d07e6c827c18ea36e2c5e806a9571a7b05bbc1ba283a8984bfabc555aacaeab2453573f782a4087f0f903af34596e83282a2e54773ac33543bd353a3f855bc46810930c3635a9b70ba7ffbeea95a129ccf9e9538eb11e119a072f806130d831af7e57d332ac889d7d9e6bbd1c65d64e089722f6954f126e64ea939d98084d434ee74b55c549bed21d11264f8b5e023277db52b03d7b8a8e75b12b11d62052e474e435707272d72d00d92288ceddcd1abf8e63a8a9963a48b54f492487b309f69cd90c9ff54b9c5a55cd2bad4a2e0a6b00b188fd6c527a8184bb63670bf626a995815810cc0f280131f5f652ec20609c7d3b910e4168fe273626bf0e2cbf05bc9ccd178ad91bc25cdf178b387dff0b6b40a46fdb6c975349b6cd8ad103cdc5dab8d09d9a5b55622e74564c1e789c5c185cac04fa0ed6065b9ccadb1d5dc80e90ab244ce1aac516b346adaebaf7a030d66fb90fd070ed062a41e0b70bee3b07f1c03887de5f79d70f9955b25b8c8201602784ef8a60147260d1bde8e152e8d3f992cb8255adace9d5dd2e9c856c47537742094190aa867459d20989db11841ae44824979c0a2093d7edcaa13c9de25e6eecbc5124055f17466467e123e39034502ba966cea873997ee25e52de2dbba874dc9ac222b49967b7bedb5c81be09827cab782f458795b2903d72ab16f4423964f82dc69c138eefa3273bc10376939e544964150d9df09e14be08cfca06c10bb2c315b1b676c40762f8209c0ef13cfe5fad76cfc17fe462d8330f78bab072c5465f7a26d047fec4bd3b918c9c761b91b02d820ed7ef345e79a66fba61ae13d3050a27488cbdbe693b800f1e76c188ebd8118c9432eb9e7124d35a1a038d237918f1db83304d10ab5dedf58c6951a92aab1a1a40e180254e730eb43b566a83cc71fb6b9749bfcd3a90b964966cae90fad7406a8a89b1e48c885bfe2db41c1996f20dc9a8dfcba1a6f2f307ef8fba5eeae9631c2d6328d90f17679dd9e8e9660d6bd4c8a1d79c47a5fd46bd2accaca2d5c6407b0f7f31d093ceef0342c67dde3f1ba5067ed1500dc45161b8636255924bf007c4c870990c5dce098c5a26386ad84d0f0ce4860349a147a4e7ab80151fa63882590b91c6ad3e70a68e6fec1a2cf65881a6dc38048fc14de71c702c934c5d3c4cf4c474f906c3400364bc400a7da087f94f1accb68439a9a6ffa8c6439b2cc5c0b17a7d649033798429f211d9de12b24d117583e1c425c2c0348c625cc44e9b976d319e72d4e09d5d6f36ee243f5fbcb190e84de56eb680dec8566f5a2c7d5f595116c628ca09401d561bd78356c634419225fb01cb637c46a627f6026d39ec1c62e9a3e85fae", + "sha3_256_hash_of_signature": "6991c45e45443b69ee3bcf05a5955de72104538917479de262aac6ea63739b1d" + }, + { + "key_generation_seed": "c171793029d0cbaf8d2661a823243ad50d67f2619533180f25b50c94b1310389", + "sha3_256_hash_of_public_key": "36397284beee2bdd1a30a5fe830fd9f8e8783e97efe85494847d0c03bfd724e1", + "sha3_256_hash_of_secret_key": "d33d9095fd4882d2a1e8e658a29dc70ae44fe5cfbb150129a759dbc442224cf0", + "message": "a7e941d3c14e2ddb4f971c9955868aca753a73e8ec6845ed6e9d3b444c826480f03ac771f92e94380bca7e50303fb79cba608e351a1a67bf217b9816e2af9f89be8a79f661470ca16bfb2c99efde97859ad1d217848289eaf543005f5c231599ff74299ec2a7c737ff94b7465de11f80e17d4fda264de568d8767ce822b3ab9642d95bc89533ce05fb331b86e3c5a296e4ea4c637ea458bced1f89355c0270d083d4920e72112ca1ed486191748b4f730ed52f9803d05a0f2f065be03b2603d6cdb154dd7765847d656b919b08969e41b23f9d376135bd5d924529410392aceb004849550e6cf2903181c9a395fd469b7de2c5060ed22922aa4d7c782a33330714a0af206b29b4fcbe0f12c18948f6634ffd7f2710138020e273cb0dfa735bdcde9bd6cec898c5e564ec71aa7880d97cc711412f28603de293cd5e904e9156d4f6bfe2be15347b9ff7848eb51cd0785d6a649ea3514e02695c7e3c4f021a9992d67bea1d68e5b17db2e0dc061ccb5ababa49d110055467f9dee61aba8f3e5c713e94a8a96c3a8afb698887c1fa4abc5157ced33a834dbf0f5af9eecbb5f2ad7b63b4c2ca94a117c2b92f3d51900926e26b101fbe6207ab0884cbfcb15f9f98f95b0d08e29390977f4d3dc710eea3ae7433d5ea87a5f710f1fceab26d516fc19fd272f6b0f01ee167f06e6c33273481f280ca64fda0549c8db884fdd467b93998360766d4cac4c8de783752fb6c6d7b1e47df23ceeca572f2ad3e2b628e31984b9054448ed1d90658bc658a9caec0485512ce084a535e7c8196b8bbca5d26c105c41e083f8d56f1530a8c1b36a7f3e41fccbac7f342b2d026064b304444192d4873fc57978e44151896ea6c0f13d017f683b203ba1de677ed00f2b737c4c69e53ecf16ab918939e120e9fe14b2243eff0116b24c6654be09c582f1e62e75efd8593e62e45ac36f717815b854b47a4ddcfc91fc533fa85bcecb6e560cf11e46d2f334b396d68b275e7404a70f2a805a64cd458a8e5f114a89124ba1866f917749ff32e59ee71948bd97f2d4128beab8bb0b6b06d84c6d466bfa30fd8100e48d951d0b3e787ef9611a56ffd64d970dbacfb1b4df064b1cb5da9918f5c58a10f0903b64286b1c1ae5cbd00eb8b363bdd7a7aaf2111c0c6e86e15abf6c1e761fbf027425968cdc19522b44ff3f56335c59760fae6d9028e76b284330f7510f2b55b6f46adf90311cc785d35c2bb49272be514cfbbd7a2b7b2e8c0b6dc28cb683d3d581f547f83bbd3b8c7b76925e44e6da89d5eef17ab0bf4213ef9c05b7b473901d483c647f416b98478c7100919c28515b617a27321841baa174c1a2d3494395294cebd48eea14bc3106ca9c69d9f6485d6abf1c2b1111a8bc602454685ca61ab4ee4db9f413caf8f0f204f04d40cd36fa5dab629cb53876db3e16372e626b6bc892c63c6b6c503c9d22efe113927395206bdaa4b83d4fef4feb42fa7a71f7ce2197fe282a02d0fe50f96b1f917a67e50eb79cd3ffef064542f7beb51ab05b56afd7aea5f4164cc9ba37d8fdb35a3deacf0cfb555161e7e41eb798160798be9d01e3de0c4288e0bab19ae398e94353adbe9a43524ace35830b82fcfd4b1dc2800ca4c38a56b7cd28bc3e2f69a0ac4655cd79b5789a2b72eaf93b018d4d6f4c983d08932b22c85af6fb07df0a786d98820e1b06bc17f62d6e39739790a13049252f1b9102dc692ceb20c270ffe9b902ab7ec5a4eaaf47f7e2d31b2195f5f48ad18d099c33384141da14e151ba57f6b1bb97901457202cdb83b5c713bd8a13f6e3e276c7d6c130ae287ca8931d9eece06ab7cca124d6d02d497d55ea9151a95e8a4dccda72d3f51a7db3f2879918753683b01ba1b154da83e6d84ddc9492f2dd8c128a30c75174ed1a6b8d93d08645270bde247782e882418ea158b2a2153b2d8f75c09932f324ec199d26e9f3c4c4cecd807367e3981e137858b98bd1268d2c894541ec99bbbad19a6856ea16a1e56b7b193baf79ab89d4e76327405658c4ecb5a8626302b3a4618aeac7e11a1199c4bb08c60ad78fea4827b59cc883b2ca7038d7845106de9174b2b8c17267273d23418af560265000543ed9886884912b4160fbd372fcdf706ef642cf1829493884b6cfe946ecf6140106dcbe11b3746e33fbd4b5852b732230b9047004f4fafa0d4bd7043c7d6595accd1b2771aaa76fe05a0c80b7b221dbef79950fc69147816cad0e52c05e72ceccf55fb4dabd81ecdb476417dbfdaf3b555cc90573cbed9474266c89fc55ff0bcc55602a51a1b5f91e425a1a58dcd4abd09bbc63933fb4279b9e21298f9fe0cf1a93c4a19695240e8978d604047abc7239f5053ea650d781307c50dec4d5e2360adeb9aa02c0f6fec5784784a271169ce456e1c32bf984c3323656ccc588c97e0ece5a40fc7b4ddbdddb764edc512de63270f07891bd160f78b8ecd3a4d11ec4c68ea0a0fbd0f23af9ab261a110f431f926c4995b05462e0dabf29d9660abbc660c9a675628270cea7ec5ae9b6f298b17b2392263700b8ead9c845ad29ccf109a2ed66ed5baf9c935754aaa1b84be2b5339f9bf3cf5e80af16967863fa8dca64f5fe873da4a6d33e39a592749b721fec203c0cac527ca96de7a96ce9a540f5da1902c97f960a05ebf0c32934f9b81244c945a60fd3f176dd8c261690d8ec98d19607129a50edd51135ffbaebc04a0961acc5a32fd058ffdf2c6866bf90a3e177787e7061bd2011ec08ec118ef0451cad010b53c68d0bddc701d10920d697ea3439b1a0f96e6256b7712f59c746d1c74c20b17d461c3df635eec83e3b8e098034f119b9d9a79ada735158eac3f434e805444d5ea2ec85cc8ed8f5bccab7dbb6ecfc2e385781579af1263d9fd32bee32e01db94703b5c756b894def19783b12bce2a1a8d29d96f329cb0791d697be7e0f05dd5c9dada52e1b8c1e5f75a0fc90ed8c05bdff86644b1ee61989caaa271061d4222818c894ae9eca2da7326e5c24ca1eeebe3720d2127ba997b0c572ae30615f8bc4278057f4762d46a39b934ddb2a0903fe1568c1bcc6c37e1f7c145eb7cb20a6a4b3466a7aba58b48be94f7e14cd20c87b2768358d06e3f607fe5e9dd1aaa8477975660f1e379b9ea26cc00cea8cfd6420f2fdc7ee6393aa17cef88645b821f8f42fc7dd97b0e16c04631f86ecf1cb76a6502fd1c13917ceb26a83596b117d5336387ddbea56162e8a5bf2fa35e697245bc7210cec13bfa694ae884582924168bf8ee2f61a734e37876f363225e5ae19b7c65ca6afc31c8b37bccb308a9c27f3e9902de365e288e6cc46e329e78be914b85eb980c0bad932c164671ed395d5d8317c133e2e000a10e0d20d0f408019b33d9a87ed7725ea4c5abad67e0cafbff31dd236e59defab7ff2cb40f479b56b261a32656f016deca5302a336ca15d10e0afcd168a4b922b79c11cb21881220374492d64df21453b41346a85174a0a4a3c1e973845c856ca70d6d25bb854d0c6bd3c75cd73998c7f64e35a58dcf593c85c2440a6aba4e470f87e6f9b4abe127b30f8992d8aad0be38f008d9d937582eb3aafc68f516d5aaf2503acc96e59a151d2d4b072ab6b38c54928d6656441c709f1c1b770ce6efcece11f8b3602eab63e0c629bbd8a79a96be4cdb072780f3d287b091fc94ff2c0d347fe280bbac308644bdb15a3c653863edd945af0ae725507507b82c283dc9909ccacbcf357d7a19703401b6e4474b94a6cbae575b942501a281b8166fdc70e6b4b60c2f57a4d66fe1197d301d0e0c7bec12cedf9496bca2183d04632711a79c8374b6de35c2eecb0239391c2019c720894bc7a635df18fceeb9aae16b3ce92717e2c56903d20d0712ef80131b8c48635163e97efb1fabd1500d061c93ad935be9a65a45a92e4a4e885268e712efbe5337214701baad4c73e81e73bff19af131f0aba105baabe849f", + "sha3_256_hash_of_signature": "ec0a5addf6ecdc385424912b2e8fbef3bb04d364f90bdfe5147046ef6a0d61fc" + }, + { + "key_generation_seed": "615fa91f3d206b908649399f216950ec7b2420eb04aec6abfcb7b4528e8e33e6", + "sha3_256_hash_of_public_key": "80736d6337ae74c8f690bfcb58876be4e63d1cf4d0a3450810b806937f37dc2b", + "sha3_256_hash_of_secret_key": "f489e6d409b6b4e6945e6b4801edfeef96bb25fa84356b156245792d7d6c173c", + "message": "e43eebe157e43d9f54130c668a153907d65bb19856a1b7c2fd5e2c770fd6bacb13baef951eb758485c128ece4f3e9377a58a45eba1c3a9ca5c94b50714088700d6fda933ece3a6989ee77a824a9e99674748a90b7f227b589250c9e156a8e50b74a7f49de036fced86ca0d4c02e217eefcaef7234f651ce4380b86389d7331c7657ac283f58c781f904405acbb68661310ec6921c1fb7483e74116378086d4a0c9a52af9847bb3ce0fe97f5a7c2cf588db3b6fd725ca83391656cb38fcb6d79531e56f5d42fc0cc20d04ad7bbf57001bf2f8e6b335cc57ca2db23c247ef9b75bbba3159030975d65b9aa7c10e0fa4f615f77126d5271129d8839a3f8da30c79174373c4ba643e4c4f0cb26bd5b8b9f7ea56de459eda15037d8772478fd9f7f7e06f3b422df0b425dbf1e91d3893ce20f78cdf1910c5d4674efadf122f41d6c7d6290df59fa029bd82e792e758ad4388f9d352e9d2fbe3e58810c380d1cc5768865d24bdd92145dbd1ee0d4724c769ef5cee12db2ae2708b4c8c7865e70ca31386388d991d46c4dc4dafc5ce66cb24d455bee01488a7c764a308c7054572fca0cc74a01a2b1f191c54146fb1aaf55b834f998b50909f3d003271e6504985dc836b5c44655b938769639799f2575bcfa92f13d32b283a5bda11177ce1f66d6b30788415bef598773e87b4c8c41f0ce6633b6c945a3b4c46b74f30945efd99cf3709fdafaeb4bd4c6bf605f89c7a9b4eea1a6599f0a32ce3f2c58587ea8bb3fe6495d92f2feec52bea3de2047f5eea7ea1453c762201ff1291afa87923107f7ff586e00d07824ee021649abd2d6e9ef11a1d31726ea9277134341ec57d790949590a963d25d6fadfa9ca21e43acb7e5ed4cb6e8bb36377c2618997943cd100a927d395376871acb9619bde9b1ffd5e48e271952613875fa3acd3e1f2e872f1d672aae6e2a575a4fdc4fae2dc6a7196e7eba94ae5b49be41e7295433adf49a6d2d945f43699d444a726423cd9164b9e28b0aa4485b0c767a9398df5dc5f23d27889c14b1abe98880e7bd5df9ab3d1321d5493a0a8b91ea4827627a9b59308cb0104cd8da7d9def2d47b27074ba007401415e900df03f251c8aa425f0fa59d74c41ba7a9288c8e280141caaf6c6932ddc4184f81f5c33f0fda005bf3fb6a0a9169a709875ae475302d57ce96d3db332188202597ff29d1f9ebad2b0ffa27c14ce9cca58c923283ba10e9fa1689d6c2b8804225d706e09ff97ae9cedc27d256e8736daa54382040648f2f6bfbecd6c3a9bfaf5d1ed23ead00eab351f1e0bb4c719ae6a1f5d12e7f09ecea62a2f554b18397fe1400da1eb6694635d7c9c626e0fc82cf8df6aa4ca88b69f78cd065c53f929baa58507fd3e3d8124c4bf287d452af47af9f4d926dfdb529a8abb8bb57c5c7611a97053a0cb0b01c754cb479c6cd3a3e867bac33e45ea0bb6bf77e0b2ec2f136dac0e259fa309fb5f6d8e7005e1696ce203c5d054e5927a87a1b4e81e73f22fafe61d7d64cbfbe519d39e716bdcbb37657e71b9390ff04b3c01c6f6842684115cd7f5aac208eea48906890248e58d1615634cc1263cd3adc14b67f1a1a8ed2626e7237af5488f5d269973f11458e3e4fc2ee35a4bf49c2f5f2361939fa243fa8f33b54eeeba9b0453701e367a7bf4d698c62da64732652c68c20a956522826f8e29a764ba93dbc98fcc87e59a1423886694057e131333c5dcdff3be7a1f0d344a2debb90051721e0226178deed353a136f69481f83651be3281c562d6127914cd24c38ffb327786086b08ebe89d03a33bf7b5dccf90de9c4d907d308e08a616c5343c116a098786383009dc70787aafb4529cd27cf85f946b8b238ad2f00df109fc84cdb48bb52b73e1de066636176e8c6c76216105486c553511df1f0664ec1e04ee0b0bd74a08070207486b7f326c3ee73188ab5bb7f8f5643093916491d62f0db18675ba4ce90b2ab310bba4705b65a581fbc5e76842a99d4926ae5bf7b8eabce5fa30cb98c1bcf0e0708da970096234d47bfe23a4f9ade29be5a8b6bbb748ea1c13d00388ac90b65ee10be6a9ac422ebddaf5482422aece19e702f6d26ed954d4e489cc48b2e39a6f168e98e11c1dfcb4a843354f1afd447962e5090ccf51ddf6643ce0afafcf3e4363187e69c31ab796132eeb04f2d4976a576b9bc8d9b1d491b74613c1af32e3d2def408abebcc27e4a915c983e10b6090fb2de6ff9e60c96cf4f940b09aec048e7a174711798fd76db15dcae0e570be3ac147e2f8777a522555b0898bcd7b04abbf060fa72b04604c9a583fefd02b2af9fa035f97de4daa4ee777f9d6985149db6c2f0a33ee1a1436b38dfdff87f831e83399c6a884273e612433ee3958f37c99a748df151e3ea011f4df5f0050597685e0230da1b1c7095e1203ea7099ba5c43e58ab0eda60af65291c3cc9a07257d71ca6c9eab93cef41294853a67a5b11f9192c96a36c701f142dc36b046218bebad9904fb765550598f8e2f49f5f0ad2608117196751e7e4c5cc4c3ef425a921c1ee15f37a1f80df1e24163ca145edb0fc4d988b8c7167acf9cd94f919ac96e5469859fdaec54e1970007eb9699342a9aa044a8ee478a3ecf8b59b0109ea7640c218ecc1e8cbc5e2fb61a1748b7c038efdadc2d096bc29d95b1be770d097afd8b0fe02173a1b3d7110f80d6c849f1afd1b01a60894b16140f9b34d96071a753545159c4ffa4dbaa938bdec287c6b83751c5e699724ab355d1fa0e081db286ec83343877c520e856c4adc65322aeb39cd87b7d8e4ff9222e085ed84c58b7ff513ad77f8a9eff2760a03f69ae5dd14dd92dd3f2d3d98e97b1987086b3eef2f2e822c851b7add83903786c050f30c4a4f4ba9361e49acad503e2a07ea119752e12d4fa09dc83f7a48ee3dcc1f09475960b6839ca736e498a128f78e58279063d839aba88ac9e5bc24bc07bbd2de1cf2e1ccc5987e63f83780d0ecf07eae21c8c752529735b37c980eb320dc949468c69b17da8ad612825a84d0529eb97ff8c4cd225fdfd1563bb6c5360abdcb3339434a298ddcf5f36188f3ab501e505828e8d2fd6dda062ad415c56414fd7557170f0f57bc5a401fa648699f3c7f7fd8f1f058849b817fadddc24726df851d3644414f55cade30a5764914675d574ead4d4db8725866a6c51bf0eb23b12fba1e101a6f3bdb98a2884d0f2b8deb3f279e9c38ebd0209dd05c0fcc6ea715257355d0d6be2c8bc7835187cdaea43a8ef9c59e88af6aa667a697a3df8bde250eaf4341a835b5ef93cff97656133b49e13213949a3f368d985e0d6c793319f4284dfada383137dc5b000b7fdd85f27865dc633562949bbe4fbff75417ab109f03015bd0f67728969435efae791ac72c6aef99a385a3e8b4c35f58380149c653fd78391a7c3b26a3550d37f9639164979288beee99e36ac6f44d0fcbaf0d210839d563a6249059a30ce6f047f5d541fc8a90a18610a8befb9493c5ac804d34d40881ca82e673788870705bcd585044b11f1d9bbd6b17d8b82b7ccc0554d1e3aa7f2762fe01385571c9fa7a103d07c1a209504876189de4b3c5910c26c5f33ea725a7d57cc30a6ec8f3eecf2409f1234a094556c0f7941cfb30fe86f208feb73c8e8ea8623640afbdb1cc589768a714cf945731debf4519b70870fb3a50f1fb368ada3fb217704a5d46d879ceff9bb72667acc673cb196afaa0db1160cc2cd7b260deb791a94d0988ed54b7e45f33e7cdba0fa105f3af3cb1521ea382b1266df304c900bf53e195ced03871a22c50da166bb9441cec83607083195d6cfa17297b678abb5e03950160130b47e25713b0829f64d2552efcf404f65798a86d5899b72150a91ba00f7dfbffe82531497b60c31c28992377a2dfd5fac8a9c16c835ce4dc24d0389277e6355c655c8a33c89bd48f55c13ede24b9bb348dec89612f0905719743c95c0e8b5653855676ce171f812eca405b6f96f2212d1a5369a11379282ac0c5ac41d", + "sha3_256_hash_of_signature": "c11d4271a6ce2271ea4eb1965d144b1f3a1de2342352f84c5f245a814ac91c2f" + }, + { + "key_generation_seed": "626c19b8553b2d9e5a47a758615d80b15be11fd016d3a1962d8de58ed5ca2219", + "sha3_256_hash_of_public_key": "0132be10a874b8ffddc3fff241f1bae8d81977da6e868230ab2c2dbf1da53822", + "sha3_256_hash_of_secret_key": "c37bc81c1922988e2f07de822da7d8b22f816615777c2a05d96c20d572fe4f53", + "message": "c07185e0343df2a4201649ad5de4cffa20baf5dd43f5e4a6c81cd5143fe72865a7c036a2dfd617d96626995c12efad019ff44e0edd7028f29e3657ee3c0d02e9ce83ef0a648fd7cf183a7bf7c15095e0f9278b14fdf6c983cdcf2987dd0cc085400906dcd0d14aba60124f4b7494adbbae3a8d6052122575f99792f7240eb17864dc6d231721140e43f1110e73eb2e3c05049783b33aac4e4ca0a248775baf81fdb03d114508928bec3169a810296b5a4dac27e7c7f8d01cf5943cf4d8cf6ee6f9042bb300e50eea3224d35c9628e38c368ec3b42393fc820371db6557216a2c2d5a230fe3a7c6bcbdd89a2be5cdbe7f783ba379b6a4237db051e6256dce14dcf641190a956e8e85eb2638736b899ed045636ddb7a351f5a4f4108d9d6e0413f92b9d392495299128a5f4acce8c7747c675efe05ed7182db51c515b345029440ab61a904d2a390122680c951ed4575515144c5ca80d6f14d1cfdbb5373b78e09d04d0544151cfa1240790cd31165048d1484dc4d11d05057071db3433df071b367e00fd38c386dab689e4dff6fb421b2a95ff54dc29375c9d1c18a76c79acae3d3f35d4cfc385199a4ccaf6c9f0421bcf58d296ec7e0d1b95a6c4bcbac1271f94e438360a71a6440275591e41389b30caf2626a865b9e59552cb198a1d4453eba6d0f6fc491a8a7783b4a8baeb81e54f9189ce493efc1c5d830a4f637f2bf43cd86b91637611415c95685fe79966174312fdfbf33a646625f97521b5cb1f008135b824f1d6d8373006c7158e62b1f794ae34548a0c6dac8b60c559d81580ac0d84034a501516ee36cb4082732918365a5ab787face591ab02be6957ae4bb96b58e2b173da019d3e0cabebeba0af775779f14bfba8f595697731522df3c80cbdec16f6acc32659cf5daf193178307887ef1be1b48b5806d0fa9868a7fb853708b26873857786b974709c687d6597bcf6c7e476c1e47cafdbf30b6311ed434c0f998c4065399c59073c1f2bab1d46104e74ea6c976d416e58bdfd24ccd957cb431870de5da8763992ef68bb18075926b0e4e826095eb3b8cae086fb1759c94b873a1f4df477e0ee9eed8dfd7c77508b3f0c67f69be04355aba9344960639f6dd6b3a956dcd66370338617a365579c5993986b4f748cb7c990344b209785e22a40fdcf8f83061d37c9f1351b4473d6c74abe6b3eb2a7d62ca0f0c88a0aa8a46973f781df0126e8d55d3e9c41c2e3884f84fb0a06c484cfa0c9a0dfb8cfd573749c711c7c236b0f2f144e1ba4db2525c093deed29434fe43cb3040c5a374cfef33214fdd2d660398e91bf070a4f5f9746c2f08c41256fd5e955891146ffd38b155987e6a0fc47ac2a5950509b9e2c86b9dd9929378f43ef3935f1562672498c5640a22315be15b001d4b01418df8eb41dfe5c570e850582d8916c2e7fc2b728048e24bb9d1e8283615e039c16a2fc61011631bbd8f2beb24adf9552cf5797ce05d9d1a7e7f3f5455017b127d9bacd32bad0cdbd3991bbcaea5fc988ee7aec0b1003732f25489edb0a1f9897247cbc40e60f1dd276259ce19deccb90067f7293a68b683fb5232acd2217b8929859109d6852a43892098630a67d72b1cf4bd5d58e20c5c18b85d69df74ee8cc69baac7da48eb71a160f03b68c6be87a4919736f14363f004ea3f41dd37fd8e621bf433bca71e17565e060f3c0f889515d0a8c17fe0d6d734ff756256b0a62058b95422257780de000557df289f47910cc272a14bec737c0715f204c49f03150082dc904a5d170f7383f04f1e355f50f80d5461cba53490bb2e9484806d369d61fd00ed1ee5be518d04a24503b1c4c08c7ca084902a3942c04143807203287a985eb3fcae3c5309410cd9b9a548f54ded44321ce8c2a04679841daef7fbb6aa11091d240afbb467d9969c31c1cbf6b24f8cbfa20cb4cfa404b1310400271664763e9c1cd1b6fe5ff2a0fae22ab14efc016ccbb19c5dd5d047750db4addea3e7a193128a5f4d7bb6358f21b39a44259695904de3440bb28cf9466b562065c387189eac2f7522c9385dc2a607f6f9335ff8add47c7ba932659aff69b1f26ec8655bee4f97fbc846e48111cbe25524873d1db2f2282d0472a2aaa3cf491c26ddc5e1be77866a3b692e417e6717a4f4454c56f97f063b9e598865b6f71136d65ddb0f3cdec57decd5a57366ba96e4315a88b4ea3479321468ffff508d23b0701a62ce0cbc0fa37c91cff5c5a0433fd61ae11a922575f5baa714de46a58d6efc79bdb10c9af7e9950a61d44b3e17e3b5298501146485b562b1570ff5798b47641d67091cdf90902b2d762e3efe94c540de4a28269cc416edbddd4d43ac2fa82d638dd9bf11f3bf22fd81cc4bd4759d7d864eea0e8e8ab71796254b278cf9b650d1fef38b8437362b2d69ed84c54498331c6899e20c596fee7cad9ed8d83d86774afa6e56a4ed34b0b0842b21ccb67035406dedff0cecb0cd089929ed5ffa0ce210822444808bad99af603082bfe5c98ee4653349f8a43db64cf90190c96b0446cc9cd23e0d75b47f54a731e8bcb0a4c67401dee87876011033d2a526067fb73786fbc1ce696130fce5d5379cdac6788875d27c04783b1e2ef41063d57e3d6560d1ff48882c39131c95bae5a9c9392dab6cd17eefbcf61c464a4dbc08447443cbbf3fa80481f3bc1a5806042c07f7a7ad435875ddb1001565eb6b7b872cc6c853f771c1dd5d9c16bc27aceb3c7690125c1907c7ce904852108cafe76351269a3d3ea8812fae4fae35f0daec8e8b186f760005524998bb5de475e4df85209da915bdc972218ae7db7e2efa05a7d752ae61cf2f3dc26ca2d282c8e32b4838524be460971e077348290fa0043fb7616d821a71dda3a5fb76bfce0dc84aaea432df32b05133a26b46165297ebc45024777a868b8b1b0dd6f97658be799bd366cfdf99861e916f7cf06c034e4f79594f1bb6ecd9b7347911488928e1e473c4b8c73297f7ed845b9ec59020373eda57a436c1c9d1459c6114bb6258543d8f4f97b10aaef5a2e082ea173ee69702d83711fee6aee8f6b260d03ab74c3b5d8fddb81b208e16458511270dd1da295f25cde7e44a8349b60bf0c59d4b425c1fba60d2bcba47b906d2830d8d5c091dba756e61620d78b2dff28407fdc9da9113cbe82219bb2cc05e11c70d040bde821aa17b3e981558961ca571e5d5041f7de047a1727d9c904deebe561dc6dbd8876bc77c27322f512d6171bc03871eb0fdece70f119bacb41d1852220cff26110eb0eb78e39aa1b2a4c2e78679f53683520c5a57fea71a8e96e0aed33118dc4bdd035fd88f535b011d9c7deb6f406a072ae6c091016ed10a5a4ee9827882ee27c535262d1d745aa5231736f2deec8a6017bf0da36b416c98ab71c6824a6eeff3564665007c9e850fd02a1f5e201b534627b92d21a493df293db9f24de70c7b49a6e07acf2db6c90b448681666dcda318c08aad08d3e257af7e774c75debe3b3c07af683735e87f205b0fde07351849c5afd07d5722c6aa17b6ac2cc3551c305e6ac31e3601a236961f6618cd3a0f7dcf6f65b8ec82e27e44c8518cdc16ecf79374f796a3daabe2d5005b25576b35b021497c5a8f9b98da68d80e56a1cc1044c04dfb11d36cb147eabfdaafba0a93fced8675d7d6a9f999785c0e7346f4c68eb17c0a2409e2f5bd4ac5551ff66a9857c66f642f2a385131377b6372884c417e01bfbbe1ca748ac8969bf2c0bd8944767746d1d57d862795e8ecf9e8a5ca122d0259ffba822588c5eccd14cc6ff4b7354cb572f5bd695ed9d85de131fdd97dd5d6ce7844ddf9f3d112028b5125ae7a77a4aeb2ebb554682a26f457c43fe96d67c90be7e49ff443478e82d3a48680d737d1260b8210bbe962efae6505e496b1b6d4f1042a7b971605e2dc50be3bdfecc3010b9f5618d3a1b2c1f48888b859e4d6b63ca9d29990b6d502fc22b738b203a83d597b48d73c41860e4e99c57181f5b02f108ca193451025f3b368cf2741244f42b27cb9e57260d2e127ca166b32e0b9c927b247b31619b1d4", + "sha3_256_hash_of_signature": "e2f0e14d8800b1961492a6af25e0633978c7cddc7d7c28417f42c0329c524cb0" + }, + { + "key_generation_seed": "b0d4ba39adb4e8712b3a3e6495aba2f04a29e45c68671a960bc0d8d89900c97e", + "sha3_256_hash_of_public_key": "620062ff0b5c9f8d221f3f6f20e10a4112933ffeaf14ac2237cc5ce8088cb670", + "sha3_256_hash_of_secret_key": "53161b1477f3c3212e700dfda55e9525c9f6c6e1a04f3463180c2b63d0dac21a", + "message": "836254422c7d13f1120012fb9cc7cdaa1d8b72f6fa3943aa7de75263d3df814bbf2e80c3a204bc0f9ae33e4fa82ce893d35c57e41c7147602be12455b00b7949a3195264a3281cecc3fde34802b28c6e1f2b505ab6087d453bd6aa067b2370124840bcac4605ee4f14edfc4b4ff19a4d7a828e60156b49b4027ac18dccd20294f89ccf03d0cf47bb2f22d3749eee69ee17ab5d8e4dfccf36824d23e3f95e959d0494ffbc712ce3975e3a661b3f9e149a0234f691c2d820000de97cc016c43efe958da469f740610fd22b64d4bd2e30075e22bcfd4ab41d952d2394fc629f016ee1cd61aab4581f62a7b8648f8f8cf02462c81023cbe2755c91195a5917fe5a8b5058ecb8daff91dd3f73fe38665666dbf79cf6f203faf94a5ca3f3affaa2c2bd5f5dbc011daf46fd7ceb74b5875e4b5d80b6edb9817106b91865267e78731662218c8ede73e588256fb1ad57232aa5533d25bfc54452612f0c2aecae6de19355e1d508b888d18ff9f6d7d68199755cf5c210172f65342269ed96c77d80af8a244b43a99deb49b97a6f358aadfcff6aff72ab39540d375165185f31e0f1a6f97722ee365620bc5d642f8cdc59f7e84fd8615f4a336ed340be6ed8451997d87b7904c1b9a3a0bd1f8a01afd6a2d9f5b995e3fd0d44df8fbc8389b6cbb5537816c91f0efc3d2349f15eee747b254c5bbf9418bb979294423dd6de4d13484408362582a86d082350cc79ebcdcc05b70110a038736034ce4f3dc1d17e5d11c9c7620d40730b61437906933193d1272f7c89c701d495ed682f1335b7e1c42c994e090a67d932a8e825f4b9eda8f2a94b9a1f11f10e91396908a9d436dd01bae1d1de2c6acf458c0880e3f81adc2240a99e6083c9c188982713db243028ab07df407218ca6b3c4c93989ac96d92375834b915b724f2a105d6240e52b9d7003c67ff76f7a325d84abbc229266bb40d1dc8784ce1a4a6bd17972cdb26c274b06337d525f61b5bf952d23fa13757460b7b8a3b99eb023831f4fbef72d62931348622041ffd12634947579bc6e16bd1eaa8e8b2dfd54d74efced79ef4ff31ad42036debd0fda3b7f3f8e7a3f45955f82936a67122cd42e38af646cf565e294f422fac1e7d274185896f58e9d0fa1fcd3f4d379ecf5b566586246216556939bdf86d6a417c3bf77c64f95d7de8197ee25b44eef00209d33159710df001372c3e3d09f24b9b08b8938c522690674a7588933e1ca37d2c14df50777806ef6fd2285771a44f6de90475c6cc314df140c3962dd9d70c54e58cc5fa3302d69c80c6511d9d42a51b7cb7fd7fea8d8bd65a66fdb2ac80d945fb7ec72e138f5566ceb570968d84b60068df20c6cda2ad48372dc97424793fea8d2136923070c25f47c3d10839d1747b613b93530968d5e97a3fc0f563bffcde7b42c839efe66c3a8655d0ceb5af7a37d23dbbb52d05cf6fcbffa7c7491703349819ad94ce218912557d6c87937b2e7b0473856ec78713c29a02cf7b2b38e0dfe16804af6c2ba8607026892138011e06b4af179d63dbd97cb917b6507b798e58d74f485d3f063c044211e428fbffd5af2d7941900299602d3b15d5d600b435d9a21948b8d87a35205a3af9aa9ba491d56573a93c35af6683655e04a7a17f1b9709ed83e70d82a3df59a2fb7c051abe508601f322ffec089c49dc666ba04366c038ad59d397022f0f6344255f4d98bbb17120441cc75107005a74db35459c63770547a4afe59f2703894deb67612448ba7c4f6feadc1717f6ace410c6be62ac319cd33af285d17d55f500e364a0abe71d357ae0802af464b6d2732f3fb94bdb3baa497f2e44727bdcca5a4b65ae9df189ff1ac640940ff4d479a8072d34ecc523dc8fc7c87fc89a540485ae7bb3f29b041446ca427c0b48ca7515a1e31788e8b53e1122d372b6557f8d2a97cde893b20e60283954e2934af340a358a4376dd0cfcbfe305a2ce7b72dcfe2de105cf44833f548d1bce88d34b60bd29b69309dd87f4b91de10ebdd7d7f87d6231307d0ac784e0496db725ab97656c34e60b34b230f37e30fe326296c4e1bb88c0bac261df0e5f45e6e126103eed6b1ca146d58140a8893d847e92d9f3a0a883e8bf830147cedbdc7dd42c1a58a826a8a827f9ab26eccf64f68e9ca6b68261260b659b47e0dedbf5b077982b24ed9b36e8466dcb21ee69b5e2bccc49a163b4860ec2ccbd65032776dae601e18ecdab8e35c2760d5758592f6cc074298a97fc5e82e7da84036fd10e0725a0e4e58cc4db30499abec0c7d95d88bac2c58eb093312779bc1b8619ff2762fd1ff009273456d829394664c31ff6d7848b27174b36e59fb65d6bef6d974d5038a28f49ad465b28857cc12baaffabf3652c2e22b46b040e579fb040a0fb4b1daf0c157d35407c0b78e305ceeb232e7b7426c95639b1cf7b079e80521faa538e51e69255576650c3a16e143d0f815d2cc89eb00aa13af20394aa23cc6aa99a9f297d886ab9af2655d53816e066a02cf21c277daddef3d7d0825d094fd8fbd5386139757efd0b7f8501829725a4b70ff1dabf2958e07ed21db76266a88483ee7c51a7d215e1b41d2464911abbb1dc71f9613ed5446e4b0c97bdd47f22b372fb7662956fdcf3b108e0107f74301a054fb004925b041af354c04c20fd370ce1a014ebebd8311f3265a2f78b48124521a4aae240d3ba9f94fd33ca4a92d24a029e0754831869b58f670435a44dcdd7bf75ed9ff06dba52980dce49c1c26ba0965de3623f459e36127ac6afad4d5598fc45a95173d039cbbe2cdc7dab2865fb6bc0fa8dfd33c4a826cfc77bb7f45cb5aa73377a27271ae41630dd3d4e2722581537fcfb233e5af8f04ca824012b5c429ea498f4ad44afc249de2229fd7266fe84173a5ce44632b3650d6e1f278625d564b374c10c1afa3f17432cbe4b65327c6b6e0cd2f99b68ab043c5c6c99d7fe7fcf940f4887d309d7bc0ffaa5dc4b90c79266514f46ca2d5477f2b84b04e30dcafd0224170fa6d4ba9ad2a6dfa8ed73dff9d5d40d43f02610032719a7c5646ccd453cef409b4325f3fb6d9b9201fb115e4dfaa0b4d29959a44518774e94b2d4d6d06c7f065973becd203f5cf6cb59f869340ec6baf0121049db3e1146234cee4657c1b821af817da27bd4c9b1103c81f5b5161e6a9329d83d6e4dae1f3299858cd201222d34a85e2991bdcf32e9771f3e701897f647d62729c9805cbf118c9fa727b056a7271a23181b92f033de1ef113a856a884ad527b8deb92085af3db509fdb0265fba3376b31bf753dfa477dd5e247d939109f31cd430a692bcec4d9fc7c5b4630cab90c64b75496bc7ca54d5621fe3315ad03ebf1afd6d436bd2dbcbe707b35f916cfc147bbb5b8ad2e80abd692834e42e0724c8b901f5924212c4129f7451b9dd860a85855d1ac59f0b6b87a66b6a395dd81990aa3debf64c91cea6862b5793bafff81677fa2928e950d94a6333b0e77a15ae461e710be70afcb9fe6e0c21c5ad188e439a6e5138a2c5ad17126e759d48491e3f3f93f81eeb77b7b3a6add96917cf0beea202eea5adb3d5593a3dc9ff1f8f05dbf5a2707edbb6640eff5b65a0003cced2eb480942a13c1f1ccdf9994f1d11dbef0d3ba7c3801aa508c17bcf287a928b635f475195d88adf9f4c1ca7d3d1462dfd0f6939b89e5ed95f177bbb12253391876492bc01aff1c1daaf0a1c7821c2a4e33f52badf51987e010b391fc984328e020206ee98e9c8e6763120055f99725e48356fd800e11ce973d00c800c353a5df8b028e1e42f817c7433084c440e47532fc639172533df35f0ff43257841c3e4ec7dd7f601eaa81e9886fa3253844c195a62f89fa5d292536be8cacd80c94bbcd1a83c985936353c9233e512431a8863d7d8340e89307547bd10b16bf2c7e0bb01ab8093c70e4f4c8fd30608fa14ff072d81048391c07ddd82475a280d4edf81f739ad1a13bc6483c3c37bf52ed52ce8d568aa81864acabe225bc6467c79fbf43781f29b0c508e6825d4e56d25e45a8c0c6298765069fdcc66b2c5492fddfff69d6f5975fcd81041f30ffd7813ba3219b3139583eb588ddc57851e581fbd5e20127ebd", + "sha3_256_hash_of_signature": "b892e5588cb9e8c2dd171e6005d9abf4795588f99b37550c6cc1cb63899a5afc" + }, + { + "key_generation_seed": "e04328a783c10dacd96702d2e726bb11ce4ecc571564ce7cb10722d1c98c2842", + "sha3_256_hash_of_public_key": "3307be23de027b00db224419efe70bc99c2f7739885379025c0eb9a51624059f", + "sha3_256_hash_of_secret_key": "aa45bff3201ca59e09c13fff9093c58a1e4ee932d2e9d442b2d087df2dbc4747", + "message": "bd2b4058218a15c008a4bbba29592079583f684fead3e6b3f09abff0dbca23670ae4496077d47945e5f1ac3cd4add5763581285d80dfb43bba9c0730858293ff6a15915ab203fbe65c118b87ea37dfa1e06cbc0f24eba3f43a8be17ff1daf4277cda2cae8aa924e852c9d60524b98306927746c4eb26dc9475e8a0d0f920f33e1aff9d07ea5561e70865b2d8161b86fdd7638e7a72345dd72ee95bae1ebd2c24d2a5510abe3fc2ced397a067d215f6088d63fa63f2247427917e5c4fba14f0a22a04fd0ac1d948507751f3523be2b0a0cf2f96dc61f8187adf646d6914667759d49a6df9a327830effc9470cec6c82ea127a8b0c6510203879faac4323145931e146d962846bb1a6e84cb2c31bc686e388c853413ea7d3ebf7c752c6aec774637ee01f2817a5af133928af35f23fc3541fe7fa749a863a048efed2f8cc2ba86520b97fde0324c68d1ddde1e430c30ded0b25664ea676aac6b1f22925a40b319caa37dd5dedb99de4d963630a6fb0e8b00ad8f2a2b9bcc497a00099a70a9dc190a2ab2a058930e63fd6df342a625e9a095ee79137caeb8885117c7a9fb8df7a35d5a300d6f7eee40578a7507edc38a0d6522474e672f156fede7e1690c3bbdff40342f1f3ad3c34325bcdbff0a68249858c777551683a9f3af225163c9323a4ad5e666e0a9f44c6496269038aac5dc2767966c1560c5a09207406f3c47157d2fe5909346d8acbfddf3e3d19fe48b7c60e1c8cfb2eaab19e736b2595d33a0aa034726cb6146a01ebf5cc72eb1182b9a4bcef90a1aaf74079862cd775f8f773bcc490f6015b4d5469ee0bd95c1a32a1fbf283fce1fbf6f8cdcfc1884f4d2a899f3e7a95414de419d56462f502ee703cdba007c3bb78f20243c35b882c90cb7de3cae3f0468079c546645977347bc183fb0a6cd24481391cbdf9372e2d6765b6caf8eb0145bb269a47a1b4e2cdf9901d6aa284d919ba57163ab9929e715341bacd81f35bdbff36d59a1edabff3cad2c122386a6335348a3170337b94e4336b2b74e791981656cb5234a6f84db4142d3f323000fa98be61527f7548dab6e83928e9dd2e461f08a5bb52f241bb42254e5746fcce0f3620abc69a6e275b5e06a333360f9b809562ed116aa6cc2334694aaa4169310ed6af695678de22d3e551daf61c0a6c5f6c0f36fd3469a3b977f6d295e75abb804a43e1e7ac4708208a94e8368dca40856f1d43c9865d98f69f1c0ba9c8b33ac9ccd18d400d2559b1cdd82a0c875b5e136b97c02126c81a81eb5d1e421221564100450531dbd97bda77c1b0186527ecf526ce6bcd0add5668382d984af9277a21d40c06eb4bbbb0ccd6f64e90272fd632d47a388d301377ee745fbc9cb4c02e1f096ddf303bca4e1fb4b6df867676080cdfa6a29cedd15003ee636db8c74e7e293a087b1a5f62334585369d12d9876ed0f334c6711146643fd598f0d69bb3475d219d1f89066644897a9cc5630bc84c0cb5844087216038c8fb6750d0968d3d3e2d29d93639486c76dc045900ae1a13529e74beceb3338684402bbc3eb36870e0b37584e9f309bfb0dd9b966f0be1298dfe55d1a94a6767cae5eb3120133b7d7b71c9f2a538a97f8548fb176b0e8923b14af28ae26306214f1d392ae63c3736b9f9374ca10ebe93370c11bebeb45d066477f374866c8a7208ce6dcec404194bb1f833de0aa4700ca29681fa0f72d98679dc3e1e142852347b01daa08e5cbbfd242f7223600804e066fb5c98c8358370f5d390898fa44023a30f824f1c6a95b8e23308b4be474d03e34cf72be65f90d698dfe0d2828a797bbf8397ec87ab9ee00c76a1c7b3ced0100d3a1030136cab9a69f05cbe58a4a56a9c700bc591b87783de59369f2e62d5b885da09f25835a6dc06f954c19b347724244fda69e3356a4ef60f6a41cff3bb7cb22ecb128415cd1b89a9aec12b66f1ec23b14e7d7fd601ef7b000a0c96f386216f75710eb2c12817daba1d1295e7535331cb90a9b0d8f7542e73de2d93fe554063f57274df27bfb39bc4b78b72a88473408086d8df531e53b5be018e076032d1f8ef86d7afb8e8867b9d7728a25acfb6856d83592cada4494977678a9f4d134f49a8598a8e0f23d3b7a09b5308243410ca6f47e0bf8c43871600817460bdeb74e7d32c2ff7c40ea4bf924e795516ff7c7bc8e5fd5d64cc489f1894c6bcf0e9c312b1ee7e2bc68739372e7402e6aa2ecdca39c18d7441f0ff373946559c475e37d4ada64b98283e5a64be7bc2d1a1c148d2cdb4eda35f591d3a7e7ce15162f50ff1b025f87cbb82289fbe7f9c32db8f23012cccb87aca7d758d42019b9a8c15f508cac9284928f46f0dc1c1b6c6b4da030db9286ff8d3762ea4a83d096ae04f98e9416d3dac59e04f9e4e4359ad76926bbd9570a3d5811f69a1c4345b646bd946d0168ed62a7a431d920d707d8cc7e840bb9cf13d8abae8196d9177e8c28ce0dd9ef647eaaf0d3c97e52cb31b560ea7067b45aefb5ec2b7c7bdfa3996d1c7e467636bfa1bbe11d1ccf86b64ade9faf9287a23502e9ff711ca97d6cc09de814a67ba6123a8e4e67cf6e8cb6f7b36621bc6192ecee94d61860703ac8411b16e19644a6ab01813402629af52301c9d76a94cee22b1dca49f13b130028991c8ab383c8461433383da92ab34f1ebb4124b24c6c391ea44ee6e736bbc7a2d4660a878a600ae39b7dccaa51adbe90bd705ea51ad13c05e611749d43de336d396352cb0673abce7473decb0fc708ef28dcbe18c85ee0068fef64685acc3a7d0da9a21dd0afb10b95d81f6ae437022218b6094ce35d01248ea85a9ec6fb56a7a2a8453eb03e6ccbea0f2eadb015d8be3d09739eac07ad9e3f17d13e5f71cadfa220ecae90ea50bea87b19ca6fc5df31874d51723becc80c8845c9ea718454d2817ef8afd99b63090cba6c8089afa78770222fadee3b3b829cf36a8153efaf2cf28dc4651ff37a8921e402ef81a0f457fc1802ab06a759bf4071f082bfdc100ab612a4584b5ae19354854101ab0173d7d6a5a0637ccb58ae58978a8befd5a2c51d3d53150c336c0c0c2a27b442e2bce120c4ccf8d97ea4584434a6f48c0245b63b2255bc52adad4eda9279412d70be457f7dcac492fe53c06edeed766b46ebc3419e6da2a2847251f75c62a5fe7ae74f0dd5af50a447da6356dcc828c5f1a2c0c873e57041eb1158296c038b91f2e13d3d4b2887b284384a9ecb8bb378bb311f4abb19e1b90eb3a399c03bfb4ccb29aad80c55c1636559fc79a6c894b5bad8d529bf680631541a45eb0e57ba5b458a05f456c60fbb593dae90ae549416af96642a486f10843482afc3989bbd1e8e4ddf0791204f4b720abd2d8995c87c8a388ecb14860cf83b7a4406fb6c8c9393475082d24e516c5f1af91ceba444d8e460d0695746be057ea8d76f8c0c80358f3db2ae5b996272737516ef5e4ef5a1fe5967304cb6d00090c9623d29f0d4bce8ca3cbd54a30f9597e01e5845c1cdd8777e18c5d5d86492fdd0606f623d11a28dd9f02032e3a378c71b757b52021dce6ceec63792cea24d6dd7150ac8fcfca6554f7b08a5529d59628d0f35122504dd1542f6291bedbee09f81aa744a0f6c6dfca6207fbfab6b9e17e8a4040741f6508471e72d227d0fdc50c13f444310245ad17bf819ffbbc4e0485fa68cf1f0a4423f251538f25da989abcd008c803d368f626438432569f12d1612370e4c6c971079371081b37d8df7ee709198aaa2fcbd443b96732aaa4e6924a461b60ca4f4cb13e88d539aad709a3db84d2d6d26671a9f3877125b7a358389bbeea846a32e949db9a7853dbc7d5add92729ce1b5c00680974f3ddc6a8235c7319b6cd1ce5e0b66fe7c2f1115206c42b4c02990d79efa8be94927543c19ee93d0ec8811f9330693696c878cfadaa2d56e877d42a3680ab2f6a576fda7bf7957f781655cc664a0a4a0d16ce34d04d7c98a9e0c93d2e6d42870fe66864660b564ed4f881693d466bd68b6470af03a5a6e703dbb40515af5dca7142c4c8d79f5be4bb01a1b56be9d0936396a7eed9a84da86a4f00dcf676b4942d5df6e1378ea26d9118a54e17fc623b83aadb417ec82f9afcaceabbdcfe2f0b6ad4bc1601b4e24f547d61d1c1737adbcb46d98287372c", + "sha3_256_hash_of_signature": "619174834ec6d0de1a23307bc0347f0afaa20481a339b03cae6ecf40bff555e0" + }, + { + "key_generation_seed": "cee2e53099d8cb576f8f76c5c155470f87a6ec5f7d73256a0a2aee62cbc53597", + "sha3_256_hash_of_public_key": "f4ee32887f424c72e295060093e12ceab9ba3a5b0210d6c61474895da9cd1aa3", + "sha3_256_hash_of_secret_key": "e877cb27dbb0c15da4400957ba1b37b821dd4072eb07cf9bb8af14d38732f99c", + "message": "4d83349dd620dc2cc0e9ada524b9be9b195973a839a042f4342d69e6b38918507a9747fcdd8b751d7c75abce2b482b3313d4c74ea4e7a4a91f2e08a059536b651508307b7f4c3aff5cf1579f90f32ba1e847778673e3956713c14661afa2d11ccf61fd8f9bc914d4b6e6d09c52aff7fefae325c180147153c9ae1924c9a2b8de4900bfbbc6797558b000c5adb9a8dc4cafb458ad328f19a2c55d5434bbfa7be5057e56511529709992bd6527e913b46abe38dbff90d4ab3c024a66fc0f8fb34afb96e22535a0ea8f313a087aa65355d7d5989c486e103fd526a7a6d812c0e4d8c081bcce4dcfbc64b68436739451be0c4b67bfca71be955ba9f9a23c223c7d0ffb1b2196c9c9845b6af341a363951e2008bdc4f3296dd0e1e3f480f2e4b0ec77a002eccfdabcc58d24cb0baa26eace96decaa0f6bf1cde0175afa65ad5c23c5e71b50df778208edbe426aa6e876c12440d7c4fccb42d039a14509092784baad37d9b8edf186cd4fcb3d9f8b0397e951777d602b8af613060fdab6b358302b3fd28437a06694f36ce12a035f09d677e48d077cefd1676d8fe51541bc19e3a6d6a5d879c4f9eb4713b7c0f3a652f3a05d74dabff79a302fdaf147531fdd57924f49e52b298219b03d6df166b481f232fc85c7cf52838969ced2dcfc18dd8c95891c498fb49289d1a982922a0fc02c849ac3bb7fa92cf43a64464d5bd919f75ada287fe657bf61dc07b3808c0fd0d71ea24de5353268b2c17c989c29465ba49111cc479f51a8cc623cfb6ff68149e52c77a7d85b5ecce66c05900ab9957bc7ed39e03649a103b5b6bfeeb168b7c1f30dca84aea509fec2b215dd95558a2708839396552f517a8fda28c3ed61f84e1b2e0dcdfa708de50d44bfc65bd4e70260c437c8b5b7158ec7e2301d9c7aaa68e0adef89fdb601711ad2998379145b29ce3681b513dc3ba9b2eb668c1b53697833670466e21e767361c0a4362e5b8ddc38ee6a9c4dc5205eb808b93c72ffafb635b4254e4f4496bacc753c8ed0bcaa88db683ce77c8165e8ddde665392cccd57bc07573d83cb3aa10648281efb08f92aacd8ab6f9b5d7fc66d29526bd57e421220ffe375b26c61a0ddbd9807022eb3b4b681a43e7719f5ec255c1e19ae6c542d6deef3b94b6960c18d0d7c8110b88f995826073b874042faf97f1ff034b8257418ca269f5ca588223393b0179f9817e08e7212d0d410ea259ea66bc4a00e7fb1190a732bfdbf7adea0e4550be90c3e37bf33baf436955742a2632aede259235702ea2e079d99a22c9755ed34c1e3ccbe746e728a932b1852f692b103112b303033ad3ce1172aa066860df570d21ebba51fab72d5afc4ae8995f532ae384cccc3c4a295af76a803fe076ccc920a80d82a9b614760ec43208579ef5dee164356d62ea33953e55195eee9b2e2018e6fd9d19a9f49258702dbaf6edbfd093919917b1b6734f012e2beb4f758dd481fb8a8d7796e755c6647501e28862b9f5b16ffa1c5d80dcb07141806fc348881a5a8891bb632a4ae4292a102d71504d0fc12c79d15bcd0799d30c7b9e72625a7df7dbc7ecf9eacc627ca9ae5d71e264f2f2a9d5db8593f3a90f3915ce480adf800c99fc2c8692f2b57b492bf9d84171f8c29af8d5549f82d3730927096ca18ff0b0c0c0b8b800508c44d5749b92d7d48f7fbd5c86e408ece0eae639af475073df5ca2cd5083bc4ff8852ddf5c399946a6b21b0841d137f583e0dda3a6046f082872b783eca3e14b21a2af61bb150847026f2371812b1a2be72024226f4613da860ac2ffc578dcb171dc27b896eefe49f885f9be4cc8766f37038e01cf20dbb661f507b2ecf2b023203a6259b0a018fc00b2ca9b3107b605f04388d5493ae7cc4bdd093ce761a92847c2a167739e0750b427b2aceb3abc5ff751a5f32d36b589787d4da509c85ead751353ab2c68a9c14b8b2c8166aeb6f27c7f101221c306aac74aab6b4e795525fe12038725d7af3d2a6d60e1ea85f2b94ea24f1b72fed9ddad4c8e5da484e80a2150de22e6adef41153d7b4331e8f011a3cd48dab02876b067312d0dc736e465f99ac3c9c56321507e79accf652e3857c749ad92dad15350a6b4b67229a3905db18ab2053e2d4f92f156a1d76d0aa891364002c991e632b53fa217aac1709f37f3402f43b0753361eb2f595f9fae3d7d96ff050dca0b9657f4c3ab49ebdbfe8816051c4e0aff32c5137749d53b062cb61f7201171b5dd716e9ccb38d00e50955596845dff602200b30d375a854ca4e9a7276ca1a1d9ee92a04bcd78854be251f7080aba6d8325d40b37054596ad80211a50afcc1dbc177600a70e648d8beb4fcb8919214894cddaa6d63b6f6c445469a6866721d4bf1117f25dff9d65fc8fbe5b0acc8b9039c7f94b2a5cc6068a0489e2e13a731dbe1094fa8558a601addb9e4dab04fa744cd5b95a9d57c52c8124ad950a5944dee2c55e5c8540dbee5823daa624f57fd5be994bab3ad4e74ea9443f8b6024bd6b49adf3972442d88e61e04fe8478ff28916584ccb65fb15686991d5781cb7eda067745258ea671e0a2665f94fea1b5490669d1ee8711518bb911094957586c8075e3bbedc47be059053a7658adfa0aceabdd46e0dd9647b34eba32e56b6305653ed386c50e79e15084f00f003b1d12504fdd8e47d03d9f7572276047bd22b82b8e81f87c86e6f20d2a756b16f291179a97b010f993c0f839c9a1238cfc9bde8074405cf1b35df423c7566ce965681f21c969e4f3f8fdca72a18d5daa80287f53b5f8429fea81612cf63ccf1b7a13512db4d1dd2678fe1189398032eaeb4368332972c728ad726b7290302c3c5acab6e73432e825b9046f846adca9d93780a36095aa5c51e354cc6e9a910cabbe59130e98f4acb3cb6d4efda9e2f78748ed58465937fc81c548ad038fdc32aec46b078cc5a7207658a9706f1c9653359de6c4457dbfa71d300f98f9bc5daa14dbdd5ef20dcede7e9d3f7da5c932ac3338ba40e46b17d89fe38f725129991983d4a81321b394f2d7b20d66e3deaaeb6fefc8cff0b68a766e27ccfba66deddb1f541deb3c1892ed2ad5d073162f0dd06b82e8878477bc96e03101c9b5d9d0ada10ec060b45e144b31e6b4de283fd43538b47178398fdd15b01ed421ee2c65847f7a4e9aece2f1d13971ffc0157040782ad4b591dea0906370820dde1000490ab1c27c03d02a0f4b4bfab0e56d7257288441cea63175cd6bd11382e6c873154332e627ce82e37c63889efbd8537ac35c21ad7a09c986cfebf13b19d5677c1104b373f3b55198d075aac608145ff9d0c4c12c83bb41036ab32227629eeb4922f172281a66c23c35b8a3e92de0a10d5e8c18b9a54d6c30230f3a8263986ac535b6bf63eddaf6a02c9100b712ec4bd49851a22af0e647f259c2e19b9acaeb6147c476c90745a353f6252ade8212a9f7c215c0b3053bf2b4e0ad225e8b344ec14c1b839877349c3743e8337d9c1eb128b06939c5a08f60a46fa700723eb6652fc26440d9bda3c99c10ad0742c2f039be6b66749b77e14f8223509365053e87ed870fe3906a16da6c62945dd2112c96a23942b1e14431aeca7dfce3fd4d6633e0b661fb34b0bf05c4d21e689cac9b6abd9f507f08e4aab94bbef1c629c0e1cf344e66d3a3e100b615bf762dff0cefc5e4cce0dd908f46c94e7411a151e713fe0c18ed33c4c03e55e12c0ac366da5c757c7090e0f94e2c34d93ea3b226adb2979d23e071f18c2eff33bcf41baaf52f4b44e38675dddec89c7bfe858bfd1ae70d96d0487972d70f8d8681982656ff734bb6323aa91ea14c6330c71783d235d9f094cb111abc4990319bbf163891535aa5f870164da65fff395db68b390084d4f2448b98cd56103e49caaeb6cd040c3aba8290284e9b2bc423117f4104d89b1b1607c6d34ac30aa9e79d8753b97cae90ecada6cafc6100d3d6d91e20393e0dc95b981fe0edbcf88e046f74184a96705ac226fd26089468e432d525643293bda781b64bacbdfd6c7301ac42aed7dbbce7abb9d67af315bcc3509cf03523fc887e27edcbd7c74dadfd0f126cdb49e28ecad38080f18a775e6d824c18359935d921744ea72fe293f299b530d9dc9285ef174ee60e2ddffccffe89960baba90d955cd2c96672513c758142d29a1ad79ca9291bc6782b64717f11a71e6d65a1a71d", + "sha3_256_hash_of_signature": "8af0522db9abed202676909f9bd68cddc2ed80eaf5228a0ac3abfcd8f13eb9f3" + }, + { + "key_generation_seed": "02d9755c369932e7f99a2e1614b03e2c86d713563785965e008ba987a6c89f49", + "sha3_256_hash_of_public_key": "1c392cf6df19fbc07239a9444112bbb58686c3672f00124399c67e7e1af549ce", + "sha3_256_hash_of_secret_key": "9e8402b013249091abdabb1e8c8be7783d1f6587712de0dd069bd55e8c691b20", + "message": "e0f434dfa04ec225ff6b6db802a047e221bc064e5be89a5fc13937ae9d3f22b4439bb1c1bba01547a64ab3e810bbb09706d01959e2e906a69ffddf0c56726bdb58fb039d66ac5d77c7f0e9a8617b0c69176770da328d38171f39b5220279186250139922c0dd0f7c3f96d48615fc66db7568810931d257b230258ffe9cb35f87859e08139ebf7432e948ee3f962bb9015cacb8499bc69597abae4b841b606657e2e3c51ff5a8961ad42177a9e73950e3fa150439e2063b6555624a6d8e3af4fd5710fbe722b8c6267ba5df56846a085c56444573d692d5412cb70e443761751e58c41953bb9faa3ce1f4564c825a02f0e1339cd659ab1480804dd2e90e3086aaa292db39c6e2aaf1b001b47a21cc721c0c502c46ef0479bb7d8cbdf8e9c136397febc2d83c0fdbb3ed4fa6868068477206a26d2b7e0d20507aecb2756b888fcf5b446217de14ee6a20cf7e7b732fab22ca3abbe81b2be18463acaa3132773acd7476460536111cdcac98b1cc9b2c36aeb3fb318340f7397b4b4ad6aa87eac94ab7d98cc12ea5606162877465fa2cad276cbb5d36c40a0b014c53d2d3a96825e237342dfefaa6b9456b5ff1dca859c5976f77c3d3cbc9df355237ee9b4b4c90a9dd941294431db76dbb539dc48669e7aad21808332c8a4fe98b8f043fb756b526890452fa3c3527fcd584cd33e38ff9ff783538d39a184b7b3eb649e1c04c289fb65998f6cf5d5bbb0609fc3403d85c6df269017032cd24ac540e1b294bdd3c3a0c7117cab02b1a0063a174ff26fcda687433a667322320c0dec1ea3963f3b14375882b3478aed43c2c74debfe3a734f8b1a5cf92007f8fb627cc3aad5c6ae4c31846b72e7573041270ff40e762c0f8dbceb7512d44dc260a97d5ca7d60699981ed8476d8651c35c8ed498fc2961d1e38af46f3653630773209a63838a9222b813c23db0cf4196d6654126ba2b1840a7180e653b3d6e10c4c7ac3cee93b0399d918a52e59f0215b09a119e634e6e8a9886c877f157bf7b7dd827adedbaf03c718ae037c0b262588171839e952721de72180f8eed00b01f53e098b82165199c53129576036fc753a3d33aec92060dd19aa078a496a2b214b1bfbb747a1ec64071b0a078d74d0212e6203c9698c7449326a42bcbbe8d9501db916c64307d5f1083bcc36c0ffa18c0e4410b0b17d443481c3673d17bbd7a366a5fd1c3c5b3391a02eda7596b4f869a91a32b5a02a05611371231be035edc716f534724b5225e1a72a2b2cd357f4c326f1dee963fab680721d40dd70b750a019e70885515f43946a0dd3dd042969139f61eca0e9ee3107d3d28ac606ad53f236303e1fe986c38825318b7c4597b14e1a83b81295fef49fd0f2c1e14a0b146540d853db9706cd224b376343317bf7330b0c2721a409b856304fffe60c24c441d5e2797d4696c0fe046d305aee93cc6a2d89a81eb19643636a8b424b310034612105df16516ce9607cc0a2bac5835642c6ff9572191bc45e44d9b40da36b607f570ae8c39d490342786f31ce6764f3f7a764665b6cb93e54922c6d89db566f494e0ee069811ac82e8132f2f388d68490cb1c2172d2979fce3659d7076b4f457232eb839172963f8c342e2cd18969f086f451d33bb774f3d00e6fa2be02292f2e5cad3adf5dec28932bd784801e69364962bf39e25455303e1f289052d2f0cd4964e0ffcde29e7c074e5d57e43739dfa42aad636c352d363e3a23bdd134baabc7cd1621ca638ded7db7051f0456641ca872ecdb4d3c2603ddbbce16637010e782c4bd5230992e2ee7dd904f8a83ebaa7b4c3cee15b10794ace894118304bcda9e9b1376331d2248b802557aabcf913e95f783715bb5e90a4436e4bde7d651397a70a24257c39e0516bb1f548da36c1f1f92a416dc1114107cd863f3bfcb360286e774b21296259756ea6040cb61738eefe29a67895ac69797c640e03f0e9e731647c2da93373920341fdfbd50eb6b737bb0d9fda8ec8784920407d4f41486d8fc616430768d6431ccd789deff332b239ffd1900800cedd9661a55d6d96089007e9089a117f03d7858eb4c3fe2d07e91d8cab88d2ba5421846069fa6d4e5c9161a140cc3a288100bfbe61c3b0f0e820ab12d8fc54b054a0f4c777052495b45a7d1a883e67663dcf50c2230ca5319ab31cd76435dae41ce1ee25ecd3fa0c7e83b0168852b2cab674127cd7bc9ddf9dd4b57eb40128988c7c8994dc6a5fc939ff957f06c70a4056e63331f9aad254ebf2b8fccd580285bea486d91a0c2dbd5823ac8f6846ddabcde25a2252f8da1aeb32e6969276bd2a7f94cd7dd3143f3181489272b1589fd385ba844f90e35982b53141daeaed413054cdb935f3412e31d99c1147079cb487feee85e3906daed18106b8c407bbcb7716ef9d4d34e2ff04709c7457997ad6fadc55a8fa70bc907815805578a11a012c521a1325754cae2e3f7c9e1fffdbd4be31dc534961c318d1a894838e0c33806735dd11e408e500995b86b6ecd20d325347f792a3381d2a45587d9b6ae0aa27533732a6c421ca621aac42335848d9c0dd89f14eadf2f92ec532756cd5697ad752b6260c598ec9f0e9976a950b22daea8b74fcc87f28b5e9ed83c0339e566259ecf06e5ce209065de87feee5d1e9c466004b34583d6ae89b590ead6a96cd2951705ac764f329e28c996ad6db05f6c69ad2a39d3ee230f6501f1760aa41ffd936c9dbf20de3996917322d32b946062a3c27d8bf35ecda22403ab684cdc680dd166562d018d943369caefb9133a4bc4515cd5f9c08e7c22d153f0a7733eb4eb2cd8a74a4c85e40dadef6858c5927b6eeb2b01e9b7ab02f7048c8869991068b00fc19b9545ab42181dd5cb5488222a402e827f60a8d87b09ecc88350032f998e3c10a88d4733227334812ec97c5e5fa85faee1a1e28a58641531b139aa58bef49780dceaa408986cf3c40e226c60531945a20f91e5dc31ec86c9f9a0545e5fcb79a13b9afe9b133867ba7a38152abc6d9f8ee10090bb71e6adc6a6c2513b066f2565138bada60b0bd339f9be1aaddfc90dd272b4146d0f5830c6a53e295c849c15d001176e7774fcd7619d6ef1a30ba93cfe278ab4806bbf25ce4a4e94163f614e81dff7efcb015997f5138e22b80b2b00ad7579cd84db5d1c7fb16e9e8c5d9a5ba0ad0e0a7de79c18839d673632f3d2c7da2062eae844faccaf23590b2fbf1861405ac347eb9d723ecbde54cc96bc4d8ee2178f353310e5d69230c5db2841d2a06a3a4e03e054d99defc6004a6e405fa89b198a901ea1ae9f3112a29f3aec5698a42794e04d74d761e4aa5ad23de271969baf124450f4796da1eb1c01480436ab0f5d0b1b2e6717dd87eebf137420961f978896077e40b2d2ebb5664fd8ad89bb9333fdf46c33ef3bed21bcb5b4697451bdacf364f85462f5cb9f546657b4744edf757daaa4d3a9a2a6f281184c3576b1db0b540f3b36310020bc6ac0c6454a7cc8ec1182422b17bda202729c270194cd6044210d2b98731565812339edfe5a0dad79ba826d8c566c7d25dea9bff0badf1e4e5da2b884966e03fadc51c6d9bcfe877511157201dab48aed1ab038999e5cc3fe58ccd37d40050dee92e0bd5332413a7f0118724084ee5545fb51942df1ef399f734fb9592555b5f32290c53d7e5017efa2b61e29fdce90cc3e7c1b0e545425b1d3e1acb9089daa786cb0122db3ff27ea0367751a5462230f0f248147ebccba2e16d214e9a0baebe989bba020f95b623cb14acaf2be6f157dfdb1e32627133f0d26c7b65a189f39955ee31d9b507b43126b06b9e4524732c8621d2274438db7ecaf736ab7257ced950eb68bb868581649232793ec83379a16f40781e76f5cc57c48c3f5c2989bea803e1b63768436d39ad19bb77db46aae6e8473ed5dfec983f49e4b8e7ca6bf476ab2f0272c0c2dbef1bcb064d7400bfe1b9ecce13578a20b1d5b48133a74c5c59cae0115bc3b50574580bfa99d58bcad336ee2cca5b7994c784bb90cc8f1b9a0e21b39d5eba464de34d46ac0bbe436c2f419d60d8ab13786f9a841b52710d1b49bec290de317b66b6855abe156c07619a4b998cc582e3f54a7f457f1d2839bc3ebac937ad3ebc6a9e6e845379cf1d66d7c59000e3f6cf6823b005728a95bfb0acd044eb35d5adbe8933a3637887cf91ee74bb910fdcbe797b0c6b1b056500542bd39781bdf13ebfbfe949d7ba0b7f31102e63bfc6e22693f97", + "sha3_256_hash_of_signature": "ded857f4a4e988c5c0ee90f1835e4dc1c21328172e46cfa77f99b2f56c5c8ab4" + }, + { + "key_generation_seed": "2b2bf7cbb0957a86bbec97001b60c7c6ad98a56e94542ff561f78fed211da755", + "sha3_256_hash_of_public_key": "b91174ba31a9160766a722915911e386e2070e4d086156a648159f9e6509d7ee", + "sha3_256_hash_of_secret_key": "d88b5e16855f090f628098b6e3026be1756406c2a6a3dee465dfc51943dd5a22", + "message": "2601a39b6d7d91de539ef11c3b67ae3eb1607716f587bad5f60d311a9f4fe7f04350ca085eda6d41c4bb6c6e13e376bf8a314ddf791ae18be2ec0544afd3cc27bdf270c4550e9e78d497b92349ac07755bf9167b2958bde919123439d6f49c3408e8d88021e668a0a5fb6799330188e35ec5939b77097e3737c4f664d01d85faad0f583b3e95ede125587e2a79991750d5cf804325c72dc8ddf3471ee8fde02519d2d0ca7edd651eee30b3be335ccf7fb02059bc3a47ee3c056d4929ead4fcd82c8cf49625d5da460daa299718556bf0f77cc5cbadb99b64c8ead4474601fd5c79309d4e63aac392853072619efd7b958f0ebde5cbd40acd57df269a8810776d6dff2e637ea57adbfaa08df8d2581c38cb262dbb4d1f3c65a4fa068539d2056e08dcf03baff006edc688023a20728b227a99fed3b8f2bcbed2e3e6ecd8b8665a2e4d233b78d7c33f6e3bd9d0a24d13c8eacccb53a21dda9e7a34f9a0f031091e65f749c9ebccf3ddc4097a121d8c68eb7883405ee34f6a8b0208ea8d5a3fab53fe2cad1110bfa6e094f78d5314880bb67bfdfbc2df8aa250f1d7200ff9a3247c4976dbd1bbe99df02a3f246e5d466f85ed2f68e0b2de06b0f2448a7b98fbcbf5872bcae71bf0db4e70105b020ff130141e8de86dbe05b7d2a234ce2ea83a38e23a262e46ffbc837e8a71f657e443052e9a49dea4e344d497dd2de2afb4009d681f232bff4feeb173546cbcc4c80c9f85b1ce125be678e5ec62ef04433d55d4b8829b01ac165a440fcd6594f2c0cb456c8a47444ab05a0f0717b8185930d9738e885d24dab98e11ecff7d7a48a4527f94fc4c9d1b9d71f5e6bb39cf92b1a6d0509fffd42e77ac9ad6f50f8fc649b96b8ac08673f78ae8d0ba2b7243452b33aac44b06a2b9be1ad6a12583d3590a3f9af0e0dc35da88a257170d315f32f3a889601d6729433b7ade0f719386723eb2a008634749f5253cb7d9b2fc99a1ae1bbbe7f00a536cd38f8a7237d3992c3897df412f5b1d45e1ef5b5dc974d49cf8dbf785160bc527543458fd9378b3d4d3124214ae5676185794209ad0ee73b063cbd5b7830d00f817ca0d5cbb597c44d28e4885d935b7bf426c1339c500daf4f2033fa6a27a4196f233256650472f205d2c5e00e7087fb73027b0c6c9ac5c1d928ccd190b8a6bb33f512ca8e2369dae6111156de47a24469683f4721a25652ff87474dfd92a028b3ec5bcfc244ce442752a7da1da6c33fc22573bf0b13e371ca9fcc86c76fcf7a1654eef4442e47399835a06336e62952770c6e61c573cfd07b3ab631b8831fe3f5dd2c6df68ebf2f8e02ec9f6b90a371ed5e62c8463780ac453ab6f72d38c8f5212c8b650f63b98e3c0886b6a85ae8e7256c1efb30969532cdbf72184aecbde2a17b9811dd4222d080049c5d36c532cc0e910779d64af93d750ee96bda87562ebd3830fead07a3960cd6de7146603199563693392d3cce1332df35c2c8a2c251911d38e95815ce5a4ce5596e2d77711d87cdd54d22e8f0ab431bf8b24ce9c7bd6d077e436543c70b02f338841af0fb86b5ea4b6a47e27c1d83e1ab06801044f546adada437f3ce7d788a1c92a74ba540664658e70d4f2711979153ff1589792859c3bf122628479c7c35eee951dab8cdb0d4d150c2da338346988d34f8c5e589b231b5e00849611ba09711bd3a0516fd515e6c4ae1e8a3657c282c8120c97aa7a2e3baa22b6eabb8d8212a9a48e7759a9daaa51b538f662a05fb897067b7cf9d2ceb47a1897214ccfc225ce47cd60e86f7dea49e220f7ddd6894b30b66460decbbcb2e42b31f4adf0aacdde544b9124ea5ecb04b03c448b17e8094d489f516d23164d2317d3a1332e0500f1423136c8535d69065e880af34cf7e36db5ff2c18122e41880585b4d188411e86b370a024bd6e28143ea2eae52eb46be334a21a02e21c6755c0182b9a055a7d4c7b056e4930ce63edc79c9fb4e2fbffc58f776086f3487f02f8d1e7c8519c7f452e75ce5686a037b3642b95d7526acd4a81a47112cf96a8da7548016a22e9359198e871dbcc5852fbe14eecf3ccc5eb2fb5ec31d10474df7d63482a03e11f4aaa2eaedb714786e21d03af1cd644d06bb05ff7b3959601580bf50e5f7f82ff42e9cf2ffca0c67ffc52cedc53c7a5c9efb6c21092dda374d1cccbc78bbd9f5ee0fdf6da6ac60c95f7c2e96f17e3c379a52d5dbd1a92dd76d1f5dfa19ea0408e0e7f7867445445cfa60bcefc016e68872fbac9098fd6a8e84731c285570b1beacca6f4728958e7924f7a7b7730b9bdc9aaebd9e045f464071843c650d06c96d487cf8397286f81d93d0cc2008a62ee32421e5231998140909474f6d98541d899ea53714aefe652a3d792e4c72533332c3133707a49293e3b2e06ae18f2f81d601aaddaf2fd09ec59350e0979a5ae2b721771682a1bfb5748d000f9736031ca971288f34993df10fc06a16a6dbeed8cdaaa8127f3b71432e723558f0281459820a0f4a75a3b2716f976bdeb88be9c73f31623050d7c1a96c84988b01d847309e1b6d7b815883f83c9bdb7fcdaefa8ba69e25b824812b7d54530a3ecc96611897661158dae1b4aac112e9ac13d07fdc03dc7d5af23c08c5e4bbff737238fd3f1c06f94215bf2351dce9cae14b4dd4745ac0cd626054469c6a5286ff821ba192706d47ccebc443dd67fddb76797a8b78dd0daf850cb5d181c82298616e1d3a92f7fc82fd256857915773c7ad97cbb9710373299ae8516b8a1d647a13c7be848e0269ed6c8a91dc50d0cad21430a3bc9e718a13d1966a0182d9a24fff7ecbc7876c868af2baf2d8b782172c6719cf140e8cb877fe6d78779e1bb31c70c6c9a6a77529c51cf78a5e4fbd7ff6153b5195817f80603e5c5810c38cf43ca812eca52f73f045e33df4e3d04ec8c5f8b4a7399f6cbbf0d39dc951c476b9bcc002720ce89f09c3885673bba9c90d20dccca4a82ce5beb38bcd60afe2ba65fcfb01c8793b7ecc0f0b17a9da74f2e0fef4c90b5132fd6baf8c010fcb5e8e7faead7f2e0db29bfdd1811072623cee274ef2efb0f7d4191f332aaf20cf36ff89a2edf15f7b284cabbbef46901271d8c1b180f736125c8a44fe164ac7e687e9a58c3b1775238bf1a11f99bcb583d0e3c44bf4f76dcf9496a06f80ca52e24d55b54ab849d3040b4798bf5292b0574672e9f844016a52a4d4e4dad2053207bc97215bcc1bb93271c03c9ad2dfc7485ee2ed399236aa06cf9a12972e21afdc587a6334cd1d71a7539362d714ba26214664e3b4bc39cdb1db847583db8e002a2aab451b4e5bd6fe200730bfb2745d03c82b640f4ccf58701708f724effdf98cb04c78df36b7a866cfd596bf5ea18445eea0e34ed514d0dc2625039049a0cc82711dbbedce339c77f9fa1dc60eddd8d58c8f144b0f3d00227afd8710bdc66d29809728d7fbe85f08aa38aebe5605da29a09cc0526fee84691eaa54dc3744bf5a95275037fa2f600b1f91e502d5d81af48f8ec4c1834fe625fcdf2364067048727559047e07062b4d8a7d3851853bf28be9d2c511451e5fdd9459270328a2612dbff42e1dd34005a3da1226a023162f454923c0337e6c74b44bb27a3b1ac82dfd68b0a6daf93473d97a9e4591ec01a51cb6b47e2c7a85c1ffa73c35e5ce3003bc4534a2d9b16ebf9fed6464cb1e0cc665a451616a62b6a8481e4506a73883198c144a06331224d358196c815c811b103959edca35b26bcf86f41d9c7638547496787885ee62b14af431cab2ad4e0224d33476c58b8b0833bf13b50be2b1d682ca7dd194b793ad2c6e4ee25aaf95459302f0b4daed907a317bcc6a5f8d76ca9aa0d799f8ea39f330d6244bfb9f35e6223a0f665a65f55eab9bcbab446d7fcd424dce87f234864d2c27ee84600ed9193afefb6e7681bc94f514fe0748eb32d32262cab880d79cd4fe5cc963a4f688d448f2db2dcc5b0ca87ac26dd8506512c100273b8d4d902fc054d48d8bf9ee818ad9619f68a8904b613256db78c881cea3373f0cbbac336a78cd91ad9d60126e05cb8c16e9aa8482cf1b806b2f9c57bc8d63bf008ab2e49ede8e788bf96b9f1db2918dc5063f3f1d5b9b1c0327141acc0b4b248ffdcb8bcc127050d27c805e154a4825dee6be9c8d4e42b1f5efc1eecc6a45dbc119afb15ccad19789eaafa8b1715111ae32e2aced2278803b60e2fd63a43317498244a7cf7342342b60462510e19d83240dff5d58e762c093df326ea503fd347d2a92a5a4680d5e13b305671c729179fa21be83b0d83144e63", + "sha3_256_hash_of_signature": "3692ff4404955290e52023306aedd6a8a1222a0cc80e4c807aa1c020435373b2" + }, + { + "key_generation_seed": "049569cc5fb969c6eebb8aea1af1fcaf46f8a9e6cd6c796fc7193592bca9cf23", + "sha3_256_hash_of_public_key": "5da26df24f86bca64761464bb2769522a8fa35580786574dae4a0dae83f30cff", + "sha3_256_hash_of_secret_key": "ff8caa0c4428008cfd5fbdaaf2221031d25e9b7175d6b9ab6bf6c8a7146efa6e", + "message": "9163116c86e64d90d35cb216fed71bdbe6a0797a48cb915f5a40fc8d31ad340767058b28cff0c240720327e12e653c1f98b5755d8000bc01324db2820781b94c4434fda76223845e0613e2526a95f28fb4a768b1487aa34dadb28cbe8df4fdb510dffe672ff004f37c7ac32072a24c0f12a050bb396ad56346f4e0ba75c0efac162288a7ee8a63255dba5cf451a0932fd56b05e40edd491293e045a6081f6586bdca10b41a6970d8f9a7b3b6b58aa772eefa9ed22c9a24a384d6947770862be4fe45c5e0e56fa4d116b79699ace41e5d9f2e4c245059cd798dd986a3763f527e0c9d5a88a09c4d76d447348509fa7d9bfbf3dea59ea57711a3b1a9352123d4a74df273fa24a89bcab42a6d455b5fe3c503f1ff638280f87c740b9e4c5ff20133cbdfb8d08caeb7de9f26811d437e6ec8c3143c0419c2f5135d25c7f40c7908c03f295fd26f1a03fbc7285196be40adc6fbdddc912b3bc94b0bce08dbc2185ee3cb766325068db55c31ffebe4b1f6848ad4fc201a5fd056916a397abe6a66ff9bb03b037b50ac509e46ca441ed45812e3334fd7036d190a7991e55cb817ec2a63cd800f293277e7d15f086618b55ad395c614d168fcedfb274fdf4fcd50cb976f68a266c5365e02a1ed0221ba4e13e70304824f94251249ca23c089b4d54e02ea03fb7c9841dd30404428aab2519d68cf564d75d18530c7d062496c120a8f5305aab23ae52255ec919eb0cd875422b144bf47f7472349558e746b0eb5493f1fc40abdadd2ed84a8b31221a485052369fd0b552972c9faeb1a78e826ba4dfb9e91e301db589e9d7c256e7051692c48534c6a5e2bf0f45b78aca66d5f53e549827e15d64e2f294f93d43b9f36bedce6cebc05e56ced3f846635ae3c384c3fd55b969ca31e8c625103c2b24e7ee45e92984ca23a331c5b14281b20116069c619d82d6080c6fe35c3a3fb2e73b695cad9c5d3300814fd65738dcc3eafcefcd24361aad13a25b3570d2d509fa449612bdb5b49e0605d7eb78449d1db40660af0f3d8bcd4869b6f175cd28ad72fe2668c3dfc1d4963d0eab309dd50b74b9d2947f86fbe9864ae5d0dc69b55b182ac1d914b11f631193f5f1f897ce52cee97d7ae95631fc2f2a1ae9b672165432eb2e5633b55185afa5e883268d8503aec10774d25d39c800b74405414fb06c55b8c48835577884d6b4f2f128246563066f8f34d76213e0720e899fc1f11a3b0a591885d82c688e40d6b44b54d6c7c6973156e2dd50c40a28d2ebba60f5117d64646caef72974f4b8362e4820ec04f2f373da8d883af27518567688146f16bf4e10969e70be8ace5d2ff6a135db1dd738907ea355fb6d243904f6427d11592672060da14443b55a9089167fc9d5efb2c64b0069795c341f90daff684e566611ea87bc40a4c45f22c23ab6888a754b89e4c95bb54629ce74ec999889c82714b5aec703de7bc080b0d2e622ed53b645688ce164ecdff4ed66c86049b2f9077f2a94cd685294f8ea9cbc1de29a48d39f6b308288dfdb47731e39644b576a298646752f5c53d7943a5d0f7dbbc9604902b61b8edefeb5ab7e5bfdbc1e6723e6047894547e440e918038cc13b47424ccfe1a207e08a40524b553c750683f5f6c960f05836fb9b28c59e1b471fd5331f1811ddf3eaff73798b7ffd6c9714978988c440ca906b4782a410372d70ee65a0a803061708003688f576e2d3a22580b706149a24b93a162be9f1b546680a1db2a8e54a576c28b4772c50a55161b2994514369c2192b2c90017cc8282f41d28099f38b2f1f0d2c0e46b444417a2078755591f00f01df0ce72b1d1bd255a14d2bf67ab3e630f95a5da9bd9e10f08efbf6fe722cf000c32460fa3271f18b39eaa4487c1ddf828b6bedf4523837bb3425ba1c1606e8d5d1e6182aa6a74f068f3e90b42641347ca755779216afbc99603391fcef4e8e5aa202bdca24b83ff42f4f01232d3f2831cda2db76fb93a4cf6e9efb71b5438a4b74c3190a8901d73566c50727559ba9bf6317d116e8f5536bacf064d3f86282e0f88dd40b63e75519c6a8e5664af8e1029fae87930f523e4dc7c2dd6dc3296a42a59f178d438866d929a70951bed05533eb1d818b7c7c595971c26b1d436d26897d6a6eb036a13511ac4a3bd724f2ca57fef07d2c0730800d35683d745125f4237add64b538b7dab0d0f258daf7de1a74f74a2fd010cdee810f514fcf6045f0cc84e2054b5f4ec2772718ffb4cca9c9be77f8f007333860180d60ee4dd8ce976e63ff49aa11dd42fe6946515e59da3e602b1861bd3f63c89362bcfe8438bc71959a617d8d63331a3d903bc5734b777fb14f7a2b063d79ea8637ac52c758ef88df217b95fa8fdf1009ab28d8a4f318f78772568cc7aa9e3b3e001c0111b1751b698ef1b66383d6b3ca942fe4f66fc97613cfbbc03eec9d0b7e08f80939d9a2ea1f72bda7b0d655ac3a94b4c699d3eb1bbd6076e63ef5c1fe9ce258b55d21164ca7ee03bb53d8ba4306f695e648093542d769da95a35ff3a2c071dd8abd5a82e217d82317065d50a87b689ae3a2ec7887957bb243373cf986490961220ea61ebe12ac0287b185070e124fc518c300620b4b6d4f29402b18c2462a7985c00e2a87691053b1fdecb7aa264f33e27c6b201ca6065ef79e5266513aea92e8d3e646453c089b5eba66d14bc45844d0240d2e7737c16668fd53e38a93d6003146019777c03644c300d06927ef6994ac794914efc5be0ca81680ca8c9752908fbd2d56d7fd1fc1c76eed755408f1d7802f0d3d0f347d82b162ee6f0a2a890e083c20b822fa6c4ad627f4ab5d1526d83d897c244d6ed4a427b23b4a0c19f4e8889257c1373764ab7063b5db8ed9c2443cb012381a2b3365eb568649d7ccd52271f25fd22fdc397e4c9c536ebb452cd2cd10dc5010bf433f88cb58d2b9edf2bcbfa83b782ffd4388f1bce3f8f9af5ae6be590bdcecb1bfea846d2f0199eccdb0c7e4d419f69b6a428eaeb462b67aa40340417bdfebb6039aab8242e39f6c11ec136d73fb315cf71414a2a1203af08fdee34ed0072c27462395815f7779012a41ec526be53da954e1f7a7ebbb68feb15cbaea8add6cd0f2fe3d3615991ab54f4c7884e8a80a9535f13be2ed944b3bb315de8af2a70439294cd53f041f41d3562be840c78efcb08661b1731feec46a9091ecede3a9fbc2dae42c72ebdd84308e95644373595db62157dba7dbf124bb45de6c2837b0066673bfd215ff915a8d41637eeb029c345e444251ecbbcdf79e246a80aa4591976a00da06c759c6160ed1986f8e15a562417da55109174628e7b11d49586882851205755b4f99a875ab3599fdcc094e4a2164e1764d24de805fd7b20efef2a8e23fea4e206dfa1fd9c31d90c1fecf745d3eb886190827d952703aa6a99b5000d8ee9d51de94a82dd053b6aa89cd7e94e92d4aa93a9224d3f688b5c834a53f2993638166a3de78aba7cb930cc5845f9915e6523683715a187e940fa2a978b5ca4c3b80db62e96a600f1864bf0b1aac23b1330b13eadd3a2f07ce7181d0a9497c455d228278e5cc3e4c00a2ea3eb8e5b9ce2799256302b0f8f1f829d3a3ae8aa7cc4ea229c5af476c01b8d48a9f6987df57c3469b6ef6dfcb488a3d5b91fe17b5798fe154ab8399a2e75f0d15b2a6aa91302056266b22a38a604edc374e2d2155abca119c11dc6827a47e3cee7032f6e0f59708dface221e47041cffc59ce0334d9b7c5e91c2c320a70ec2f32906624128363c893909f47bd970df652d5e6c2324033f32b1653a039f8c051d9dc8f839c50f5696e9e08f7f1cdac4750b429af03176ff6e643eca1d8fc710c6cdb0d26074d85316f4c9084d5f453f6d36c1cea0e389f3462e1478e2503c1db99fc46f3f0627f173672c21f3cc3b483998192e81efa689819d0007762adbd141a058587e030a3568e412d25662c40acdafc3c6ee30c10cc23e3ddedb6c73085c90c89b1218d67a328f06c3637a786d4715cb9f9d8b0b22d920b68b0557cc80a56fce0b6e2d6627de576e308757a8f37821898e96785ae323e413d3572205b0a5710143a2621c258c76c7c3ff7100a2fcae99c84d1ab1cecf7fc5b1e4698bfa3ba2a0856a65f2d4f291a4a164c0381d70d1213f7e40fc4ba42c43ea8e70043e27c5ab0827559b7cf7f2587d0d2f93c6382cf54e92764d815280d68c554e5b6fbb351bd18635786299dde39fcaf3efa708a3f18701eda1579bfb0bee4fa1f1ed6e09d450d427e4b91f4552f87f31f06f109e74af4bf301481452aafa2146f6375da467ea008bafc3c8408aadd61b07c28c55249ec0c8bfdb00ea", + "sha3_256_hash_of_signature": "48b9ef9ad0af81ae9e64f32945549823b9981c3186f26b0825d1bdbaf0dcd101" + }, + { + "key_generation_seed": "9d89b9a327df0d341cd2968ba9218bbc3e934502cd88919d8bb16dd3d39febf7", + "sha3_256_hash_of_public_key": "f71d36c912cd5947b9d6b58e19808b8ac780a73edc5ca1690ff14ac0864118a0", + "sha3_256_hash_of_secret_key": "d75dd042a1cb6b8d8671ad5e9115384ae328e4fff01e2094ba1dcde2d13c8f6d", + "message": "02c7c4451da90503c43fded1ccb3dee468a6a8d9e56670cd8f6a58e7941f1bc5efa6e2afdc0141a2f7e8f781d79e70b4813263a9dbc8d8a67f89371cfbd90977ec96461b28bee4c644f2c91e96257b1909b84ecb25cf438a3fd6b835e20d5cda56a1fb7995fcaa0ee1b5327fb1288e3c57cbef0554ca5ad6fcd1f1865c6aec6cbdb24495700ab5aaf078d8516ca4fa3a231a97c77bd150b127cdbfb42c03702c9027b2a5f6594b022ef55b63bf3eec27eb0e9529eccdc82bc6ad1f011f167d602ef1f175da5db4028bf08a053af2c728ade93b37edc2a75b7b6c6cf38cd1c07f359c73b131b13df76139dee6795f1d85b47f29ae97d0e40cf5dbb67360044f78940a1e80d9d99fd5ab0185210d8769911bc471650df0fcb9c3af038f7882f677790e146e612fcdd6fb89f90b7e5e46cd648f4bf8f736d69f8a91e4806346b4366fd48d1481c0b47add82003310b0a99b779d63ede1771f50221651b2d8af40f48b92ee1327c85a1d2ef2d86378076beb58556fcaec6029649a0ea5fde517a85d87704210e071fcb6f63317aeac3eb3e9746018e1028c50c790a45b1beda6eea2d646dce401ad5d7850a5f69cd85301920de77ab0d01b1361efa3e70ac05881bc02190720acc75a691d6064f9d24c79dc72476309e58cddf5fb2a253d857a79c8e898ab6adc300eaaf208820cb02f5f2cd317f4052d40de28e52c55a0349dd855d64e8da8296d4f572281e221a3d27ef76fee67fbe5484e6460c99950763b801fce828e93d2a633a1ca5d7ec582d7c463da5a9aa8056bb2173306f3820bd0a3273742789b61af89ccc42b81cc68745800d2a59231d5d28e832f443a871de5b6b10b58a8aa7cc9816014d7f3545ddf1f481b7f0c9dd41b4d96e5db767b74776c2253fa230df65f3e0b944b95ecd4138e2847418b084d9f9e0798cb5247238ec12b88c10a5c0c645e1d09d09059c72e33c28a472fdd8b88eaa93c63be7d980a12195c2ec3105df2bb81cc9c3009f7771b6b813cd12303e3a9961d6731af55ecfe5127bac68d06f835dd5f2d584fc0e648c3a4256e2a3d4b81966010964657f33d1fe0400724c488d5aacf9f2c0b802cd812c8452e5b8e2b17ff4a1289d33fc405f5db4ecab4a73fca3634756dfbf9012c413b6f64788fd0f68f8ab7620477acd3c14009377f3dd54b9eaf2784433d63341323f54d113fd63d7456afef885f13c13172a37a5dc82336b9515f8f7f4903ef6dbe9cb34930743b6ed11265cf94aaf406dea9802d17bcb369ad0d9964792f74d338dafe47ee88b3b74eba8e70774edc1f16fa876fd62b0bff880ce252ee4435b1debf36f0a06a4fb406f01d618c135e6103e2a39f4c9cf41ec93702ba76ba753ab49b5836c20f67d05943edddf47ab8c5b81f4bc22d773305076f7e5b697a7b25b016190072f756f19f397884e0521595326ca591672684a3be17c9f5cc8e8f4848f7136762178fbdcc7bc6a6c6a31345fee687b0505f72bf1ab7eb87bfe5f896cfd42dd67a239c70648b39bc0c84da33ca17838fb4213c38b68f22914fec3dc50194e883720719e9b5f8d037debb726dbd899abd97853c54b0bc347a322bfaf961c6cd6209c98aa81b8e2595fc151b1375bf4fca2dff49df40a3d1c694edff6e9687e73ef62dd42ad7a05195a7f206f097196aa0e4d68f8132d4a00ceded940c4f6ae02e6d3763073462c7a4bb11778290e744471ec554a05917e52c5263ff02c07bee055234eee10b79175dc164ab2051b03598df1d4311e87acf4aec45c55b1a58b0f05ebdabe248a27c0187643cb8f9529d31fe0ac4a28d780196da00dacff5f2dd64fb04e7c159dbbcdd3343bcb7ae188de15d923d2ac0af232c5389dc9c949fce554f7a0425d4f9b28df2ee4b81740c2b5a5b93f0f7ab75ebd360cbc78b11c28608b5bafc970cf3d4455a20a198392d876edcf89e2639b50cd84ae21bd50fb077050ebffb210be711d8ea807ca66493650e909911fd3cad99ab94b2ab2edff192d9d75257818272e147a9c54e06c53210fc091bf4175f2f44423669716fd9a6c4f96a0c4be17839769a806453e55d7357fbfb3d7a458e70957d524c0e896398e135bfa68a0cc136fb93ee7d30ad463e32e152fc32cb8e7f0b05a30eb13c0df98bc187ec0a54856d2efcda10a82b89dc8cd21c67d9b6df3d7005ef3b2bc9dcd5d55b64db40b74fd322cdf9d9911a00b5a02e1ad5ca9bf65d90db709fc1e5fc84be97574b09c83b49963a51228a667bbd84bfd8e0d90ec161fe5ca73bcb8d95fd7afd982ab7ebab51bd2b24cd6d356eb850d2c65593313d8ebb97e7dfa450ae982918582f86a356f538eb05afd460566d79f040d36c93d3c645b636560007d51b121de3fafb3ed70b475aff9617da4b52937c628678b109c3b76bc15bd02b766a394893d8ec966dfd8033d12a8d98ac5be201134325e32cb6786f4faecd7dcd05aef5f3739122b817824a672e71deb312cb7dd6a77116b30715076384297b1962efdfee6d6d2b2ed2ea4dd802f4784872d825db828557d4d927b7232682ad91cec3e508854f529853a8797b7bf7bff8e3c180980ddf4081e96a12a495acde0c73282ac78617c68a55a94573e5a37b859858d1e19adc82821b316b9d346ecfc6dbffb3779f692a62d20d1bc4e730fde2aee826e76638ade3dfaa11057b0bc8a80e8905b15e41d9a4105109f18e7e1362149ae9c568d1d642d65b94253be2b13e7230f8bcf34dc87241d1de72a65bba111c111cbf5bd618cd02e0a06e37f60b3736631073a6be004c1ad5f0091a82c87b276f7c5aaf6938c886a6039df23482e2064f6af05636b4c6ba6b24a29aaf2174af4bd959177203ae9b160f81ca6764948afcdacf6bec0b987c6dbe178dcf47c137c64809483019c5f2072d0301c19c500c60b5ca913c24a8f28f50e1578d806ff9f9b810ca14bf5f2268fa18dec67d973eb1d975aaf871abc980d06222493d900cebd8811fa20d5db8f8036430f8bd7f9554f7cb47f9ebf389f66c3ccf9f42db57affee074ffee4eb3e11612fd8a8fe02cc4e9d2f8bb36c505cece9dc87512aeb5d8ebe33328c5217ccaf2e1af1e38bfa84c0035decd8d8c250fb4d964e8f0ae448aab740d9ee9d794390686fe9a95183f0d5166d479c51014f1f29d8fec616e1a4e7a9c86e2af790bc7bd7bb6f746a2266332e04affbe6b9512e6620681c3317dc846e4fd7974e8ae87e370ecf9dfed574e339cd7e8a663ecd1a7bf5842391913d98686f7f2145bbc420f2f58b89131d5f3be41c85752e13504bcc549a8f690cd2b0e1e29e4dfa3cc76bd398bbf28f33a00c3915dd719f7cb985e9a0a7cc8190bffc8bf47310c71418d7a6c629c491eb8e455148bd4438ba6b7014608b0ce6a1bc5b035bc174c9bffd966d8305fe9e5619bca3fe4b39e6732dc652531819ac828f86ea11360678e786eaa741382d713ae26a608d582a3e4583d45744acedd32670b5ad4a1310301b28a174dc9858a55f0c1b7486cd66cb0635083b0c63016e40dfc533ab80c9cfaf1378d00769dcbad56b09da3a4e6cdbfd8f3fcb951680020dca58647665462e42f42dc14e7b20f262d3ceb0b1a2ba807b98d66232ad7d3839c298564bc36a134cc2447b1b9fe69271960459c0a6f897c1878140690da7d41fd8aaa05a679fdc3037eb2885ad3c82374f4bb991745351292dfd8e54f565e0093776b7ea65ddcd500beb4d15af6029f2630a0062f2d4fb331b47b6a5e139d385016e1fa490eaa209636b1383b7d7dc1148f07ed2cc2c03fa7fee09305f34c57b3ce899c18462b4f1ef88c1ac5259440aab48c5849652aad9d3cf3d31f36c7f64f918868182d36345ba5bb7a4ee088d8b081eb78fe977f5a5295177aa427215bb26d1de33ad4b2d610a47f8c672eeda703a04d0fae4c5961f13ad6fca81863d8a394135565d8b27904a511fd0621a532f84a47ccf4fcc2114d4c369b7a76822959f8caa25a6495081ca9ec3ac3348a981618592c090b6439cda2fbc932c8697b3709323e3388af8efa1b9cdbd65a65c8f0c302330ddbd10e0235f8030562452ede447ee5a5a9a636af6f615b1210aa7cbe69572b3467b643bc5f5ec3f9ad15b3ad918993355e209acbd0f1393076da3b0950803295b6571e476acaa04d48a4627367cb7faa83796c4178ca9071dccb8d3ea70381b61f0c56d515e0a765e266dacb13056317ad8737a1ad541aaccea1641946e331229f19bb54c20bd51e63d63bffa13110a552fd0a95ab984ef53bd639efa0568c6875b2798e3a0578c940c0c4197d3587bcb1cc45a99f5d37b1612dc1a4178a3e288fbd79ddacd049159d6a5416f9ef3f38c74449bfb2e6a894566c5c17b4555e154f29a93241463690", + "sha3_256_hash_of_signature": "9484a4bbbb6331f34eca9083d80323e93874d62b16d2fb3b79acf43b8d167095" + }, + { + "key_generation_seed": "4544c2f21054605b0eee46f62a87dfcbc3bfec473b9850886266f478bf9e33d7", + "sha3_256_hash_of_public_key": "e8261d263884e5fedbfb184a2bddd653de1ef1ba03f735d3fee1ef1f7a50539d", + "sha3_256_hash_of_secret_key": "84f078b8b19247d18922d4bf7761b5fef576b5ee94d52b772ad2f90be21a8e3f", + "message": "e13692e3cc06ebe8ff9a292d890f0a34dfe9a4f968f196b475ac4df553a30e2fd5df008df4d7508302aaf6389b6a5a9135e9bc8a5accd2bd2df98ff662b763101d31e24e8f182fa50840be27f76ba5ed645bb4d3f7f2f6ce25179a47fd7b6441a9b3a28783ceedb425b2912734a75d7d03811172188253bd8f0f52eaee84a9fb025f95ea1b566c53297a6a090f7fd8b21639523e073adaa750d63da61631f933fedffb2819e0eb3074e9e11e10b102ac88e2c8d6cf408fd241ad301f9b8e18a88b74cb4b0dac76347635dfbb3eecfdf84229babcc003c6e4efb7394e25667dd7fa47d36e027559f53e98789e6e732e6aa23a71607677fb975c2852367c5ba5e3d10b3017ad26f9a38ce803929d08a43646ffbc3980b359d8bc2e9615636d4e5de8de6fb2465a983eb1696e98dd33faeb7af8c2d30506b22390d7f9fc21c7a016fdf22d21ed2ea4175fe9f5f44598ec26452700dc9a495675431e1236865f2f4aa5bc9c9a10eee9e29b1fc4fefcf8f24bf94342fc7e19aa6534c3b771d910aa419ea2bf70e2c1915891cc630a3397551e4f34bd2192b70eb210ea67cf152a35a3f5d0878e153579b42afafe5068b2be2b48127ffb54553b7a9b6f845e7d72c43938ae42bc03e33b836ab212909510aae7dbe8ee6d0eb8ad84d60832f3151273a1e09c514c3aa4cacd15564643f4255f36059022b91ba4137ecd97b34be3308d40ef06bcf4f45ec625b54c7347f52a21815508199c8b7a6212779cd171894da9fc3de2a6ef5d76bfe03b8199ed1dc92b2a403e4da009cbc0fb597c5952be32579eb8e781eb12d935848c051029c528cbb68cbc1de0102b42561e21f48e72e028c2cd8816a9027914571b49d2f94c9189e1a7f18d7d3d0a09b3a36edb8a084ace5fccc77e3e42eda0fbab8c81eaf170103ca757981839c9448362bcaaaa3f20c8dc653aef36953559f3597e1915f02a8d33d0e46201fc794ee055e6d9955b91fc7aba1f136c280367404725cb355fc2f129413581401f98236d2a6f8bed7fdd7ea99060dabe3f0e8ce20b0e98ea80994d1673e8ccc6a0ba4a9d544f3d31bd95c9d3847527a978c1f155efd84b6a7becfb749628ce82e80285fc7272ea05f953404e437ad557f38fd9bbf77a69b81e4441605b23f2aaedb00c7519d8e9cb4cae5f8c3fa74faabf6c12595ba045f647aba7168c65c8a6006733d1341435495c7088c3361b50c43787ec24c24f57323466b5c088e8097b44666453010da38ad65b426e72140af78a5448b2f93df3820f013fb9dcac49604c86f2b2e4ea565463917285f148e8bfa9e11943ad3b86b14ed59a190cae097db26daf8fd2a642676a37dd90c23b52c82ce028b80a805d9ba05457f7b6cbaecba4094822e16c14d6e2291b731d581b12fb16802653360aaa6a7989d61c80debfcce81a36d9ecc84039c4f086a5579d36ff5d0cbe61292e4fc3d14277af380a9c1dbf36c2d61f59cfc0d62524e042710bff5ba719e56ba367ffe849d660b9f7f3b638e113bf2e1a4db1b8f65a0fd680bb2a168a4fd5b4e0edf3208ad47f1ff4afbaa726e38763cb5c84c03da3d1e32cba873b9a0c750922cd3d0a10a4877eafef602f5c875fbf0ee2f4f0af7f308ef934f7e8e74fda62a860bb594fd061d1b2bb32ba613339042fd90e749acef450d204072acf58b18c365e4f4b815f1e837453c4255d53bb68d50f3677e7173fcc23d2b592149a9f3dd615868af91f705387547862d34553fd45b8df643f596dfdb7aba47bd5d91445826c86fd4d30365a2f9a3cc0913de19707d072f27a09eab906304008875b5be3526210d6b8bc8663975a1f78eab9cd7f7305cdd4c00d6277622e50606e1cadd639730101d088bc2bab295ad86ba8e26f5ebcb3e9c7c543e533a7b3c20f0f89001775f714825dc8547bab06f5b99c5305ef18372a184569323fe269d45b669b9a222c9defbb0b2c84f42a57ef343a5c12f5712eec33985df8f0c566d471a9403fc103a3eeed42829d8e3e5c517bde29447841ce96c8ac587df3e4b6227fab386140db0112ed0d2846355c4a45e94f3a0718ceec13fd3caaeefdf0b7f89f502aacf8c9d96d01b5549157b7df2be65bc30c889e69971700286c561df91c8cb923001e5f0e21d2c7a3dfe8d1af07fece1eda20c031b29a4389f265d2c7be64ec37b2884849ef30fc8a82d2f766ace68c72f0a4b72f3b50884749814387893db2370a3410f794c64cd24bf0d13e44ad500ba9816f9baed72f7593f758592c2e974d1207a664b869130baa1fa71dbc55875134e7cfa276e36568f79483886099a1070c14c6e4eb87523e04c0154a2250624261211723453cfad185298de06d08cc25fa18bc58b34ecdf5d9dbb02541bab4a2af110ae09130e12439f1cecc34f9ab5d7be36c827a6f2f6708b543d4ad2e424805e2a74895742b0a5da30cabe4ab45f40cbfccbeebdab9b8eb8f78781168b5bc79e04effe1757ab0547b9bd0d2625673ce528d2b4874d46df0e09c24fc413ef9ab4c3d2e803c1e316d77ff5de3368bb925b2b1f6ffc340525663931f5595c8aaaf9fb0dccdfa4793519a66d4fde38bd2044c60fd1de15d60ba878fda570e7aef6db69d2527a1f1481a9d05ff2f6f621238939acf5d2c37b2bc3a194a9e65e7441764a5ee37b1fef3b8c9c425be1b5ff0d05bcb6a3b91876ec04ed89a31749fd443c2b85f8f388e7070d77dee37e2b666628cc9a961236dd24af2769c1f613b4e77f8e82d1f410ed59f63f1df19bc53a448106de4f8efb8cc37e40144b0f658a4135e25a3cf36d8692def2677e4bea3a9770f19e44d55080625421d5badebef3b39be71c08650b5718a9b2fcefc4becb26c4b63c43f6557dd66517d103907f82f9c2b965b7c5e36059d2159183f5acb8b5ff5e6b92e94d53ab25ae955424e80edec4650be293e836da6148392c500ff4b7672932e90e068569b81ae335b2e5013ccc95f571948d58127eb1269a08d6e897d2d9b60f3e49847c05d0b3ac230a67eb6d38ffdbd4b8d82d7b9ec803429c701f080be86faa165c0111131712db4957fd84a8936ab55558c69d33d5890cadd08d7f0d4962cf9e2f69c7517e79db14b76e6e188f5ed95169a2a7e4c0ebc2175ec2dd44abcf239ceb3e22f955ed25da41768ca5fd9a9ae15faaafeb431958a679249ab8bf879185e8fbf9986b96a92972153b4cd0d1be001e5afae3ad1f0b1191f1483738e728d4ad240538e5ef7bc9ba4d5903929d74cb64241306fdbaaae17b1c3134aed2cc394d3ef9653cc62a29c4b0b9be04e95e072ec98f7a80a7b575ded4a1993aa884c1edffe056ec475d934b4eb0ebf418975728c6e9cb3919b2b67d2c71228a4df1fe2c8388e3a2bdd75549417fe795f1947f857b1c0c9ca021515fd4d79e691493b988080943c394bf29e4190082a94f224afde5853323ea51c06b41547eec0da5cc202a048d77c7b91e794c51e72b02ea7c14578c11d9df48e099465783e496029ebb6d42d9caa52902a4694355db01dd7f5d7c113ae06e3f712fa577e937cd4fb817659f93964e194fe7d509a81c258c69c3415a8f11d35b414339fd1cc1d4f50665d9111592d1c3a3d69fcf6a971c285a94f5ffbfe8d2fd2746dceb3b218d970d670d10135126e479d92000d41eabdeea4c04d1748a4908dd39c60a52aa5fe29c8aced50dc1295b5c2c4a98e3c62ee4f370f4d3e500fe27b66f65bae604fd558d66b7f09ce36c36c8b5b4fed193ef56d1d8df0fe6fe0031466a1c633203966fe83d6bff843657dc0af176aa8d5cb7312cb4e072bcff24d5f3828e29b2037e8d1fb63537c70c27011e9a97e3f04895f4e84ac69c55d450b46d5792a5d790557be64f765fa243afa98527b976783e7acdf76a7e1dcbda72431fc30d7b05197478d8d74077626ff7409f95b24a1f1bb6b803b9f1b9ad5b06883fae6c4b587c309a63f3b2fc9619032157b98c1da9608107e87f4fee0dae995ab86ac9869446cde92441f0b9f8240e6f7f7aa9189d92b7faa3280fa749ba8c7729f8974049c5cbcb8c6650cf1c16b8194c7ae1a82b40b8b04488fcc69e674362fe4821d4c1846cd9bc49234bcc464013f5f9a082fb83d63098c331d4b1c9129f52259ccaf4a9237f8ec5bccf06f230c08ddaf1d0c21c5930f55d3d5f60cbfc447e7fcbc75cd199733f8d17bd043b67b0c138cb0c9c8f2e477728f27dee573796f71b013689b537aead4991e67f2f5eb94bfad9509d7c235c9e55f68f26b9ce8aa90834d170f8b700a40ae9a817d5d17b1644d25bcf1172a5cf0c755a6ec04fafc39db06aaa05f5988e187b9e110eedea9c84b99ad29a4b31950f2c870a1f91daa6a5817faeae516fa42660fcf56000f7365d8c6cc11d4784c6fc02e4d0c727806e9d43b957bba124c980c31f81facc6d46f6c38d227eef8f0", + "sha3_256_hash_of_signature": "e3c968350f84e949849346ff82266c56d72b2e2a477b4bb26acb5c830f0d8047" + }, + { + "key_generation_seed": "d9931e321732bd82ec9ca1df12ba48549bfc7d3e76a404b71892f4198777ffbb", + "sha3_256_hash_of_public_key": "08b0b75671ec38ca7573f93fbc829fe9a3c20b2eb48375bba579f9d75eebf650", + "sha3_256_hash_of_secret_key": "03bc4653d17516596b84399b6614ed8da1b580ce47b39e28d7f78194e2412605", + "message": "1f7ab96e8c14d1a5094672d7034fa8f81703a2cc18983c972cc66736cd98b031ac8a479ced21a1f634938df85f3e83161646db81b9ac3ea22f80980b8e2eba4e9975714e5a98985817f426c41f3968349686b69af917564a2648401b8fa127fc3200dc16a9e663d1d345ea83131e21229dd39e70d7270de7577a7e9635602fd2c30efaf204a9234f0a73d21375658b0b0b04927e67f3f5534614edf5137badfed914a49aa301000092da93b3fa4a0ff592cc3a53f4a75b54fee775efa421eefcd6e0d32fb5cdc096886076da940b26c6e07f12f6e08fa7b3e2dc42055308e5607a2732717ae592a6909c6e084252a5b08685fe8c6c1da387b0aa9800b67cdb3ee2fb21b9be5e6b79ab545563068441c0c9c1e68cef6028a5cedf27d3ca47d95094c9e1e68b8449758be3ff8fde148abc420295dc76e3eba8e11433217fdc3136551a5a41c1c7e7d6ef43601946897fda54842d8f73faa7eb7ed0de544fef2a95c6fecb13c8c0f14b5b22493f54374184b73d5bd47383bbc5dd7bc1beac0cb8e66d2f413a9dceb7e1d0ee2d63b9eb28db232c33a95b792ae67d2591f5af59ddc45771a0e7195c4d25e7f4079359597678b0c0a87df3d66a686a9215dd566d4722c212ad05a23e1377e37e18a6ab3ab8bf5cd47bf1baf06eb05e4c150ca67d7e52bd297a08cfc97b575752e686b83575f425f3a450bb0f596a60e41f7183f463007fd019ee255bdef1d98b7a0a12ec33b3e2bc9bf0cc8f4860debcfbbd5e40b2adc2cd10ec35a341be7a49f8d204fdae86921b7de5ba700a61e2b041a8ea7040acee844892e5cf025ffec5322ff6d765bff1107c967a12eccb0489f64f8c13bd7057df76485446641aa7a560c7e73008c46572628e1a225a8d3f6d68ddc9759a952fc07cd43de4434bd3391089e900275e9ebc92563ac1403bb7dfdd182092130e3e6aeb7b666f4ba66c38bbe1f726f40a07df6c42079a6054399519e26d765ca065f4ddfd27a29cba292699cd826fa9d3e7ee31b0d76813879db5ec5c7f454095dc3bd27323dabd2dff949ac760d6137334507816330fa67d886021661adc69aebd882a07e01b4b6e5492399ecdea99222ee785c810b30409dfaf2a3ce5a05d699c2368249c9588d86feaa778b4860d6dd442088a21d2d9d0b49b15ec579776812af8ad582f1c44bb6432d7472300b5440a382ed87ab64b20373a0abdbce391d0bffc9c543ec686449fca9d04b7141836a416720bdff250a06d7651a1f98eabe4b340b2303591d0847aed6ffe423b6dd8c0c03459c381db506f531343f82c116323899df1e5d8db8997bec12eb70103f0bf2b3d53c4d4694052606ee32be4f5b35450358d7d85062dcf7f0bdb51364700baf92cd6ace4e2c10e6cd9a332716f5f4bf7598466a99238357798a499c9b8be77690635c57e7d87a904b3f2278c0b1b23e5860b0532f152e1626c86fd855f656b5d070bc81ce4634a87c8ea6d6a433c02dd2e6d6561b25968b149a6f3bba40b749f188b84314b5778a000cae91a53d59860ee6f7df38ca0935cd64c08a34bf19981c17951b9c39a847d0637441452e38ce5e1d9b99bed51b86705cebb8d3244c40bb8d70f846936a2be29c21604a7e6bd3e655022b929954f6c9a5743f5fc2127b49956d80128dd582ceaa06fc174813e5f5e6a0a4d7d26756fb28a6588e9410722591cce2a6c6ed0976b98e1fb0c642d5df8f08e96bae1fe10375fa1d7c70806101570fef1ebc8f58664281e2b61df2081b655013aef54616308504f5f4a1e8f156680163489d3fe7bb0a514f1d2d57ee6302853d7d03c767c7bdfb79e2b8c80403f26f6edbdd6a890a0a0b9b76d334e0f729ff9c47bfe960a1c3faf77e81b9ac156367423dbb4d766a1f3b1e67595effd76287f22bc37da4f0204633e804002eb7c1ad0836fa4d01e2fcdeab8457dfc3d8b7f1151bef3574f8f4653aa3780003787b8891901abc8250a974c15f2dddf9e1be6798647eed710d06cc3fb4c276bffa585680fc632d8efd1614745bc3c72b82c53feae935ea5014e2b321f69badf570fad878c9590fd20fb7bf1b31e373da93d1a8c63ea45e698ce060fe70aba0fa84f37e836f2ad2998f07101d3fc7ca2b08b1398e1687ed5a8ce860ef9b4889ff436b74d13281d1f6a7edf1dbe8989bfaeefe6a475e65217643e757006871e664099f5b3846553603cd9eef8fc195807361fbfdeb8dee6a0b79f009c10df397ffb865f4ebd0473d458d553358029c6b5a95d6ffee9b645311d10a8f479b7e5249aa87e3ded08311b4ddf3a458fe61ae294a22643861826acbbc9b0ea8b73157ce15d1ff35098ae67159b07ca7499398c26776dd9884b5d3786c87d48e864d8bbe2b73e2890f217e135bfdfc4dc5e805d9cefef5268e33db611aba6a5d57ec82b7246a63dcf3eaf3a51cf503d65c206d2362421de774158aeaffee45a6b5ad5cc0b1de0e2ea74e97913729a69e9c00a309ddceb7738baf4757ea9cc96e055bbdf692b12d8b01b92ce5ecf3d52187402cb7fd961a2672dc1875b6ea22ad7f5f42b1b52ba2d780f2e6c5b25fc7e30b1b663e3a09c8ff0b5c302e0e7f984ddcc62dda65fd996e17da72f02a16c354bbdad44c5b5044759bd53789b98bc58cc25fcdf10a9cbbf0fd6abd58a4cedd92c5d85ef22b3c5ee5d9440ce42995517d2f7352ce997f51a36b9fa5703b4c6491ad01f406fd1b5bf85321026d28b51354dadedf057b37743499a986469f908a01f3c1b74def5d8e2f57ed25a80720b540333109a0a65e7984b557f65429f3d3bd7ec3732a10d7af36dd5d2414a09949a0f57f37bd9021d2c482e61437cc15e9dfdd92d4c212c4fc6c22c54591e5afd48210fdc88040135e433f50e45874e0d5ee2bbc857f2c80e2fa4fc7acfec8eec0cab351f677c790787c715945c21bf923edc0a58878ae09acf5fb5a003c9c0b6e30a450ce6dad4b626108b88e89f1e6a7bb3843e1ec8aee35af69e81773cff71190f819ccf24142d60ac51b80b61019ec7ed2efb6c5f18b499fc9727bed2e3324f8b94a522092e0a98241e29f8f14c6561df3fea0824f9cb0fe10bb497e427ee62085e7aabb2900fa47bf27c1638bd116c5555c076deefe9754e8ed333d72ce9423e27ef640fd5199c0cafbcf2da1c5c34121a69e7e0deb3c268fe60c6797056383da43e6f472d225116f63124498271d3d43aadcc5871f2349ce040be068d72eb57b7827a7d9aa01405ba0ab07e684b91ef05418948f6713aef1f4948399e0e6130740cae3e481a6366295422be3ee2e892aa9fee86a6e23e2ebcbe654989fd93d1c4e7d62910e1223bd66b7c54f8dd7d373986e5d4141bf0bde98dd13aab7d598d698660f11fa4bfb0ad09d5c27b65386c8673e6c4ae9e8e30f8dd1a5a3fe557a3c29dcf99a7c376200ab595c49445e740e3daec07bc047fd6ea4fc6cfdc23d7449f9d1170fe635ca36d3de5b57f1cfb182de240cd4c1e480600c449d1a8596d8315906a53954201929e7665dd2e27d590d481dd394cf2e8ae19217f1ff0cb511def7460dc9e49c21607247857ba744b1384344b4c2d8ce987512376f66f1a279509281242a7a2a58ed500395418138abdb9c5572a258d157f4d3e88ed216bbe9cee3bd054fe61f94c59a4ad19aa62e456b86cade61622a6fea877575eeaea20c76ae8a89e7b44396bae0eeeab1c23f221a3df2b2cc683256a4e5c8207eda0b235562ad3b510f9d3fbe0b51cd8f238a0abd2ec182681606c8fd111d8ce1ec1cda6db4572303ddeb925ac1fffd75e321468266790dee6bc0e85070cee749d9e46795936324dd1388e1b11aa617500534b8daf2de12b035f73111b770f5f56f5c6a4152c45ce0e112e650faa9f3c7e59e3410745c29fa59cae5cc37fe4c6594990e50df1576b69b2b292afc58a804743f49dd7c98c1768fd19ab4213ae4fb197492af5bf7fbc6c8b507673539d8515dd527fafdd8ca3eff629caa720aa11e65922678447ad4ddf5ff943873df5203afea4130ca5f633e104ab083ec690cf092d208a98006e91bc7e33731d18e592869e564e6d3ff8bbbbb9837ffc1f1b92de0f5dd4a029c51e3f64592cac3de1b4ca5414f894b7b0b7d73d6bf1da4b908aceab47771da56a8b0536301fc5fd270caa55ce171332f7db2eb4619c4b2c1971ebc0ab8b0b11fd54c24285da8428ab9e0150d8897216b133ed554de8cee532024df8b8d9314d7c9a3ec60464f9c7bca8c3d4fba23a7b543ac111aba8c8f1bd54a243d565dc062f84cccedb0a03375fdfbcef8ad8cafc440d3e6f988dc607ecb947673dec4ad48724c91a6be22a0027e42af6d94d26d188d0b7b3a5af012880fc0105dd2f11171742321dd41a0401415c58ad4dc445642a2cbb466788f54d270bd8df25602b298b62b6d0fa3ada97008a99b73a807092f8957f17eead9d53b1128fbef1defcbc607ea92afbd353e95f52d33ab7c1ebe2", + "sha3_256_hash_of_signature": "bee9b663d872b517dbcd16e52c8ed9c5446c51cb5cf270896000c21892b4f132" + }, + { + "key_generation_seed": "f838451e4a5929b8bae9084b40b1dc0edfb76a9354bf27f981960c88b0ba3a11", + "sha3_256_hash_of_public_key": "4f04e3479b9f0d5913904285e964225699de79b858b72d0d8a5f34a0c4228f83", + "sha3_256_hash_of_secret_key": "9a113fbfc41e986fec17a25618159a3f29a466ecbae98d5870aeb838a055f894", + "message": "de897f02ae7292abafa6a0cad52929113410f2ba972b4184e894c4d31081420751560956f49ce2b772635625afc3ca6698fbfde4d0a05ef243df190ba1ce780eb572590e01e6e283e1963f2b0722b0ceb365552f65bd405f1a284ddbed07ba61c4453d30cc28c83e41590e09d7bb6932d231285205d61332fa9263b8a2d3d7f7fa20f521ca4b49f249896780e08c2dc41669bf0777278f87bb1f72cddf4b998062b1642791f81ad474d6d8f963dcb4458ce11108544c41cdf19145b77038c7e8adcd6501508c53b25be6e787313018620d1ba647cca4a5a8399e11815eaecec6ae66dbc576699bb0ab44de111ab6f252256389efdc0546e641de87fd6a3a724716257a9174f39542539a593864441eb79d499fcdf2f1d053cebb3a1fcc09419d2c553c2265b3dc3943e0341bb49130e9981ec59945fa0b23e9dbdbf352aba0d925c4333f2ee1f2c83c847efa78bb13263b893d7cae029bf08cea2a5d1b5b997e403a489c6d9a124fb8386fe58c2476894e7754b8e5a162102a119482b5e59f8d89c8b1dea70b6c80641c77bfd12d45c5b3ce0021ee500a1665abcf740794e0d3e7e8cb5804a1e0d0c81a107dee80bf63bff8ce2ee2dd602df279de39c579b417a758356d2b48b41e83495dee9adfe4506e03f19dd096e81405264d408b2fbcdbf41db5ced6fbdc2645dbefe5bd038382993970c7686dba3fedc24e1f91ba4b6cf70b2e832b97be24b6393273a519db0b4446e98d77e86ccacfbeccb18939013c66f7a29b10de2e88fcfaef656b858b7dfacc4f21ef5f328c0ef604fedd993510ba40530b79525fe8d336def0e5c303539e664a9360edad7268f70df4de199ab3f70eb2ba65e2752bf5fdb1e853e6f4efcafbb31d8cc23155413be31082da958b01682894a9057cab66d4d64a6f3b1d81c5b75815a3e0caf6486b17339174276a84e11c117b060302dc2ee06a03c0e15395c0dd32661638f059a385578c1b792349a41c511d12ac7185b060a831ee296e6626459c2750faf3afb579f6f6836d566c00c979b5130e8e50431e914834cbb3d26f6e5ba50bcf05d50f699faf10767aa2831c3557a53af14bfd9f23c00f76c2680c7dbf4a9b2a425e34c943228c3ebe55a0960acc757d7878f7943e2e8a1cbc8c0d2139a6a6459d3492a1a7757f71e90a58a78e0ff9b04d059c5d131f6e3c30742fde5506ae7860045a4c903de96dc43ac6a69273bf8edab7e7fafbaad9efa8fa609961502efaccde63a6d98d8d017075487c608ff701a7e3381d7a2acb134b198950ecc6970a75af5625faa4eaf968cce48ffb673f4f365802a984c609c33ba312140a60a6f0924e945d11baacfcd643c874d352a90367ea4c59b63665364832b1a9a9a01eda92c64f393c357158973fa7c6047b8b5e27eedb28e26359402b63032f8b230f5aa968272819ca486a8bafd3d66799ae951cabf04ea81e1e7e4632b915d4e8387c7d1f4fafe1c1fc8666fe0318403ea0027487e947d844a7fa28c0523a64ebd95d2a8abf6a71fefb5bc059b2cbeecd4375f3a3f109dead98539244ddcfee9e42db3abdaf943c445712ebf19508a1ffa6133c5078c1da69a32cbe729a8876c4c73cb232024a87d87fd5f9456d3d4a936cb4ce2e00ef415406d66d344000a4a95cc9651425a16021336c4beff310210324c754bbe13cd0066c507413671c80cf492b4655d898a18a2f4db5a393400c6ad821580b0712d6c919c62e87fe212260eaef6876c409fca1047a67b223e0766144f3f676f051fbe912c4ce4a9f7b85459da031ec47c621f6ef06cd1621421fa52b047b51c944dfa94807083b4ed40d533b19813477193d1e4e96c8d76a5af3100fa44a985a6513060b08a7f3848159b3cc551d43370b223037753b824a099a7c7df59305be09e2e79618c83818bd542f39380126a927190ea5536dfa63b664aa7601c6d82cddf4ce4006e1af2601ec453971828cd09c29d2f3ea6392b58d38bcf40bf6b6497f6b848cb853b187610cd23880cb09787c76087356c66565c0399be746a81753442e4aaa54e84f1d8c2ccb2d00a551e960203d61e71a72e131ed1967dd06e72c99264ef2ee5bd156fc869b5031ba23a6d354d7cec58f339f6bc2dd1c547f07aa733994860197dce5bce6024a74668ed89a2c9cafe1f78b31638c3225d96009c260fbd28c1f0423e75c9c01a0f9e62b7f265fa3817f441f56ae79ba54a0c107fd7946a2ddda60d0eae428715fe2b4ff93bef83cd10e5e17760fe028f1aac8084a43edcc12bfd3265d13fa94d9704809a50881d48f0080a976c5bf31b353b9043c0f0b69ae6f2b8badd056752f2fc9e90c4b35850c2d45b9f354b41ed7826b976528875547a0c389b83725e26c006cc8240e380e3eb554dbf2133a131743539b1d174cca6b135c59f81d499631bda4cf90ded836e8c24c074a0bcd83271309ffef320791c9030fc2b1f53fd2de870e54eba20ce9930c279b48b39cb481737f012f65933650374ba39e2222191b0e3c7db9632ce9cb077322cef97ed832ddd8aaee53c52c03d2aaf8eb5597d8d6467a406bf428e2f16462e0c0d486a1c1c7348cbbf92633ec4ffa75945025a3c92095317e32290d4cbaa6ca40f3f201975f3fc8b733d1467c094e075e8415352e3ae51a6c5169a4aa430bcd66ff39b184f5b7174042dfcc6840eef60ccdcac12d012ae4f24f7184a038d8d9964ab405366740600b98cfe2e4737c8d846fd4e9b22b5047110d85b37bdb9e7e3baf5298bbdc1050aa20f14e34dec283830f5fa9c570c22ca659c1276be8ffbc0ac3551db8488855ae7ec21e239e88a0f68227d17dd87ffa3b3d0535f9e57807755de56a65c0de9f4a79f8746b20908bf9416a86f62ee2c2545bca2d55cd4d45dcdf06dc879e1b6270a80778d0274aa658395d800eaef367df4f4d838eee0a66093e0f419b9edc5f003e31cf0eb7e1cee9accda7a2dfc920a4b5222389dbf12ad17392850c434a9b3c260159b0f52e78e7a66d28dd5b3c77662cfed2cb3dd5bc3cc26a34293ebf1fb3a9bc59bb0c104c5a9387f3893a65d145d424ce741a375f9c65e733a024e78fe274b29ff4b0eb6f21fafc31453eaf7e48fabec5711d3898b876f59952c73123281a8e85148cef5a166bf45df36053d57ae6f29d3e334bb2395fa236d4daa8a4fdf99d80a9bcdbed36154bf4fa3d463d51974032d7b88b2504317e14165b1c3fe3d8fe366fc8284321d80f9cf512f418c63f73b7c29c07870332387bbd1a870ac39485f64086006cfd68c8299347615a423736c01faef2da56cfb6fc966948649324e22d4551b9f50654ee505547f7d0b8481adf6aac3977f49d7e6ae5c4248df7b43bda7f082aacfcdcf1c1bc04f2d45f5e028498ecbca47ec4d1ddeb03a2ab27be9e4b80585145676f8ae7a5017bc5efa317a576ed6e423d5a0495b8dc619712a2c3e6162b04b9bbc7de4be6532f6c1c019e702c014c60189a2612594bcb18317804c630264d07b7396db562777bc305b885e00706ff6d0208737bd229bc7aeeff5fb770a4c057b347601f1f6c16f60d4a53a0b32631ad2d41fa307f6630228e1807d22475d5e331a50a680896dc606f3941ac08f8ba46de5a49f5ed6a94965334fdfd69c4a6c7973d9615b3fe576b15aacb9b98d9e498d2a3a89b4f8eee715ed5f29f13dde7629bb386f7cc800f16f3b5ba8bd0e14cd8d9bb0f0aa615be9d7557f6efd00f7bbef9989e7f463279408e6ad77e100ae4457d57424f2b1caef43052c5b25c896baa1c2fe67d1d6f669311f17d39460f0b176a7727f53257a36faacbf3dfe623d8f882f8ee41ba1ce387e1d1860f4babe26ed678395b9979d84dea5c7b38905d4c7fd867ed7722d066bff3a833d3282bb40d1cd310dc8dac9270a49b65b5181eb30f166caf0832a8dc56b9d135550b506d98d036be7876836aae669507990de6d03e78a38139cf64f65fb410f192e30b045c93fe259c10e0c5b56a2b5f0605da0851104c4beeb4e3b30135cae5a6c68403c63121b0993832834a3b5ebdd345c41b26dd219560b624024b8b945a10d385b3ce4e0bd54e10a64aca59d283302028a9592120d142cceb1cc30e1f96ad041f1e17bcdc3c68c2ea2e0d65d6ba3696166cb365cc461abc4d67d504e8290eb452ecb77f6d5faa5053d01317646242384c5c510bd43c5780bbd01ebc3af33d29d8a09ef39ac85e70398d2a64dffa72b3efd8d6d57aa2f9dac0cc6eeab27b69fdf2403a5fede0bfaf441619be03fde44c49ff0a34e9c37d2b9aeb726d56eb646a67bf349323f397db056d71de72a2597d780942554c8f8273e307dba6bd02e944e0559509e1f28b511bd709d03ea2451ef234df6f077e06aa01e2806d5bdf89df29f1b3d8c6d8014496ad83857f7465f1072e88709d0194733e1fc8c9f092df5b9802fd2ddda8b142217b9532d8604e2f32d06f6400025930da2be9b25529788e6bf4eb7f84c272df455ce2ada291cfdb5fe815129e4aed59625c879e99b3e3c1b6c5d7", + "sha3_256_hash_of_signature": "d4b3e9317b4d1ce66581f379856378ea8390ecdd33239a90a3db8776d7b7ab7b" + }, + { + "key_generation_seed": "8e4334b2589d0caecf0fd9ba584ea26a4123d4543a8a0fe126d4a7e07f6067af", + "sha3_256_hash_of_public_key": "167a61fa5a13be459a65f10867c8869141b39523cdc72ce1ed7232f3b89c8e02", + "sha3_256_hash_of_secret_key": "fb2ea505daaeb3249242c48bcda8620a8c7c7b4656eafa35c0171d4db49fb969", + "message": "525e8b98c55864849ffc71ebc953f7a0eca6298f6aa15a83bf6923bd5921b1c86dbbfc544a39c364ef6d9281481e946c994f96829d6639727a5345560d8641e9a510f913f7fe5592c2a40cb278f5afd8d4504b5387c20945654f08168247a98f56a43a5020955f882d2d93781f4a83676b08f50341e953a5d1b67de7f6d1be3d78d5d060aa85b5ee4271763c437ccd595890dbc8fcfaf2754ae9349ba2fdf89847a15188716c0ec672887a4b9a15176ae0c5138819ca232d012be1dcffd29f677442083087c127cbd80b0d9cc0962bc8318e734910d1e2653bbf700c84bb0919e12df331ccdc7128b41f0666f6419afbadaf673be16c9177d3cf113c6488504de088149bfb83eacbbc400309b7ad753f7b2f5aa89f070c9d14c084c32df91c5f7cb6a7d869d64f4a05af80a98be7517ed784c17b0d7df96b9987b7ea7a398ce018ae6e13e1c0f7aa040ac3ffd273bb9687ad6fefdb211061a6228967e9dfef69bcc1c5d02ee56d49a93c8aad46d08322a2ca246ae8c3edc071d063ad605a97b8ae94d58e897a4a6310bcbf55b0cae1aa81769d30b46f883eaf29d4b5fea32f2dbde49360cb6235754bdc305abb5e5395360097378656e2bace675448889b0149d6086c51e9c3af07a76563164864f131cf9c0cd475cd4a58726ad237cfb76aca68032351fb24711da635871386b4bfc94b0db6d35f07d0196f75cedb92efbe7d653e0ff9326a596f9166ff6cab73125dad27f361d6122ca531d86910187e75f849edb52db26c96fdf05925dcca232480d3f979eab07cca68fc9069965d12bb666a180989ad1fbee3fe65e746c5a8f64dab2e370f0487d001121edd0d0d760531af46da65c75de11688ebf31dd2ac95c188bcfa07ea798609f3ea8e6364a43742a2825144fafc05abd17476480812eb2483734b13d075b3ee3ad510b67cf7057014351b2ce5357e3f12f43ba74ced614be3a9ac0e26763e9ac596f87ae98f72abe0de213a81a9a03e2b82f2312c1a186dfcfc3db346feb132931c793ecf837f57d8e326101f59705b77a3083e712ce347c2c29c23468b0c5857efa410197833987c61ecbc2a855ef78b3d7b1b697ab9844aad07c4b8ef666bd80daba5fcac900c5d358a11676ffc89dff4f36f29f14d9f9b854dced41ffc4b36381449d22801c19bf8e8ba1f07a1b38ffb527a34d009c4064a1e606ff2ab90ab2e05c156150ec14d7dc792578a16f46650d0abb61175d1817e2c38f109ebc01a3abb358673561691185da32eeef566c1ba1c72c1f08cd1b427b552425501b8783116f2eb0cff73c5d2def18d291c106980135821a77428fab20a935ac8b6dd8edd1a936225344eb103de0d5879cca09359b5b882291c0fb1fccf167c30dbecfc324ac315713cd10f35b72f0d4871a7cbaa2b4cc2bc2598f23da607c94a063c9e2013b0eda5f3bd5aadb2c429177a4bfd7b6181ed5f9a55c1f043da8155c9e7bebda7ea07dea49938fe07743df2295c220eb53348310842b1000b7a02ac025c3a94fa82d46ed7e2712de71b149742731ebe62e225d21a7f29d5f3a8a62b71fe16258570da412c07cecf82b2064ab5d98761c69fc5e899a8e174875b3179deaa0bf4a0261da9bf39148440dcbeb0c887e41fdf751505de79aa1f8593f45482b659f5b5f4cc3e7bfee59def49458db195a1a692b8af4aa44ccfb00b753ac761181b8aab39db82385ae776cfc585f7873613b62de55bb10a6b2f27e631ce41436c3fe390163e6f4ebd6b501519c96c06fadcac8f75920fe1435542fdf535ead6c0e3f41345996063b95a208defb6f110cc861580979bf4422ed395ca218cfc3b22c0ba8b31cb9eeeb51c3df35fece92795cafb8440f522b44e21b3a18d5cdbc296b887a4b927f36715e4ac2cab043d8b69a8704d6be24c725b0c2e814bca7b040c27fe8f4c14911051039af13f44e0485eb767f5404cfb6fd19da24d82fe24b53033c83dd8634e2e28aa330a81f14bac1c57dead7ffe39994d9d094383e14322e146a3df27a776e2f09a11ec9014c809f8e543594d6b4814918a129b36fd25015a044e04d3f081d4d201df86a0fcafbbfc695088170b8246776b6a28e59449c646d1e706cea96b12683cd3a7c60459d42989ca46694b0089cf88e9aec5e110f69fe0e3fe20d18309d1ba72a83a34813b771484505b08548fe5d376aaa0c414260ea4bce5eb81f6545cd5203026264938905be1e252574f4b4e71c6e12f99f6efd35effd64183cd0665fe89d6a357b1908e083511dce2cdf792a608044c31418c433f86719e156af3ff98d0f54ebeb9f9fbf24588a5557d310ef9d7cf5dd8a68512d8cb15114773c69d7b40c927858afc049f7c6a89841020e1c313c5c38b988ef505ebe6c15fc1d6ccd8b472f90ed64da895d06ac01bb99f455a195a670d22dbd5e3f03ac84a08831e9842a566e9785a0fd4c460c5cac154d705dce1e7fd1c45baeb23976af881cf5628f3cd92ab19bae8d45a03a859518e4a1e558fac2b48a432e46cf274e6496b63874ca4e4571132568aa43eec3d2a3948f40d327976a6d28cd816cfbeaf8fe126913384061d219f51179f679081503371ea0b6bd7e9524b0ece2573304ecb4a16eb471ca0817c0c6ede751f283aceec5a60c2796c6261ffc6226e4813241619f465dce67b38e1d5a647b079503144907307c7d6eb6e6ec1936b5c94fcc08a882b4555b19b33a9bf22384db38473a313966d157daf8aad41ef67d3a5fe723559096ab1768ff69773eb9d5c88d6f35f00dfa4473df71c7e9e35393638ded05d05c105cbf37711d38e3eee35e8cc0029b3761241fd1e56969e09e949690d4fe25735d774e777a2ca17fe058e14ae6806f611fb1e9fcd516e20499a704b67990716703a4287b50ab45d155d40edc0aaf97f5b87551c236cebe9cadd562b27957ead251f79caac6433f228b50167fb1a753306fff08b53a8a3cecc226857a321700ebe23ab4d6c35415ca79b682d6cfef6b1341e7ce00cb9870f432b63a2d9a9a43c87d28a95c514582812da37738bda6cc76142e08f69ebaa5acd0403100c2343e2fa088441e9a55c720bb509bc3600c27c1d39157e049650d1749751efe55a72349e2a5b714556ce2188ce972287be2152c7e58d3fcad43a214a4095de55cae9f627d8b9018daa01547842fa1ad14d67327cd47eb9b90cd94afdf5244de57e527f17894a410fb4210e06632e88a398400b0aa48cb3feb9a90acc668615d193d5a98158092fbb59ad2d6d4ffee433a2a6a971a228685ae5bbafb3ab28242c630af4656c5071c545618a0a765fce41b19970c2152d44c349d0cdfb29673d1a42ffec139d1c9958b0962f7b57f80cb8fe6331553b0df93da9bfc722b1c001f48ff9c0fef032610a1118ac9ebaf9202dffea605272a50a90768f031c72d570c0aa5b0d4fee4ad568895274388104c0bf88d03fadc3159d6cf28ac6a7e3e5cf6fe5c6658128cbf81456db8c29a76f9c75230f3837f1a94cb83c3aaabdf4b29c9045b45ab9552bbb6c0844bf2926267c0d74d3337249d5c9610e0f6ffd0278f12f39c48650c048d61a3fdb8e1a2e08ccca68803a55b39bd39160b0420cbeac7d8a55f571f490f694a7aa8b725ba84238ee1e711864aa1f74aff252c088e36b79b09c80278dd442eaea8c7d5833cd1baa18bdd866689e663eadd0eaa6e0c78a3e09dffe5f6f1f4003de24336586b25dc5ee45d56f31d8bb2de31b24e87172f3f1b26d400b08d50ff624e456183f269cbf06b3707260383174fda152e4d0c528a90c54114c4f278d0fb35b74dd3ecda14ee89d38e3227a7e18b068f134b22154348867a61719c926ea3320d1be0b9ed78466b2ded728ca04c15ac144185fb2f5084511a38cfd765659351ac1ac3e5f327d9f3de9b2b003758da78dfd08faef3625cedd87c8a55a3cd0257aa71b3788fd2449efd1f48948cb304468e3ca07ea7044fa185a2b91f9761c6532b9273db74c66b2de95ab19e5102cb90c719ec85671e2829b182bb6d09323248d6584f0ca67d422bcda65a0146d8df27ab4ae651706d5fa33b5bb88adc2a1a95105d55cca8439a5060d110760dee8b855d0839053be595278eae66542736d25c93d8544c6e55ed51ad6e7029c2e6d32cfa8844bc14972809e31754af84bb479c504ee77cb65ceddb6bda613feaa2ae6598d1f4975d0fcf9d9dc787eeb5c03f8b0bf438e83c38e2195ef1d35d40f5a14e194bc1bcc64d02ca722e7da28334e91fb6654d708c5b07946cdf58747086eb3ca59d095eb27f1b7e6806d3a35335b2265031a1120f28eed8b4c5d9af268502727c5d23152149c98e6970d4dcc4b9d0fecfa6a79fef82cb233e71fc8aa999df66ebf5a1db2ed1583c65803fa8958f49890d13bc05c6a991f26c31766bdef9bac601a47c8c3c5e395fd8f47e56f04439e9bc8e9b1901a529395f2d57495d70d0712881d298a60e3e013326cd56bf9f1319ea8d6a6511eeff373f081478a51e14f0aa4a33c6c5ea7816380c8984f7a5da45b0c4b6b550644e65a5b2df059ed050936fe6f073b4e8056accd3eb65a0b", + "sha3_256_hash_of_signature": "93c5117fd6dc4fcc55b137cfc59591adcba91a394033e999b72f916f2d8052a0" + }, + { + "key_generation_seed": "37519a02e8021f2257259c0d2e499af3533c8ed8dd5bf7751cce920d79b518fa", + "sha3_256_hash_of_public_key": "7195414d73ed4133ea227181688a28b85a81b77bae08dd2c76d4bf5d604f759a", + "sha3_256_hash_of_secret_key": "41a3ea43c5c16ade2bb0d9947961f991e575b7dd7beaf8ac33a372baca66bafb", + "message": "00769683fe7bfd74b3acd21af3898b74ca73dd126c8315538937cac4ef0ad4588765a26dcce1c90c559ce691e7eb3e0a497d357e1ab583c761439c0a66d1164518f01b6894067925753cc2866a91552fcd0ef029c2284c620caf364de6c56eb41ee0e4431d9be22b76451d132a3f9ad91a53449be820a7acf56f6adbc7107c7c729ec8a64fff6a24b4cf83ff4e945def336dbfea6067fccbd1cd6b5698adb1ad6df03fd0a553457b8e9feb4a1243feefc2df7f66ae3eca5bf169f7891adaea8d5c59012c7aa00a5a86b0a33d0006f8ad5a01c60abbda6d249d3fac7ebfb85103a3a747a45d0adb7def52ed3a5f1a620ee383a9c0cce1900e413fc74a7a97646111d54783928b15bca783d01efc67f49ce6f781e82d25d3f30561f507e3831cb4ea5b4a08d5489830017270b63d8298beebf48eb56bda5685d5e1e06404eb9a6c3790e9b29c99168b10badf8fdb03f3c568672773eec96428149ca272ea5a8083f8208bdce361e7d40bc4da75029d4a18b0b6ad615dbf849935d4755cffd270a52fa290811cd55bdca38ed89f0066adb9ba7f58366379ffe1caf3a9127e147c3af3dc27279391e0c09537e81e20e7b9fe4fe3da970fe50bfc96555233cc9e61d3c356aaa8eed5a8aea2327d7036ee03e7ee40aa35e9da4544b121514c261ec1cb0b2d75b1d5ce129e47f89825f69ba8254163179fc1331a917ae9c5a18556a10c5f983871b1258cb6fc8ad207f97a220c5598860b6c56f1eff09de6000241e901a89e107feec15833d34d6eb12db6b188faa0b858a5b9e32f84f783b43b6f8a3b2e4b044cff8902e1eb0c527bb4e29c92acc9dc7e0d9ac6b3a021415768b21dd9695983ee89c871c0eade0bce4fb72e682dfb5a2bb7498bf4d2c01240f67d1b62baa4e587069c16e3032114b14a1c4288febaebb4c75c3c05924a358c4bb7df95ecf81d67147fae3f605ede61b7ba164eba1ab36ece97db0ecb32a673e899b24557d8987af3adc57a9da609914c9b2d6d8ac58e5954e0db5aa9e75b444700b8f704e15a6a7bba81809fa8801c6ceb5747a44ceb8f99cfe6d8a2a03c03451e5f3d392725207f3dd28b2c00004425b7ae05fa3769183ab60857b27ab08bcc4321d293c93d1d850d4e7a81b14564d7b15ac0e3bc1bfe0561622c6aa06923eefe163629ede8ba1732dbfcad52d3baa6e11e569ea790b36a8472b2ca37bd5c0edd37d8f164b874952d00d592fb705c6b3110a12b03829c157191d33c579593e7828cda5c24a284ba2f5a42f0bfa601a8f6d3db1ca6d703ecbd261629c9f96ebc0458737b9951219e5b1f86192e2a85b47d80610a0acc8b1a70db2916f89cdb2c7f8943471ddbabd2a3536c5dc8a73cdeddeaaedc86fa148d2ee479f8465558852fcbea0dd8017f1b976281a5014319c2c3caccbf571d9550215b24134f6daef32716802e7945cb3f97afc1ab1da17d0c41b545a750ef345a6f88ad5ff52d512afa6558335b5eb8979d8e6dc1da562bb997e7d152d9fa3eaa09119c3474e11218230d8a56c19ad87fde483fbd6ddde9acba813bebc8505a323c601e5b5251650dae9334562e3dcc38a28bd7ded6942d0cc2014235c1b66cf4a57ba3010b83cc7050309f57a27207512d195d070db3d10ffcbacdb47e4231142bae588f92c5b0a71abd67ca9390c2e05fd2cf7a1fabb14c5a7ae3773c66db1f055214479e388b5e6abf0df8fd1b0e4f90828acc397643cbc274143fb4331262a20634877be4c7489c1ae9eaf90bb2a177a6b5ac15cbda27da0616e5f87461554f5686a7bd6d047ad0b98c8cdea3db78dd2970c78fb861f2a92ddc277876791c4a30f525659557831f4377065d19acb384cc68340152a6de6d84cdb58f433923d1fb8cc6b10bacd95b9ab1b45563998620d192032269fa8301c09a29c4b5b20ca0a3d63a4f5984b7db0f5b17417dc7b939b9b177bf423e2f3d57dff296e6e4ff0fb1744b13731206ead54ef0aa1da09bea8b0ac0ef71b73d009d30531de9fde90d86bf5f20d8e5a9e324e657a98f8c0031adac4385157ba4e28b48aed957a5b36c3b49057f8eca7f56808f794014dad170601070607010e004f42d01cc63b2a1761126ba045f1165e25fdd05901fac6b76e777faaaee6f5ed94302e2da28046b4bc60228e1b9e194f364e377f84681b3011583554b76fbf8d7456dbdea665adad6aa0556c8cc714f217a518a98615c4c1cfc8adbbd4d12c5bc23ad7a0f849e32fe2005334b55d7bcb43d1c95d4793e7c3882740cde8dd24b367294496a3e2f3251a66cdaece9e0a73d853f8d4e3a4637836ded68cb28ba4fcab02d61fb5cfa581792e636217f3238d78912ea0863816ffb2f388823174b19433c2b14bab69e12c3b791fe683744d4519455a52555af0d7e12749f6094afdba00fc6a609c7578c531fc4c3c3065ebf78414f112014726ec2230f9bcd9c15e36283144ccbe0d1785b65cf49ba8fefe92eb6907c0330bc98ac172ea9e8dd4df8974dd6b6772bbc6ca8e8562c5ec0b6592de7440ac915c35e0ac8087f22eba110ca3037b469b1d5bc92636d81881e38d8bbed01a29b3ebcf0c19eb95bf999eb848022592aeaab649ce19824ed9d3a32d75fba556ee07606a306d1fcec2e24b38274c361b7bc96ce37b7f4fe434eba17ac2a097051a92e4ec32e4c678f7762e8b96ebfd2600c0f224b04b2cd7e9f4ad327d53603828015e9cf45969800f02fa5e0ba26b8c844ba1fdffde44303ad0389c1b31d582877ca6bfad4973ba35fbb90ecdd95f430078bc39aa89434130a5fb8321e51f9624090d0277a9f112ee8ff65d3dba999c7c08727d0f08dcf00ce22f62c955d6a822f247c8065ab94ac442e1cb5f31254816794cc2556891a523b8aef09d3b9e07aa8b67b3b87567adebdbdfb93ba9a082f72052572c97e73af16cfc42d2a51a3683f84748a338aab56264753ba4083d356a27c71f47221ed8340c50afd46cd207c4f9634ab5a44888a4234770c46232c35eff83fa950b0a6879137dce209d5a1f26809b411f046f51ff084f15bfe03292ee845d3044235adbc299925235462e67f803daa1426f0e116b93f4532dd2784f7f87ae360281ce21f70d230c242e1a98de8fe1d6147ad71edec89e24a5980c45fd91e23516758af71df8e0dd96929d4da61a3baeabb96c9378986deb4c9101175e3af1e102b52a8da27d916ee4a28263ca485cfe87ee5436249c1a2f933669f6e3274e9bd93092f4a798ae85d6592ebb54dc65c28ba08582e275972b0a12c22a7792ccfd4a398e504c6fb2cf5ef1f9c268540b4fd7d07d59c49a559d86a56a009c4c18a3fceca109fc7a45c6e842abc22053e84878c4805d96ac96ba00fa40fc3b50407141105845055447ca94bd27f234183c2b8bf37f5cd249ed0705afaeae59c8be8f6b38069d67fb23f74284e8185c176b58b482900a3e09774383c7ecacf4fe5e580df99db102ad4018db73c73a635d3fcdc833b000c948d846aacc92ed54ffb3acae1bfe205d6b2312658f15decfa085d13bc3757c754c5704d8089563e0ccf52b04a49df293cafbbc2fed5d9551b5a3897ec7beaa56a4034bedceb4840a9bdfbb8bf47d66dd3a4e3eb1666372c6b2c39a48d52761bd36403cb130a087685e2eabb8711c11005ea09f90ac49665415c56cab6fd2719c45b6800df914f8ff327eed29d9b9a5bbd6b80b8bb31ad1522803b2c8d89166d5c6b2ed47bc5bbbc4abe6709d46b856ab81ddf15f098a9ab76a8257e7e5c2e7dae53fbd691736f0d6bafe0bb939172614e99c7d7e37754af6c3c637d076a43dbd70e5eae910c8170cecff1621e382d2977635b67f4fac555419f8a0bb76ccaeaef4c7385d293c9595ae10e5201c4a31b4c3ecb9f3b304efb1886f9c58a4ef04e73341b95d9bdb85d706b2a8d3fdd153743a8bb7b3289d0fe79f6a3b9e0fe160dd6700fd64fc87d9ac96858a6d395fef6f3d2193ebae7c3a92e18746a7f12b244fbc5b1df0086cc7045036519d9d7bf8e92b850ea0d3d1e775dea362362462dea2d3501d39203e2879070d1f7ac92fa1576f6d12886d5b979e3c788c09a769ef4ee45e14cd8e7553ebeefcd31ff3d43d4988db08f6630ba8ae8c7250ac42a3d78edb967d59310a4a224567d8797c42370cbd2302a3f49abeaf85fad9455f98b61ef2b5e34a5c552583872145e191bbffcaa526f5e38e497a1a1e1220a0f283a935ecd366a9069d5a2a80baba3a22fa85a2557db72d7e29eb4e33e8ed8bb4ec2ec7c2e9cedef46ea955834acf8c9ab23b78052446fd73c9d61683d7fa0088db97d07cc350af0b6b2ad7e66a493af814c11f8c0f2fdf0df40aafd0d218c00319c367e98d7f10c74ea06d31276f3f216e1cb2f12033915008cc83b00ac60fc9c2fb7f97d6e8cd79650d0f9d82bfd9cafef668021d3d165f3fe84221998bc8c29aea0b5b7e0f1f25a0d7447e806cc3fc39e6038be3df9ac01f46222d3a609f8a026744ab4f58a734e3782bec301ea91f2d8e2242d04a11e82474002143223f29656b1a7675aa5ad181004c4f1381df6a0f95a0186e82c04b4de881209e9ccca3ee5b1def0b02353738d92a07314403a1a2721c256121fba8b8ce9b460", + "sha3_256_hash_of_signature": "df7dc131b15bbeb2952f456a44c980170ce3b4b7d98d0889506ad4da0817ad63" + }, + { + "key_generation_seed": "690482bff6c1d0ba6c071dd395adf69e55e1bfc4e0992a8650ffb5e60a02b172", + "sha3_256_hash_of_public_key": "cf212d45c149f0d13b6f3ff5745efc185f83320ddc4cd9b8b65a7cc3e0e484b2", + "sha3_256_hash_of_secret_key": "514e44484736b8aee51b18ed467176cb5357759b24d163a258859004d1e5dda6", + "message": "d21a6bb3a2356805e678673c45fb055fc5266e3f692af9935aea307f14a5c41b979966a5dfe42ebfed1487e4822b74ab5af28995e085ec8007eca4977c63ee5299fec63dccbc42eeacab488e574249e9d856146750ad97c8a443485ec1c5820beb0964640010f6407140791e74684dbb91052e2d8bef7bdcd78b2ec03c97a53295d683bdbe32a70dc19a2f75b8613aea9616ae0e280179492820f73fb7fa4121e673fb5c328f41b67ff8ffa7aee6564adaba046d6e1d6aa13fb24965390f829246dfa8763851405075f76cf94c66ffc3308214df0960c649aaedc22926ce9357d3875f8b71d68d75999aa3663c30a9edf07228bf7dff49ec1e6c7a33d2053597003b82392e826ebd701b4c981aaac9951c79e08f592c2c0637c8e5a7f9dcda599e859c317d4888b4098992e0e2d979e41c703686d577e5ba6001ec4f587140711293d664963632f87ea0461e0e0c5e9d8d292fb409f9f9ab172ee17fc8afabad06e42b437ce22924eb5dbd3a80a06962f3b37946259f9c75a233cb2b4abdc5cd1b648faeb1be8630db40d151b8fba693df2c5bdcaa14dc4783f450b6bc407515ceebc5c9a47bd1a141384f0b596cab1135c075651cba989c190f3171dc1d72330edaa01656813c4b7811715060b023fc426745c301b2a91e0d08ed3bded438c4ce6799c35f3981c882a0bde4a2feeb1a52cafa47b0c48558fc43f98fe08f03a71128362bb6fb9da6a22249f4d4352ae7d3dae85de497e2411eadcfe5bf1a3c075c45811e0097ecea255fe15bd8321fe8b546a8cacfb899eecf5419db363c7567c2fe7360b36de14674f500a31d3eec71451a7c0d5576a8939c0f6d4d9f2f03f3c516ce25ce73abb35c73aa94f6aefae6ad87052d6b195fa43586817f5bb974aae7f1b8608922411aa5b0d7d574016cbd3ded13395623470a108fa0e1d3f9faa7e1e5031843f2a23dbce8b196315290dea5795e4115d53dc570a444064cfa3c9457dbf3ee323b1966ecd2270c32910f8f430522471258a1f1955a6e1dd8c84ed9a566499bf85628615351abe84b401421da2cfaf575e2644c9304c075ecfc374066cec713fa4c0d89043689fbc59ff54b8f97ee0a3b0989bc5e4ef83cc9833e75bc8b67bb5ee3c06ea156611cda95a6702416807530ea206ed89835d20805ea988b1958569cdf7f809996214dadab4e20bd44917e3410ec6beac98fea07f764e85b66aed5e17cf675d2ed8e63db728fe75158cb31779e31379648b43d68ccff3780854cf03535c57122019456e73cf06769bf1fbf558542241ce665bd10f921828553585e0cf664cdc6160f9c47fa5330591b74194f4716056ca83993efec4a52db9a1fbd3b2f504ac19667325167407375b6d7de739f07947b511c8d475744e5c29d6e286a37f1ff8317bd0178f0e306a38fa6e75f4a80427feb2c91235d3e7f20d8101cfc03bb73f44ef59af3526e9afc580027a1dade37654238b8ec7af0105248fe30784a88b72e11fc1bd807e47a349bd29075befbb29730ef8e85e3abd5105559bacee74aa27d90d360a8d629dbec95eb34c7f7ca20096ff7b521e40d3944a975436896f372eeab6b8615eb91697965bbf955779dd3047f7e3bf029e3509a5780247445d6223d085afb4291d976efadc41e42dc2c0728d18f6155654a332fec72eb6aef8b92c1d177e3dc28c31971bcaff76ddebfd9588bc244b116d409e58dc5ada1648663d603c47faeb814aaa7eb9b6264356f926c18b9357bf426b89ddc8eb9177eceb5c6cdc64dd8feb7b326bc1ba89bd9035235da0e644ef959c58dd97b88d5c749b36931ac2694c67151db0894652e99254222d37cefe9e27b3dd663a152dbe29a3639afe42f4578937076180563aad6ad739255ea012a17d2a56627d84c44fbab261d392a966cfe19278799cf1634d42384323c496190d4b9fb662694e3887ea66ab9e8b195488c8dca47c8bc0424247759137cfbf86dedc3641904cb6facbb30a9fa84acf69a67b4afdf4c2aa420fc0d90cefa0dfbbcd3072d9f772fd6058e2bf0e251be93b00dc43765b53db51b22f12d3ed0cc5655e4aebd9d923f99a43e4461dcf5992030e66a1cdc3a65558d9bb3a39788d92328387d144850dd3706fd7a079e3d2398f542f91a8aaabf0c5068dbaf1fcc5160398abecf74884beb04f3a3ea38bbb80d798f5981b3f2db6c7b33f867b7dc06a4417e30f94cdb4f523aeea0be12bd75aaed57520db0d4b4f013be3a1dc7ae5c58fd1de9637f7d82f697b7e92da427a78feec6a5c0255eb57a43dea6cebc8805bc04e04fe789e222b1e2642d26edc14fb36ecc6092b3060e45eed6c5b35de8741f72933930ecbd7338cf39474122357365700cb50c5eb176fb92814fa7f4032570ccee6b859236ad5da5f1730129edc7be218ba9874620f6f0ebc45e0bd622f8fd1ae6974994af95c6519ec1c46650c073d194fa6ebc62f405f63a3416782a47872c7d77d648d0a1c802ffdfde5fdc112c94cfc68f401889efc522fe488fdb5384c0d93147ab6587659d936f98ecfbcdcfbf8b352d605f18c855e2559743ed97991c5d50df44a7b929303835654a3955abc5bee6327400a7ccce460b318d8b5ece5b12f606adb3d7b5ed59563b8e675e78029aabc234442c2463256fe02b04f556da35c4615d14a9f4eff17db0db81de4bdd894f6628a120be2d4cf3e1f46d53817899657035a76137e23c0b0e8ddd29465d7f15628fd435e6caaca4194fdbf85fdcc31d5dafcb52568b7c0cfbe713bc85fa424ba3abe149e4035fc86807a8b876d2163b447cad5ec0e6ef38a1d591afb46267f9dbf142cab1cac1f73beba212992fc6d4647ec17848d1adbb1901277a5078dd72d9c9184e893c0806e9b4aff0a824670d438620f2a7e8d2965b619d291e5824c014fc888a36fbbe17356431f0039038f9b497902aed969f9c488390b7087763638e976801127baf1f53803c4dc9649f0ee85d67b239e2bdafb2bd75f1d1da22a56fb3af10a9dde7ad306c4af8681029316c0e1949228e6bf5adf942f1c0ef92b2bcbc0c70d49e5808851444240a78b14d21b54f66271482f49b85f5180b268050327368496cfa8b54ecb97ee6d28eb74a3742f68583da046809002c22f7b31fbc0566969f9a15cdca892c4beb101a2ac3526c76e9d30982c9b4893450fdec4001d2431828d24d8b1a67df80e2e10ed2ea8d723227055c48006665f7da8e032efdc70bc7eeb2b369b551fac542ad6df1a23107e2b3c0e3ccacc25f26404c085cbf56e52d35d7948db9fda6dfc24709994719d8ced41a2cc9b3c4b2bef0967cb71861cf0e6aea9bec9395726aa0e2f1a7247ed0f6038e3df4bf566786073590dcf97f8f0a99658d8f630a2d130c46cf4d26c669360d0f70b75f904c9f923ab285d5db129f6c25ad21f9e26ac844d07a8eed86c4e224ebfc5b3f720d6f94b0a01b1433c46b40cf84e80f7a6afa7bb8f9acf818ad3cab2ddd6904c067bea4f1fe79b83cb0aa8fc75b6b096bad6fe94abfd48f8efc0f2b9a02ebda8fdbdbe1c77f1854edba18aae7f31ced9cd34c1b355108df18a8953932f7554af05b203a96a9bb93e0eff51d7f93b56e351562cf85a2d35eae2c2427b89a8662a1c723d4f14e6eafdbd636c2bb7ade29c1a6bc8a463734c808bec68b1e9a31af6e29b412f1cb8c90a9911ac5c3ea71e46113d2d7b1ae2d8802b06a770fd0e9e4652895e42181ad09bb541e9493f258711bb7bedd3e7ca8b8ce875669cf80a6880eca3f13800de7011ea67f443e505c4fb455608ae586f922b3c83fd33b306bdedb86223c33e3aa65edc93cbcf3a03adaf9f328997951d59a9200c0ba2618e3596af176b43122cedc52b1e006ea6d12dc236a6fcd7cc46825f2ef7ed71683a731d746fff2fe54e0b392a8cbfa38873196bb2b835dca7cb7c3ed9a004c7a329b9734a111744bdacdb669e69e9df1e52f07c513e3752a0ccd81d7ddc4a64868b7bb2bbbd2095373480522be10615248a179dcb61dac90f7fa5fa9b84f190a9c62b5ff9cd473a940f03e7107157d7eb60af1e3e384ffe8a67dcb2389b3b0fab7c789cf100ca95cd6a85442cb9a2c243fb9d454b20bae5762d72b8fe79b4df81163d61de4578cf976992d8b9989fc68089f811f53db1e1092b60220552876b818bea981571898cd6ab7b5f13c46b0a076526e3241d65014f855efd7bde08ad91f259dcb64e94ec3dad97811eb024ee1d341521dc92ae5e93c73422088976f2d27d64e1d193b955e6736ad2bccf3c1a53d590576434acbc0b687f27f255fef354e68aca47160efa7126f908e08e4548c11546d9c412d685fa84d2eb4dcb2bdfc48e2fa8023548198ebb072a48044f4391143e3bef4ff9066a4b0d03adc826819d67588ba84f99da27424103652acc039ddd3b567851cd78e4117a8b93afe01fc8eebdaa1acb8ba9d095789e76b9d5ab9ee177a15d666ef171fe1d4bdccfe2e58ce669b561f63028c6ce26db5c8182fe048680b175c7ab407215ff3a7801c950d509867ab1b0bef89b3e38a387915225ede76f91aad15a85d8c46efd588bb3baacbc52c036211512473420f3f061f5f53e9353de0780425745a76439b3811511c86ca503251f24113384e1a24a9367536e796ce08b896f572489a2339e82a856c", + "sha3_256_hash_of_signature": "70858e811dcd746d7156cae3f937dc10f3c444e6c367c1a857f5ac58f6c04590" + } +] diff --git a/libcrux-ml-dsa/tests/kats/nistkats-65.json b/libcrux-ml-dsa/tests/kats/nistkats-65.json new file mode 100644 index 000000000..db9624592 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/nistkats-65.json @@ -0,0 +1,702 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d", + "sha3_256_hash_of_public_key": "b3a8bfe06ce9c75208c94caf2494462779fd61edfd98f546ed8a97141a43bef3", + "sha3_256_hash_of_secret_key": "12025c4c0f9d29cf8cae9d7db0cdec59e3e6c57ac8864f5a76d379aad5c073df", + "message": "d81c4d8d734fcbfbeade3d3f8a039faa2a2c9957e835ad55b22e75bf57bb556ac8", + "sha3_256_hash_of_signature": "bb8b598ceb0234cca71ff86495264abe52cb26703c368c2565de8c1670b7e3e2" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345", + "sha3_256_hash_of_public_key": "486a8bdd34662d65649dc924b21e946578f930e3a3710441f5436af19bf732e7", + "sha3_256_hash_of_secret_key": "dc60dfc92659ee36a98d98ae224917d69b2e132d10326db8e3c5476af3dff5b6", + "message": "225d5ce2ceac61930a07503fb59f7c2f936a3e075481da3ca299a80f8c5df9223a073e7b90e02ebf98ca2227eba38c1ab2568209e46dba961869c6f83983b17dcd49", + "sha3_256_hash_of_signature": "b90fa2ce31f27617a3fb25567e78cf23aa12be73f19700d27558199792a12d07" + }, + { + "key_generation_seed": "1d836e889e46259bcd1ccd2b369583c5b47cfbb919ec2b72c280247cb15a5569", + "sha3_256_hash_of_public_key": "966b97a72c544d8de3b1db5a62a86445f360b1fa54e33dc31e86ebf20c67e144", + "sha3_256_hash_of_secret_key": "50f69065947187827e4e0598be2802d7ae7531be19e950387a9291d8a36eef65", + "message": "2b8c4b0f29363eaee469a7e33524538aa066ae98980eaa19d1f10593203da2143b9e9e1973f7ff0e6c6aaa3c0b900e50d003412efe96deece3046d8c46bc7709228789775abdf56aed6416c90033780cb7a4984815da1b14660dcf34aa34bf82cebbcf", + "sha3_256_hash_of_signature": "45699b731f81043bbb127dcf1daacaf7f117bedeec2cb50ebbd82332471bb1b0" + }, + { + "key_generation_seed": "539577cb7f2088fbedff1b53f235d607321857db32bba645f8df3a89dd426552", + "sha3_256_hash_of_public_key": "cf678e6943b90cbfcd8062b36d6b5a34b72b5bd26108863f3ccf1d90d71466fc", + "sha3_256_hash_of_secret_key": "f60983e6ee8257ea1c68d13b3dd75eab0d87e42616425bab2f13528c07bcb56b", + "message": "2f7af5b52a046471efcd720c9384919be05a61cde8e8b01251c5ab885e820fd36ed9ff6fdf45783ec81a86728cbb74b426adff96123c08fac2bc6c58a9c0dd71761292262c65f20df47751f0831770a6bb7b3760bb7f5efffb6e11ac35f353a6f24400b80b287834e92c9cf0d3c949d6dca31b0b94e0e3312e8bd02174b170c2ca9355fe", + "sha3_256_hash_of_signature": "04d49f4a2ea273993288c7a9d5a8abe5466f720da01b6661032e6bdd43af9674" + }, + { + "key_generation_seed": "2ca59c6cf33c53803749f69ef5abfa9482fcee7efd87fbf17135ecc3ff3fd7f7", + "sha3_256_hash_of_public_key": "55f9c416701e88f603265a66346ca6eb7db1313eee046d8a46c609ed7e630bd8", + "sha3_256_hash_of_secret_key": "5b55dd60b1df348c79be3a5b6da8e169a4f1b15cf7a0e634fce0c4f9628bcca5", + "message": "1cdf0ae1124780a8ff00318f779a3b86b3504d059ca7ab3fe4d6eae9fd46428d1dabb704c0735a8fe8708f409741017b723d9a304e54fdc5789a7b0748c2464b7308ac9665115644c569ae253d5205751342574c03346dddc1950a6273546616b96d0c5ece0a044af0edefbe445f9ae37da5afb8d22a56d9fd1801425a0a276f48431d7af039521e549551481391fe5f4ebfb7644d9f9782d83a95137e84ea3aeb3c2f8099", + "sha3_256_hash_of_signature": "243d318a7f8ed49e3b129af0ec735509dcada764086069521c71a2469c1ae9ca" + }, + { + "key_generation_seed": "e17e72290e49a44c9c534f211195257cf13b0d45405782ceda2d7f982a551721", + "sha3_256_hash_of_public_key": "d58463dc4bd6d36ac556215b786d3aeae25fe1ac27a3274b7613077258b506ba", + "sha3_256_hash_of_secret_key": "03a11d58db5b0ca8509681a8a6d91a1872676cceca8c1ad4c788496c0d6c19a3", + "message": "dbe5b6c299b44f8d60fa972a336df789ef4534ec9ba90df92ad401d1907951eb6285eda8f134277ab0a1145001c34e392187122506aa2dbb8617d7943a129eb5c07df133d7ccde94a7cb7f1795c62493ed375353d1f044257da799f7d112c174fbc35687e2f87fefbe2d83d29d7314b30a749fe41b1b81095638f112bc4563420af235280e466ffbe7050c4937c60fc18d1a6025bcbd489f0c538e088e906abe8597e2c8ebb64f01d225c847aae4b77bae6eba9269962c4b94a9732ceaa2cb4093d442ffbcdd", + "sha3_256_hash_of_signature": "6a9a9cbd316204310183abc327d4138f66dc9154e756d4b092360e669dd0d68c" + }, + { + "key_generation_seed": "3b7388e675de5c59a78af095481c7dd999c6eea898595b1e7dcda7edc3a2c25c", + "sha3_256_hash_of_public_key": "f1f40554296599c217b3352b076c58a026bd3969accf72166bec055646d8d234", + "sha3_256_hash_of_secret_key": "c312a7b42f1b67ee9d9aefb1eac149e65db580f7645eacba0068b19e58aec917", + "message": "0073bee97fc97c0fbc750d474aeb93189f061e1a5cf6600c04fb0464338ec7e85252f94fcbc7b2bd00e438480d9af3add92a92e3e2e8acb55077c3278fc7503988a76e9b6062996b20889aa55b343d5a003c8a8852d738f955799fa3426be5ccd3aa6b6eda04d4884941ffc0b69c5acf12b347a74d0580cc3335ba816200f87674a4c1d98097c70f2f27c74e94a661850610ecf4847ab5b58344f958c5719e06ba396225bbe21acb0fdc512b885d391e11b0c0ed5ce6b5dd8faff91f50025c69d43072f7706d80d9fd786e1104125d79a5f4b5fd838815d44fc8b1ab678078cc174dde970d448b", + "sha3_256_hash_of_signature": "ce17012aebef930f701ac40c37ab96b3d17eb6cdc6591cc100be775b550b93e3" + }, + { + "key_generation_seed": "dc9f40cabe2e8e4f3d1538fbc1ada27b61b99081455ab0c4c41b5b3da8101000", + "sha3_256_hash_of_public_key": "5c187691202d7743b20304e978c8f1b79d63b5bcd216bd5ff01c59c0d9684fd9", + "sha3_256_hash_of_secret_key": "46535cf85288ab30aad03c0c9410162c5c121a4e00c5153f1d21bc2fddd94cc4", + "message": "a1586245d81f96bd8ee81aa30f10c0adb343d74cf72c4dff71550c12873af89fa1874d4731c996243c3749af3f6188ffe9fa45430549045134eb29ef3cec37e72904aa082b1c6161e6b52361e49af4933a8d8c0734f21cafd7467b0c02876f43211d6122e3e735fe36064df7a0c91449237c2bc7c3a78ac7bb0f9567f2576f05802c872adf183a87aa3b8217188f2f3535f877724f35b29e545de4bcf258f13bbc7edd8c6587f733c9691f74b4151cf8c060c3ae9e8d49fe7c77bf477dc9f23fd0f0b67320275529034b84f94176730923c03aa50f9584d9c2d60b8dccf85a13f243f30a51abefbbf2cda602bf3d75e849eb92422b808416c7e56b046ce38e4677ad24d23d7237a9", + "sha3_256_hash_of_signature": "caaef9fa1c8e08b5506a0bf6574de6a3092b43646bd8a155fb4c296930cb8883" + }, + { + "key_generation_seed": "1dade637ae98c393260f5bbbe288373100dd7af37eba913c528d2b7b998767cb", + "sha3_256_hash_of_public_key": "9dddafaa86d0140fc3474c40448062bd6d2344a2a2a8104dadd417aeee5ddd6a", + "sha3_256_hash_of_secret_key": "0a08da996881d35d74d134e757cd36fba22dda9e831ce6c61cb4911f15e82629", + "message": "9366ed7b3b623c411448b634446f1a3faabdd163a6cc1e2bcae4a98703cd8cee441405892fba051be2a586a6950a5ef73a255e5f86b0d7212e0c51c3bc79be4b88e76ed6f043fef3204faf044bfb1ed722d61eb5d0b74c66a257e8ac3a2206273c80d2ec2123a4dbb715d60118d99ed7322e38f1562f82379138da3ddb8baa7ce61ab729afc3748c0134633cf45a9973c05c75d04e82f631845427626b5799dc07ddf830ba01e8bc6236bb6d03b37d949dbb29eec7dfe60fbc17ea590956d251539792016e2a8b01e70476961bc9ada43cda682d0caa4fcc58810bba1a673ef8f6bc90baee701e8e4f7c04a346ca56c7b2862ff57756ce6cd1ee22d677bcdaa896eae96f87870e032c18b6c6a0c1a191fae2ed487ce55296cc4b6339eac9e8a742bd0a44c3525cc750", + "sha3_256_hash_of_signature": "f1f1520cf3c7466c8fcd86349dfefe9f4193dd4062d1c73af40843ab2ffcc816" + }, + { + "key_generation_seed": "8866693cee12b909e32a0c64381796633666417e1246b51a2643564b464b4113", + "sha3_256_hash_of_public_key": "1928cc56a0e2a209450ffc43dd0e3ede3e6adf1d8af96e58fe11243ead6c10b1", + "sha3_256_hash_of_secret_key": "ab5aa16d7689e563d8272847ec9f0b7573e8eb33a5e97d7da3e9d6aa75c92358", + "message": "0998114c84f84080e7eebb47d248980fac9d28f1abb6dbab3dd59a5cfd2c7cff7f308372874dd5447c7b02e30165501c0c673128e4c543a414222bdf47e7f4e8dca757b0f4a3281c0d10c4f02ab52aaf5b9a715e012607ba310947a60a5f62d6b8cfa96386d27cfa709189202421c078934aa2d955468e550ad4d0d4acdd98b168a9568e232192e92789830317fbc959087fffe353b6c168f3efbe7164444f1d6cba5246e31658c65440a841dba78257e78502843ec1a6e9710229c8eeb85d6cddc7d543285624aa1f756a5dd4f1a5d4fa52db8c5c34880ed448fbb6d254509fbeea0fa022f276b6a66bef7abfea6049ff74291babe781f718683397077b29fa9e2b46bc6b09251e587cc5b182195dd4060cc4a319bfbe251a5b660a739dfe5d0e5b93f3cb7e440194f1c8bda922cb1a3ee3d27edfd61c1d31a7f4534e84889ec83b51f1641892766434", + "sha3_256_hash_of_signature": "ec2549c1ab17c8059230cb837788388a0cb953e2c7e8d04f02bd6556ea6f7e54" + }, + { + "key_generation_seed": "d6dad5b2746422f4487b72536d70df88af4b2f9040aa45999f8d7784ef696da0", + "sha3_256_hash_of_public_key": "aff89049bfedf7620586b34d05d8c85908132d576ab1bd5d1070f55e93107d0a", + "sha3_256_hash_of_secret_key": "68968a3e22a3811b0638c2e5f3e4576ecda63d461187eeb2f7312fe28e73ac0d", + "message": "4cca95cb9f254c2eaa7dcffef662ee03320d5fc626a6484304bf62fc20f341fbe26e1537d7bd20e95440f7cc95ee84e1297c807a0bc9006dfcd5c22a5c1fc0865f5d70e5d63ad677fffdea52bf85d1a4f159f7ed16a745b4d971b620048b5f518eb2dc672ca35022578059e1adad7c07fe910a5d566b8321d9a12f34c250be35ce964dddea23c90ea77c9c1bbe3532feefda3637157786ec7d37775ae5cb0bb92eab45a0fb1e833e8a6f3d06b85946e31a79b64a02b31fa640ed514a85882c89f693a06354dfddb0b5e23e7792134c69c1d3908882df3a7694a05b241b87fb2dbd1a4d9f26943b69f3cdf730301663089d1ebfc23299da21300f735cedf7b109f3e0bbe273776e6aafa7054a6cd9682b967eb7903de549e9558e62dcf3ac444dd7042fea362efb555bb97fb464ad7faeaba3197c14a6740477db50ce3fb8b762f48f880381d510fcc836e5880b48f08bd6333202e838ab73f2e106cfbfb218aab802da8a00f13f78ffb70c", + "sha3_256_hash_of_signature": "6233cea6f7ade640d04252c8f0bb38aec5566163a41da5812e096845d588aeaf" + }, + { + "key_generation_seed": "68e7818f33b97ba6166768c395bd010cef7bce9995891d164303b53c1123a991", + "sha3_256_hash_of_public_key": "d36e636f7fa1fb6fdfc6ceaa71f1ffbe82bcc68f3e06dc8120bb0fce9fd97e0e", + "sha3_256_hash_of_secret_key": "4e6277ee2b0c71a5fdd37814ae58b5ca4140e7d5a85dc365c08e7ecca48c8cc0", + "message": "5c4b2e1a344da1418b0f4be3fd99505fc30f2a1e5b696e943bee2451d7b268f722e04f8e00fdd9e1a470f8c977a6d45a5f621b8815e352fa14f64977d1fa08082a48af495719ea6ac1c0b3d898603b4cf7ec88e68dd7190884382896d953d612cc21abecfb01a04a1bb1bbe8986d34625756396ccd84bd1a6b5454dda98824cd4844d98f356ab485eeb19f9196abb1c3088c0c3c5846c88760b696d91a232d6f4cffc85bff33de1a3433a27a209a461fcf37f2289f98bea7ccf183db1fc42a7edf958e7913f8711dc375e43f09be7c7a2c2b1318ae2a9cf5988fbc2ce0735a2cd9fb6c8496c34406c538c01bd494193240bff947fed47b7cce99a1747973f1faa5223ac564bba0ca8973d1310b5bfa1452cace9110bc22a8d4080a8baaa8adfa3cfb6685679b648484e3a43f9b1b2531949bbb8fae1846f6d45d9272fc2caa2913b5d9f8d322e9b18a685122d74634c60730c101578bef2480711feffe02123e76d6c846559e2ea99a98923ef095630102a5573ef027e0ab6e52555a9ede0d15a73c8b2fef87ca6fd9f903f0", + "sha3_256_hash_of_signature": "e4ea1f6405ab0c065b642d89beb375967dbf6c4dc2abc921ad03f185ad986bb9" + }, + { + "key_generation_seed": "35b153a7706109d4a13d7c4b26aa5b56d9e3fac53b47e91b0c10bd4e0eaafc19", + "sha3_256_hash_of_public_key": "1c66c37c105c8dccbd5e7fa803884f0d721ac9f1284c141666662d9f20f78ac1", + "sha3_256_hash_of_secret_key": "c3138ddfb84c30a04a6a7f9ea4677986d6892d6f2faac70d9eac535ab95851d3", + "message": "49755a7b1a7cdc5c9bdf5149968061d3c95ee67bfbaf02750c45094303a9d9cd23a08f19b9c768adc63ffd1527186d09ca4e0356bb882e263bf015cbe3716c05b31a69dddb790ba82c341ac9b6be68a81b8bef8d882304baf0020d761a0db04412033dc369961a5213b04e81736a580f1162780599cc029e262d67f31b2773afb457a1adaaa292163144f17de384234f3303111fcd89bcb30333c6c6486f775ed099043c34e6c86450b650f1a02d03781b1d20691b767d166dadf1dcc4d8604d976efdc9168373a7316dda9b9fb02a4a321218d9f54e287b7167a08bc0153843bd6355aea1310824dd5d5ec458be694af176119d9e588a29c650ff5500293659ea478b39a62149f819cdb7e7cb32e1d7b1284f159e2ab1b1ea41af4d0ac94ff3111fc1ccd818f9b2cc7a259701405fdf6a51d2d3ef62789297bd16a659f14968ef902c4a23da409bf13a4913467b5c991854b2ca6cc006d3f4197a6aa58bd5dd95c36928da9583332c3fb134fa3890fe7e299f1c17205366c4f4230724c43e4803912e72b816658bbb1b63780865a1f66a2a49b96e93711b1be97b827d12173402828b1a065b94310d5bd6098d", + "sha3_256_hash_of_signature": "6e43c7f57660908d94a441954b1b5dc2dc92a40c95dadda5d62810fdb623a84f" + }, + { + "key_generation_seed": "0e1a1634fb2396e187cd8980ef29663c42dc3ef963ccd491f817a84283a11fa0", + "sha3_256_hash_of_public_key": "eb4f4985a0ae6c716420aa2cb478e6b6d5ebcf716e34ce147b8fc092f23bebb8", + "sha3_256_hash_of_secret_key": "54938e21d7d1489031cc73b1146d4c8c23f4f86117fc5d4c946057bcab8d7a3b", + "message": "439529df1864297e33956afee00a60099b658a67830a6a6abddc329e87831d9f9b647917fedf1ae182a40402143285516fcab83f447354c72fae81ac26e7005c2aa561763c152e66bd80f14565f47defa440dbb491e7994ab9fe35995d5fbb3800ca030b43df611141637a5246ab9d9cac02efe14af60736b6bdb2babb97cf21e831e5d04d41c00f090b154977900efadd3a9313389a3f84cb3ac38e8b57b70a43dd08a8243f8154013fd5cf29de5a8df0b197c12b17e0610fcfe3625cc94067e01e23d23a243ad1c1f805cc50e1447d1df93c25b8d76396bb7199e64129522462c5fc8b30c132d4ee9e0bf6f52961fce7ecf650647e7064aa5a6574649a323e144d7c5491de4c0a1a76d08f93f87a2fc7f6955fef86991e62e2cb42908e83b0c0a8bc180b7453ced293f1e20f300431ec1d395e8a537f0bc36a673d491f14381dea90d8f176d06031b0a7afb40ea8f76d37fa82e2572b9799a5fc7cf4c49bc20ad78efa8cd989a84d72ed680ac3c0f64155c56acbfd7c7d628b418a489f961357f77bd62204adb079dd3106485a37fee535c9cf82e832d8aadcbf686976b806b02ae733db46db0bf162e973931c3e338cc86db38c66262d1b2ebc7691b8281e0b20bf36305fba996d20ecfdc695", + "sha3_256_hash_of_signature": "5dc5f8ab70f6481cf6a3355c8f6c24b675616b2c99198513ad55079b0133062a" + }, + { + "key_generation_seed": "b0bfa060f1c1a70f1ac55e321e6186a6613605dd732574b5fe6e14f0ff6f7a82", + "sha3_256_hash_of_public_key": "365792340e140b317b5b991d94b1201d804e2479a972a879bf6e36b46ddb880c", + "sha3_256_hash_of_secret_key": "673f656a109672eb30308c5ae402a26904862c553db55a50f2b2b36850592dea", + "message": "8cb18850e27d8416b88a9a71f4a66bdf447814db6c82098c371b53f61600ef5dfd88e4fb34200207c3f6f55166af4878d38fca7e2dc18fe662e3ea491b58a86246cae16090fb7ada53b9a67b3d0e3787d3323ea921274c60cffb19a889bcf0300fe10e242aae025f374dd83fbe9d007c8b9d9d75574c74146331ddec6f0e49c10dbaf15654897e33e2b4780dba484224aa6fac79015d5792faa2d532bb7d239b11d91420b98690b1fbde9632223927e0804bfb284368a426c414c3db8ea82f0d246413861475ed2dca9e80fb4f3c34fef7528069ae1975afc52ac5ad2cdbca1459e140f655556093210d7905a1a1e6ceeaef0194a0b2eab2c1ee853484e715d2a1db551fdc620d5331164c74ca4848b61d408d2f2a943fa09efeb63d524691c99dcc0b22cc61b98e6fb8039e5e0b2d7de2caaa900a44184bd56c9f02141a3ae8afc661e3e898ecd3004fdb0704272ba780cd5de35153b6fe223843024273642dcf8e4b58be2ab1f61668680084aa0b75a32e766c8ae5eb30d4e02a12e6798dea40f80d8ddfad2041a52922701c689f46f49f84cfc05eca6d7d4c356d50b6a0ba61966245d45134d6a1f5197540a1c39c36bb0b78831af3f5156e669fd9213b64e0cf1c5a31e88ae79ad61757ec67b551b9f0a760f646bf81f6b92403a62840cc29fa4f3949b3a9f0a9a4286ee7808a", + "sha3_256_hash_of_signature": "a5f47dd43037738ece502e548db273c37cdd544e68fca1237183bbfdc2999f30" + }, + { + "key_generation_seed": "a33bc0a7a08c13c0d4c1174ddd886aac4c5666e1f4831f006c9519d36b2ce882", + "sha3_256_hash_of_public_key": "37e0c0bf89b791d23fe95f54c3faf0d2402eab69389af7970b5db9e6f04ebd18", + "sha3_256_hash_of_secret_key": "9320f7675ae6415a4f8f9e4635430858fdd6dd1e5530fafa8d9a23d93a2d503a", + "message": "9b64813c058f07a09a796fd764604eaf58ce144363702896df0ab5ff26d5de000d14bb8fd358ff5532d3b909ab62c18ac30f1900f84ebd3f4f18bd532d16c7b3470f0f8bdf72938c916db18bcf1429dc1635b1c152c5f89a9edb17116c11815a6c06273a889132923da908ff39f4940a840d3cb575dc4d637aafd37968ec61fc4ea04b4c320491a73ecfbdd8e10f1dfe902fccef93dd287ed872f67146bb8ca5a6adcf0350e8bba7f2f9762c4aa748fce19748eb17334146c152fd63fae3dfbb1a2c2b3c78960369551fdac5d54643beeaa59c1feb0c21dbbb19977d848cd82a7ae0005f45956e0fe4700f14fbaa0c12fb8c65a6aec95c5a5c8e79a6da9c4e446872575c06ae49a31b82245e1757c7ce84d6d5df3f642d3434b7e1a15a8b8a9db460826b6cdca69022dbf87595b582ddbb90a81e09a13c2ab1c125e4435ff30abc9c56a00edfa979f79d9c895e800d2dd6372fae5faacd83adf8a6d55279d52df547e9bab39d99076ad7d297371344d35bd584e0fb5932f92fd5183b9250cd180fc645bef6028c405b0ef35daf783428173f1f2482aa1363640f66af0fe8ecacc0dab84abd2a1fb53af44445698cf1ddf4c2ea214dd339be004e75bf76e95ca5c16981aba5540689c1c1f1daf4d0f89d62ccb3496340d61e7d5f5156fd3edd02edfec8fcdd0b231697b0e66f4a3aaf46117532f5ee2cb4d2b3b82b0beae0a45a482ce9a976cc99aa82beb0fe08cb68c4", + "sha3_256_hash_of_signature": "aed96b3019fd4241b29d8027663a158b26a4d0ab3ea0505a96324478b5ad826b" + }, + { + "key_generation_seed": "c7e33fa5329142b668ccdde1057eb7a8619397537f2b4c6d6755b3b9ff936441", + "sha3_256_hash_of_public_key": "fd64fa494317637cc614283d88b58b8d76459910e83996a4cda65a82ecdadfbf", + "sha3_256_hash_of_secret_key": "bef84703f8479955bdcf63175ea132e944fd446195554decb988d10a67b1b38e", + "message": "922320f7439e492f13c272a5738ff7122dd7a6b2832632e1f7a653fef3b8639bcb9e84f482f22a948ea17dde6958489593d2cb268bb52df8ed612f2317bd6847d1622cf0532cb499adc432233b93b6f7b1866b38975ac87859ac49f91e8d235846775f9e6e6d052339c741ef6178016edb3d0b1e3f3536667b3ea2d489f88d254b8582421a31461374f465d7ad62e896be0857134707a70477fabc09fe0a5cc3b3f32911f5ff3806b878205525af69007f50535df05c33af3b0d00e297ac7eaa012e1d863dd5dd5fa47fb09467dbad8bc42edbab42a9625bfdb9fe578343297506a3b71cdc8d5919955af4605fcb0c7164d96a187aff65d0f6210fef2d11ba08d90c4458542be72e084577be9e451b8b6f4909884bcc5d25316adccd0925664d4d91c2e56433c1b68c632b0ca56d856df1edd5e113d1f026b30dac4fd648a504f8f6809c701c97bcac2b99286cef5c1c923200b1bf6141ee1cfc51c5e14554bc02d7e058970254d2c02948360abc4dfb439e66946a8ad615147bd8a6cb0886211e8b15dff3c72b6f8908ce56bbc1b40e838103202e9f188d98e07555db61778f895f76fbd838b6d14209d28eb393668924ac0e61072cbd9f93b864904ff4302dcea131b2ca16bb04959acee096b1963ce07f59ab505fcc8d89fe08fc58751965f2f5ca753d76d58705652d3b1505e0f720ede3142de9776ffe4aa0c8a25e76c7a04843377c59f1002844e89189e22f621467b813a98bf07540a1649264f14a6844d65692617f7a4d93fa9a23829e256626", + "sha3_256_hash_of_signature": "1848764c75926af38c85956041b80ee6ce75ec6b36cae3eaa453c5ceafe3584e" + }, + { + "key_generation_seed": "7611b5b7d4195d5f8b97244b6811748efea929ea272e66435a36d0bd16e3bf21", + "sha3_256_hash_of_public_key": "63880e326e160dfd4a8f8806bc13a3dfa237c5ee19c08bd1041560d66e47369a", + "sha3_256_hash_of_secret_key": "f7e0e84954ddd247aab93c689ef33b33bf2458ab68cdba8841fd65b50b6be627", + "message": "576289d10ab03d5699eac322d349f55c547101e4424bfa43bbba3747b79f075ae1153a7a0ac8bb51d24fc46b7604e42efe4343fa34aa4eb16d918f25e8a4d67c860cca3f7480e1221ed3ae13a138f079fc252c6d7bebc55cb81b86e74f339614bebcf7e8f4440df8678b01a4a41b3afb1d112fe1c4c8d8c6bfe9d3ee2a335d477c60fbf43b2e5fffe1546f5172ef51cffb2a772e1575eac79b24d49fd77f0be351233e57ee6dcc7e2e29994873abd434d34ace83400c026e27e27888ea0bdd1bde5a3e55aa8b5f2feb57b8b0a96cd831906297c8169d04f15843a3249c50523cf56a4e19492ea16927dba8759b88a99e0d20820e51fc9b6a6863115cf05c5bc3f4c869eb5a87124df5db102d737f3899cfaa5fea4dd62dc4fedb1aaff67906adaf8968020efa5b10190f70e5f2c0f0457e4341bd449201d3a80aeb791254ec1c46ddcebc3896c6df702509ba62cd446d275806438eb4c03132b2e6bd01bd2f832d1d3c053c48c5a9db1c4a22b130c4c9e96a2bf4c2a8f7de0217a52d9aa5aeee5e6a49708237eab60b4019a51390c3ef10572a73d436875bb8d7d78543f96376e4bf3bcaabb92f89215e8d1093f3b287945708b5514bd7e62654d3bdf34b29009c64829a0cbf33c54d7ab0e81b81bdda93028b341ab1dff3d752dc4a1e5f9636a5c46e137ea35919d99e6571c5370c6e804bd2e2abf566f035d65cf8f97e3e8f2ecafa153bc6d8ec2831667a37fc96d1c2da40ba84d0fb041def32aadaef3f98cafa957f6552f79d28a36b8ba20a9452671de1be8af5d66714232507edb9ff657f3d7e5fa7320fc0359a5f99280d446283bc", + "sha3_256_hash_of_signature": "9f081ee95d933d8d8cfd66d14c6cc30b5b5d59c42637b87eca2c24b5970d0c3f" + }, + { + "key_generation_seed": "5a1e3e05c72cef1a73ef98840da035e4fd2552912db8dae28a79011de4bbc1a4", + "sha3_256_hash_of_public_key": "69e45a3783e1419d490811a456cb19bcb253395d1e70eaf67b479d8f9e1cb032", + "sha3_256_hash_of_secret_key": "5c345b50891e1acc32c806216786d63536743f2524190f1d5ddd6c72b33a811e", + "message": "021e9c06a2e4ef63d1a61958620c40016783879080d44311e04f2a446bcaee5a486d17ff0f356ba70ff1c2b55bf957a59202903ae349878cb822e04275e0afaabc0803bb6cde3741e0bf9fce0c5d5c814977474533dc63f9ed4f32ac3477a3ec9893ef55186728c85b03f4c2e61ca7733e1706766aeb8fea80e233e8761b57fd5a3cef700196674b34a3a55f68b3368b688fb1ddc976ff48ba6a98e2d66023f291a3c617a56ccbdb8732b8c34369ed11f4ccea8fc8f673ad9fa0fd8990bef70af44c617fdfa096695d0c94ea8e17554f4461dc776db2f416448b17680fe4d29b09e57603d8ebf55771af84d8d4b9097302901c25cb6d73932e67c323d12c8acb0e74cb89755f7eb3999d4eab5e1b775e6b5c29d9733697030a26f3b93b3f286db0f2dbda71e1f103878063e77919d8892eb6a34f821b603ed4a898a9f30d00feef20985fef1a7b7af70dd29c269e88687f005d551ef05eb0603fd38745aed4f5bf4c2fc09f0604c98ae3a89e46bbfe907b87a1672de547d651f035f392a8d4db5e7260f43953028e312b95b9f25fff2c0c579218390411d13d9a25f22de4c7aa05fd11781db08977160d48e02372c7d826f5cac37d1a9b4230be99a2d13cc2e9b2b17f0a1044eb9e0a2fba376d35cdd2bc05f57dce4bbc3bf07a09bcde369929e6250efdc61689466b040aea376b09453a2c16813bbb685b54a225c49008ba6811e8bb5b3627f8c281244fdf5533216d126ed0e64fdabec533424bff77fe722cc438ca7587c19d965f0bf085d8692c27c5c84a9dee53256d978948d89abdf9842e0b765be6a507d8630cbc5ca7fa0fbca1cecc78d2e536aa7b2b902c4379777ac0920d69c57cc4e6032252bde99e1a555e80d4", + "sha3_256_hash_of_signature": "4b7f726043116b4fcf3eaee9a09fb7ca0cead7b3b9d2c64d77bd3376d4c0934e" + }, + { + "key_generation_seed": "8f3920a235eec3659cfcfe62931474204eae264959702f901d461b66d9bb563d", + "sha3_256_hash_of_public_key": "2e8a050e49a910f9d0243297fba35c701ccb0409653e013770b3cf6b5e4e6ec2", + "sha3_256_hash_of_secret_key": "9a164d974567676f38b0144b72b0d488a35f1ff5f5ddcede39daa52a775eb7c5", + "message": "7bedafebabbbfb863ce496475f54e69a905afa45899c3d7c16cfc73e31597d2404ae7014612e4cbfa238efaf5b396b0b7435ada5de817e013188c280423c68924e1fa2a33ca56e6b85b7cca7f00d3a6151f0629c1b92a13573320e0025863bba7f3eeb987ee1b1a6230b10765dfc1feea498ae4b83521188e7503b506259103cefb370e3651b06dd4f08013ff3ab9e2430626b0bd584232948462d85c0f82da07b96fc65f62a43cd2f132d1a1d691c085980dad8796cce2fa0b268395eac3da2cc400f30f75be87316216980ce213b48651ddb9e294f8cdb2ca05d3f2a507e4a03e2849aa8062918afb5bce9e4c3abf2ffd4751dddcf08ab09e36a29b830f3bac6feebea084575472e6f4b239af89965a72954769a83e391de467934237b07d8884a6b14cad034fbf9bd7531d50d742e234e227e1a2daf77a2ffacc579525134b15186d81ae6e5538871024bd2897475d6ee5b11bc51edbb928d98475073785a75b331bf3d2297165ae6cf95c3a05f06df747498462054f58a5ac736f96014b1a8cdb319d030d06dad9cab2b913f35fc392e1fc4b027cdbe775d64b04f1076a7c8f44c360745f98e87b84c18ab76f84f373f635af4c8a87df08dd4507899bad892ff8cc1ee534d3277b5b82095628b84a7d5582149cf46c50aa963b56b4b91966b106b4b2eaa45d83a10993e8f933370ab29c6606b7ccfc41b21c6b99f2b9ac643e24300b350fa199ec10e64e4af19181f78e8c43b2fa796241dc42cc8992bdfcdc39e7bc41be68cdce4fbc47c996db42e8249eedc146c216b514430c705fc939b9eef677ad87f9cee3398551fa0daf774302324a410f4a4f4fc035cfbe960b38c390441e92d9e5624a8745976bc88fa538e398712361b77ad4ca5ff038d9f6ce157eb8a6137420d4e57018275dceebc4e480a5d", + "sha3_256_hash_of_signature": "e2c5a99b82459a2ed2f71cba043bd783c338c24ba75616ef333354a38b7bafe8" + }, + { + "key_generation_seed": "0b2b3eb50681403a0b9a99b25041a489c6d45d2a49de0ec83e1fd10922abe2d5", + "sha3_256_hash_of_public_key": "45cf004b8391e6193a2af4258edf5de69f3e339a7c82288f307eccda5ddf7adf", + "sha3_256_hash_of_secret_key": "023257ad7d7fd46dad5360f23f96b047a284f87d666d3930868384d8447032f7", + "message": "a86ee95388df139f9c5a84108d1e63f7a7842909b818e9a0425c257649abf125386fb5286031e7e6d0eeb85c452e254da39bbda51f0d2167ec0a51992753ddfa76874aa80804e705cf8bbadf3b82b6d7fba3d1cad130abcc0b44d6d893356f3e94bf8e82ac532ef8c5e5f4200207bcf6b754f14e57a889ffb753f516ef8de2a647fad8e449264f0bbb4cf48bd01501736da49509c3426a3d4108b98e6a4aa6c4430e8ee76540051fbd1dfbfc01750e26547f8718ef7d897a0342bb000fb99aa63b781c9a4b831da798c014e58725e03d2f8b1a029c3337f4099239244aa320965b2cb5075052d901b6077a18c1ecfa5f272850a475b5f6bbc83f3c09a27072f80743b23ec6a9870913ee2805b4d296b2f81a9d733e5c8d5c0b477e51f9328af3af8abed960408afecd27fbdd08fef50f4b07959646e0a02104a69674294a79de0b25b65f4dbfa797e5fa56d66e8bc07d5e2e7c7d2e845699acea3bfac60b2c0b988cbab949a5b598d8e2f1aec66196e115ad7f237a1c7fcfb95a1bbd6939a250e7bb0f4a02c23cb1bd81090cb770e3a70cb081d121bd0bd5ed1dc06d61282b98bf2dd7b13d2c6cf833891c67951d7d0f429ebde3f1da943adb8ad285e6f13f798d6cd9a0a06bcd6125ebaa48f8f3bd5100a122f617817e3c42ebc3c3b154258fa26b9fd886ebfad42dedc6a2c4f9986bad88a2a79d7ee603554e9cfc5fe33a3a171cf7ba94fd43228019b2f6ff96a8abbc58d2098ad95a95442f6858eb69e131d7bcadad81b9bb69d7682a978279b631e22927decffbefbe8fb2e51d46a3fca66225d30451cef9953ef94f30b99f2b26ea75b84935ea4fb257dbe5734454b8087b3a4e115c6d31e72709303e9f0bb8c86fc6b11b93b53f9781bb92851a5cb5dc00d0b4e15683dbe4edbe986966fe1f711f24de9a0e1beaea8e835c70cddc589773d31191b74af780eb69867829abed6d3ffa94d577", + "sha3_256_hash_of_signature": "42ea51562359ab4ddbfc30b21f4652b63819d9ad76174cabda7caf490912a22f" + }, + { + "key_generation_seed": "8217d32cd15658d39cdca92c41b59f5780869a68838a3579dea48b5e3ea768aa", + "sha3_256_hash_of_public_key": "f3112c3e700c8b93bda862dc3736d67ce7259a441dbb1f3e76718670d7bf6738", + "sha3_256_hash_of_secret_key": "e49626947800bdcbf5cee0c70caad5a1fc149e2f253ca803e0ddf7bd0c07ef8d", + "message": "f5abe373ce1f6fb14f2014f5bc0071b17ab2c84e8845fcbf4b15c79fbf2e5e06cffe6cad9a283014a975f81c9216b261cbc79edcd58d0e20c586d7c641e0ee97221befe54dbcc56a594df103ec24b52ddbb6052d1644972640f39deb98997fee7a252a65070798b7e46707fa440375b1ba705b3ecc7eac56d9c45297e585299c7d747b430f0d01e82081c70b4a87846f90267d5163181ded63e089a00afd33b0e2b3ace91182d8cc899223ce65a5d84b86bb3e8b34b13949bc800f2145468ba5411eacd6a6c331c340d4442d28efa0da959a2797c7181bd4bbe6e6dffd134cef373ecb0ec08590f06be0ce292d3718e2c0efc7cb40f1db26f5f38fdc82a72f81afbbc16591ee02dc818d63cae69ff0a28f942f7e07f6b0a741f3f0ebe3d0ea5859024aa408462d3d268c23f95d717c0a685a4ca73ad90ee923db57cd6cdd828b7ab0d4afa6a9ad7e32d407a44d7515c0a6af52a66ad72119ba1daec6514de3f8b462ec473072226aad61135b0f5ec646ba9a127c9894e51fdd1b2d38011a2a6d7497a55283133695d0af9b3ff7c5a8fd667231f9e511e3b8c4c3adc44d02de08c47b2382de67b32826754c6be5231ce0fc657341e20247cc6ce574f3d1a9376ac8237b49e5030e877a4e33cde25d838ead659eb1678706c759707fc66ce84cc968a8334c18f1632348824a6985a0331a93b59497b70c1a03a6848f18f5992972bc79f07f4222d2612797f495463836ae6cd3858d5b9bdf744a1cf361b5d454d41ac899a4fa61081b937cbabbf0ffec1b31c162224ea36ca2cd7fce54ec1a504932acc5bd0b17a156da7488f7017e4916a687fde7fcebb2901813b07964084ab0447a94dac3a0d3fda05b9f497cc1555a8c74838e29cb8ce89d304debe419d26ba7f3dc6e9526bd895495a5ff1d7ec83f70d045e306e7c2487a52cd7553f062d31888ef7fd27f667fcffa984afe0b9a4c4e85ca943812cdc157c5486b0b5ea6da05e4bb8697113190321a976d1806da129101e60a28b7", + "sha3_256_hash_of_signature": "2fcc2ce7aae116db3db6a443e74bbf170d4371af5e89df17d3d617d0579eb1a2" + }, + { + "key_generation_seed": "cc625322c9d52898e7f60ae47bc2847e20f3722794de41e30fdb20ca1a093208", + "sha3_256_hash_of_public_key": "a8749c91e13aba804d68170c8cec60f51db79b391e49927327ec893706f051d5", + "sha3_256_hash_of_secret_key": "2b0c8b8c611146d890574a21d28b1005941e7d67f4aabbfe34fc6d890d5adb94", + "message": "4c4697a7d8195bc7d4b8f2fcf3a7e9419e8fc9ac6bafc5d658260511c697286bfe44e2ce98c21c98be42e5af0fceef8aa54c5770af287a81c7481fe3391a6111ae6243d545b2a651599b45931d7640579f8659a8bd6f77260f235f71476ed64714fddb70c549cbe089322130f7b0a21f530508970d55cba55baeacbedf684c7979078102ecffc2c3f182f710280cabc2decd3d3b5d3ce908cb2307b00fcc0c5412a12aecd041b5f70cc0149390312b9c81592bb0e2ece83d4495944e29aa798de67fd69e2bd0695dc573f78d8bb48e6b8679e1c50d1e6e58e218b77ee51597eb43ecf7301d86f457353d60e98cedc95b4a76844e889bf7e9d03503757569e40d55ab43d63293eddbb579fe981ffd4dab056f85006ffb5e759b9c16f5f6b235d7dd78458a73ef37118edf599aa504e9db9ab5dbc90b8e478f3dc1f35a7c4604a383bbbb410cfb2c5f746f83ef94bdb2f244d421818c26827d5b7d665b8a802181eb7a9ce95b6633e24d914feca7e969f64038acc3009b15168426edb67af2ccf4e859f5c616891d355f7910acfa599c396bbb2d2782cbf1432e6259faa77730b6b86fe0d67730152cd2ae0f9b0314048ccd25772c01fc9773ebf06618a8ce1e940f48663427775990cdc41c4dd3e9ac6eda1ea50e04f1d329e64c8532a7ae32238c131753d60a25810a5ffbeaa9007a6984ef69eed92b777e079ce0ff48c2aee9c18d1db9f49b5419ec6c0e2212ddd2e2fdeaf0fe9f2b84d9c50dde86a70fc28bbf8918a973cc67a36e97ce3027d73891e7aeb24baf4b12a9dc8aab5d6afa380bfac3703d2d32f1e40fbb532fd6d7d710dc0741dfc7eabfe55ba5c311a00e3be55c2ee74155e3a06685071a962d7532ac76d59fc187eff01f8d339f74323732168fa5d14f4b2a72c9164a04a6ef14bf5deb1833e4baa19a55ae590f542d4448e0eaff0e0afd2fb30fd671631b9325f4a0bac9a43dcd2840185a2f601117a625b0dad5503578537be2a535d2f556f371536bcf68c0e01c96301f08e1567dbf9d8504096a8fd89c086db695da191099fd1e8ea94035276d1d", + "sha3_256_hash_of_signature": "2d793dd2f33f71348b55fda115ff7cc9f3804783dca25e9e7b63885e5483d8b4" + }, + { + "key_generation_seed": "950226d6ab0b774c5f439afcfd0113b5dbf5905960c445f5e6e03e5d5c687a9a", + "sha3_256_hash_of_public_key": "854898f8cf4693fcaab45fec0c021b4dfc40150a8d3ab99718cb8295a01e9564", + "sha3_256_hash_of_secret_key": "42358930eb1a42a545e5d7259643a8bda3fa4eea99929c2c3ea2887b1082096b", + "message": "72713ea55f1e5ccd5787f172657c6f6c74081de2d70816e8531497965df02dac04d91c4d09dcf8904cb152e2138f829386f4351015da253a5b5eb92d96e537dae3ce809443ea90332d9c754eb11f4de586a83b5dee7b1b9bd547ee7107530249b14279baa04683d74b69d7bfc8bbcd447fe7706593c01188fe6ad8d0e2572d49f83e93986b380d4169bdd94e3311941dd2b041dfabc5aea1297c65bb5c8352c99ff838d46b93b3e5f79e3cc5be5408fe5e59a10d488dd65a997b086fdd96cefb0247b2baf7b490317e34330a879d04e374c92ada33ee243d84da015fddec243b00bd7488aefe373e8ab1890273a7a2285988e9daf9c4e7c5a17f54ad6195ede2c79657e1bcced0641e20f7ee26eaf53dd8c82827f2d2783d44fb030c95791f41653e628062267a5cf534df00116c1ed1de9f360b97555c65cdd80724104fb1bd4da5785b5d9c24438557e48aee58d57a03e06d553b05b67e1c8d10085c2f153647f174f7922fb8d2210454f7014bddbc627756eb7cdef99b6e3a2779f82088e3f2da14c2dcb5b185aeb5d6acbfad43e286aae8f84a58e8df6abc64e4a8efd69fea18dbfa6808f25fd418de8ba923500b74e34dda3ca6ad8dc208102dc4a876d8b8cd2926aea4b3ae11a546f6235abea152dbdf43e0bcdfcdc83299207f294a707c8b4d1f56aa64a205c718aca69b862afe7489f11b324e7af6be68380d2ca6e0af0e2e20f890f2cf98907a9d43135c03e85e86c9ee417140efee9054b46c110a84f1841ae3cfafe5b4a95d6b2b606d8d0a70baea85c9412bc2d54146e9f866800e8e8615a0d64d1d595677e8c88699e3ca6097d47e9fe64050fb55033fad4d5f226da8eb5ddf99369acc7552927ed3ac7368b9efea2443926df26d1c172858fd8a5d4e1d7d39e7f7df047385d39131184087cdc45b299bd1f7048e918223da3f960608e853ee49ea667465dbbd889cbda20ffbb540c9ebba5c2cd16a22a57b561e01331d6ea6bdadbd6a5d2bd1441ef4e1d9dd11cc62a0fa5bbffcbed0d27b6acaf0889eaa5863dd9bb35920707b71a0805630d1769fea320516e71cb2b125ac274f16f7a6876f4b922c7c006f38ae1f7183ca768715d2af", + "sha3_256_hash_of_signature": "a6ba8d77064d1f844a0cdee99bf4a1902c7406aef4ba8bd564e3a833b0afd180" + }, + { + "key_generation_seed": "a6b534767a6d839fd19075ae0ba10147c46862bf7bbcbe83f2b72f72f1368a1f", + "sha3_256_hash_of_public_key": "de56b81affa8f3b59df12c3687dec48c7eb3aed89ecbbe4e0990a12d3f518ec6", + "sha3_256_hash_of_secret_key": "1f58ad3e8583d88ac23a60be031cdf1ef488f2de3ee325cdf995310de18d676a", + "message": "209658cd1d801079ffe8e950bafd70a028cfcc35b9fb00d232c5603a1d51ba13e5de59e0277962c4474e9f3f60fcd99c9b79665b3839d5c037b921a4de8e144fa1d38182fbdeecda6934e814d9186591f01c5e23349b34f4439b4d402c4072cb4d702966ab473d2c39443f41fbdd0c48e566d33e076422ee72fb47b2ffd661f367e9efddc988bca02382ef93590d4fe3ece8b1d9d8b3a653219c7d131b43e2fde2851541f467c31129e6f9b9d124221cd52610b9f138eac1d01f193148fa0415b29f5c86d15067eb1e26c9d51f05655e8545f734f8f244854ad76c6b04c230898bea33efdceef100d79f8e3b894ba583466749b82007067806e3a7b3ba954f6fc5abff0e099a24d14d865f6f4538736124acc5ead4169ddf2144ad558da3c74cdabec147d2afa113edfd1e2280766b18792310fb6b4fe5d0d9f65906b1cc43655bb3d6178ef9093ac9c8f1a91bf49008179394eee79e1d8e3228f567770c1ba1e30ba4bce2465ab68f53ce21c0d8ab2f6e535828f211d4db957dc3af8b7e00dabd8f1f74c959b2aff45121c5b5abd3136c6f55d5f5ffdbcebc3cd7a430ff3813d23bcdc1254fe6949da4e7694028b7fcb876099e91b92c65d85c39d4be9325afe81703e5b18cbd7bd9eb59a9bb9408abd966ade9a60303807ad1b2c14c04cdf8fae6950a55b21c9ebb5e94713bf8c2890215c5da94b59cb31edc671093b15ff5014db4cd3ea8060260dc1612e9fd6e5ab40f0656121f689c8e94212269a7b24305c83bf0583418755ce690913cb081f2893fb42bc4750f2c053c48c1552430793cdde1a49ac9e21913210d727c4beb5640ab9b7505ea4e59af417a085394181784bf1bb0bc32bd71cc57ce77541581f14b8ba4b758500694796262b561a38c72893c77b548d779a3833eeb064cddba5471cbffbc769e139946155bf376a56415ab743de568cd21895ed6951b5bfe1b1629dd6510dcd4483f206954964e0517546dd96900a2540a51835818d1730b0c9123e7fd8b28e6843bffb659945a273cea944ff6e83c234b3e43db4630614e0b67778ea760ee341fe68c525e90475a1560821ae6b2a85015292c36eaa2e041ac04fb55922c48204525187c7e0476a9fed04efbba96f369d8ae709506620127fd399613a9796c4ff96d7e", + "sha3_256_hash_of_signature": "a9eb3fba3dc3ddd9e163e8af64f0b7cfb3c865c52d95d4c48d472c5c7a2dde71" + }, + { + "key_generation_seed": "103164ed522df0db131c15e139c0f83d9b1b7a1b6ecf7f89a5248cad7e68de8c", + "sha3_256_hash_of_public_key": "3ac698a7c5cd9ecc29a239a2d30c273790ad65beab74b296ff3574502d3e4903", + "sha3_256_hash_of_secret_key": "bf9fa041743d8d5d2f44455a846a97665dabc6aac7dc8480bc46a91788fd9227", + "message": "8f37a065dd696ad437ec82909261b842ec0a3e66f8ac574105a3c82ec8b4926f2466fa550f8ea1b6a9a142c00afa44be6512a85350930dffc99b95aa21012057051b68c48581ae439b9290a163aa4b6afcf80ffb91a3321c7b9abad56d5dc1be4e67e5576c9f3a7db96071859b94eb22a73dd96c66ae67ab11d1ab62a86d826c682dfb8cca3259dcb5b34be635421cd4206e7d92147f14c36424eaa407b441f58e5c187e58a26b2ae144888a3cc1387ac7d0a681eeddc3b7781ab282e8185ccf33fb27500cfd119e0415db1e45237520a868c8457c88a1d3ee97ec9451da35d7e74924f8902949e7eb14ba87c8ac672d7e4f3bec1b2814dfa67a8dd2e2d4ff4661d64bc4c6d6a78d4e489689b6063cdff5a3f1554501b424284a9f4b8fe777fe4e6afb83a85e36200a9ab40b9c18678454b2a3f50a4862ba1e36f0c57ad004ff90192b5619614e37dbb38a1b8a65ac613f7796c70772128377065b84f122540106d1b4f9123c4e009b4c0a85d59b35f72debddd154abec7f3fb25fd1fa04367386098de610b26fa3ecb031a6072d14607e92ffbe195abff71e586a984131af24e18ae94dbab0544fd2ad217960f337111bfbd4046809ea03c7c47b7177757a4a43e1fd0134859ba735a8fc17597e593bb58322136602954d3a21096b0d1dee5cf0ad17a5fcf561ffa21caa70d33998840e4cfa18ba481704a8b82d2cc1c110fc9a6704751365ae9f338afe4cf9c811697dddfa8635a2f3cd02dd1845251014bf2f2d6c02a907bd783207c4773a937048a07c500d7c424b5f65a2c376523740df9a0b60437cb8ae17d64dd51dd4e433af83b20c4b6b890b97976df09e3a86ac19006c229d59fc7a2923245b7b1f0acf7c42e486d41ca1ac1d7051aeef6003ce94182f97d099c74317f61eb47ae18c2bed6a3cb253c21ec835e435123e0a657ed926f880ce8e5de3155272328a467278f52ac50a1121ae818a3ea3a2e1f7401ce23aaf66a4ac289748a7e98a5124c586d8957bb4edd3f091492bb1a64d75efcd45ad51ca420f15da848b20dc6bb765e7b71359b3a9e95e121266ae4a40dc2e9a3d81ea1b1a643594b3d4e6abb7d1202201de92bdf0cc1ed977e2d5851822a01f48a6f23180822888ce345ac9be0cc69bc448d41ca20b79c35b1dad73e6c683e70c4439b404cbf07fcc39b0e5a1d33f3717a6bad28a6da4f091bc7a", + "sha3_256_hash_of_signature": "63d247f7ba3919226761ee91fda1319aa8ea1a4a975459165a128b60319ba808" + }, + { + "key_generation_seed": "bc962d978f38881085c1b813bc90eee44ad9e7651681c20ba46402f557c454de", + "sha3_256_hash_of_public_key": "3d2c2a0f7e74fe1e378d1fadd66e2790885cb011f03fc1099575a333c460feb1", + "sha3_256_hash_of_secret_key": "85363d5285e510a83f09877347be77c49a6265d03ce8d59636ddcd8f3addd3c8", + "message": "30d61c6fbd64113fced8c5205026ebac0d9f3522182617cb00b6e70c8da62ecc1bbc8e1fdaf17cc61dd01ce85a9072cc1d9d34fdadba5b93e0aab4c9c4c9e26d3f7f145fcb23673b6e0b373c0fd1a58f52486b72624ef91a539519ee5305772a006e49521744912bcf3cdbad424f00428aa96ccc21d000efb09da5ce652e361a6fb649a060835e3b9dc9cbec660c7531620115ec905dca6ee2a1ce36554c0fc1d6dd6863b8f3843508ed5c214b6923e7f5c0304e9b0d5e5e433bd029116a33a60cb980737ac950577d0594bfe0ad2225cb8d3fa42f192b0ec05a49391632a32fa931c0fbd83a7b6ea24301ad0906e7911f9d900d19ae1247ababb1c0e9b9bd165185d9d7413ea068fe8824cce5b3ad51fe8e2bb2c4022c61b002c1df4852e4910f38613787ca12371038b6364d920e07b4b417401253451ddc25624b5d038b2dfe29b8494ec960f87803caa256a95c9868af819747e4bf26faaba6ddbaed93a7815c795ad5eb7fb4592df678ac1375388cc7ed3a6230cbe80abbb113c80b70c789cf0c66b943e67ce814f12d3d83f3b90a4320feb7fb81dc93b05d7fe2d36584399214d3d7c71aef322a5d04b5470703b3660bf86b0b17ba9ff23e45f7befec3758786d2111c81ba4d81b83feea35a0668e5eb3694963bb4db3acce4fcba6f3f6fed9627580dd2d2dc103ef7e52bb9745bd42a7fbdb459b5c8aaeba67686eb899e3177faf0897c61b008ace3304c41b4c79e2ef9c865e9958d8716bddb69154fb33187d927b5296c1589fb1ae3d553f116ff6cae56910ce6717c446b9947ab2a981a8f5999c1c6e517eb3fe584f5d10059910e22f40fbddb709c9f686f51abf7d7206a8bab4a346b51523c362d749238d7ef6671a89cd86a8540604f134d760267e91eb92fc0fc275cab69c776ef81dbad35027e5307f1d34ebf5d6e4df424d709666a1e649c044c4930098b2e6e3782a93976b55073c504563c7e052b6816c07f0fd54a759d2bc189fac3ff54549fc4de192efb58a9e301863a77380967735910f63d35ef5fdbd8751de4bc6bf2e3095628dc7f67c1f5571d17aa342593b2c7f953c3f0f22da1862122031bbeaf0d00a029c043304e3e2609c4fed8a7404fa10e2ec846a70eb0e37c5be61e698cf2296ec1fbe6fed75f6fe3113c23b29afb5a6d7e3a9e46e2d89d8c06450cea11492c1a97f7d6be8ff6c014930043022b264fd32593952bc606f779598631e48eed86ec2a013d8eb866f311a400", + "sha3_256_hash_of_signature": "ab0e4113ed7b372a98f9860ad157ec02e5576cde54ed814af6ebf8c5d63ca358" + }, + { + "key_generation_seed": "c3de54854a4060ea09ed92a363f71c7863eba64195e9ac79e7ad7eb6a183cfac", + "sha3_256_hash_of_public_key": "76e2058ce5d2e0df86e9aa2d9dae2a14d0741ed690d3dff367ddd8e7c81db22f", + "sha3_256_hash_of_secret_key": "39223d7e254cb188a387f425c67daa45484b11d589b9b7c1374b81620e0db812", + "message": "c83441b16b39bd7993766e7260d07751af2f19a41e70689b0eeed0c118d9ef109866aaef31b2d2962a25a3d1ca999214cdf0eb54598382eead64435b7122d275ea8879bd47b41eb64ea908867fd78ecfbe8e992a2636aa7477de5058179565d3a2ceb8ace5c0302018043c411d89975a64927b48cb622a13f1ed85cc1113897a68488161afa1e636ec786a0aa37b928ba88a50164a9ec372523aa9ec8885aa9c95b29f7ca1bbf0652bac195ba94e976d336b69a9f5346b4c7c81457f802dc9757c7a2435a617317340f764c1a2ae131a716318f00af0efa89d3b57d8f31e155598b3944d950d6a1d6485b509358efb3745b95edc30dcff02574f54dfb2d31b259d132d18897df868115679f06d41102cd4eed4ea290f711148b99b647b8555a4c0dca1d2d0871c59ab1382a2d6417e6236d71e2bfa1a75cda54f93e6c087d611878ac7670a04fd7d8cb0993f456e3bc1c3b5898076e22d2d9e0eebc7d7bb8d142bd2b5f6fa42b40bf676fb69c532d7520a4a105ef0c1337f53d6e9b4ba17f1e76af4cfdf08f794752d2bf71e8777e2a209f8891b1a53d7bf2a5786b00b9a0cd0fce79408f26befa2535be188a68201b1514074cd70660971f86e8d3e92790ae7ac591aa7a996149bcdf060c615209ffab82e6000f41b2a5606fdaf4cd08cab0c2f1103b2436b1fd7dec477c6233fbca3b07a0ca01bf3476bfe5334e32aaa2ed35d5747d673e7bb622e1aa7901c77f28a3ab2197c8b8253a1d28c969eee73d17ad71c7919e7f217ba2badbd1ebf986cfe981024fc347028c1109cd4204c7d53535a9b677e39a43193e054d0fd68104d88934dc7ba6cb3e942aec744b935cdcfeef4221784f96798e650ffb0febf2715d75339d0cb6c2e57c1e9d10f13e6786b7f041ab307b8cfa51a2f10b622995230fba54b70d94ae278ec224d9d0950ba97beba7eeb0e2fbc4093e548d9ec09ca1a08e5f0483024d7c1927ff8dc270900d42d31b81b13a29839bd746cbb3591bc33817741a31dea308f549a74f3a4e5478844183b8d7363ac1f4d4a5e907d9ed98afd08fb8baa84c324563495387a4f12c239fb63f0810447131311b2d2ca302c7da2da57c94c3b5e844f537886fb766ec0e977254dbca8fc84ad77430428f0692e55d8e2cab294b857ab51a2ce4a725433df28d9caba86c770743ad987bba58c0565bd18590931e283292889294b607a5f19d9e905aa3940836e2a74a2e94ff3062e85a5c6c978b5eb2b254bbcde128280e6cf02c11a0c2066f349e3c6c083965d5b8a9c000e15ff36c5bf3a6d42", + "sha3_256_hash_of_signature": "eb5bce04e4aa30098538f9f4cb0285ab0558234ece14c9beb5447eaf8cb6a45d" + }, + { + "key_generation_seed": "828b9804524bdd17d0eb387368b01b0e95b4960057ed63fc2289d858201e207e", + "sha3_256_hash_of_public_key": "0708623c7bc03ed42742648c09df674db9da4cbd5e374437805d4b3829c99e2d", + "sha3_256_hash_of_secret_key": "8227ca8803ac2446ba213098e326807a2fbf84cb9294eacd13eb660d6c67040b", + "message": "86d27c1fcdb8164f8909073f590d0a280e5ef193b0c42863ba518bc8a51e625658dbe2184c3353faeb674c991eed3f1b0fe3bbe50a21ec70e9f57b97c38d6e436d3dd577d7056b07a401ff0ebbbefaf8212b993a39281190e309ed0c50b269e4852dea85432a5941269fdf63766b21d25d8816de5e87ffa051009d232d6b258c5f43f45f2d48be09b2ccd8fc963fad81fb368502057afa7c865d62d932f652802a299295b29411439dcf832e8367a749b4d7adf7e8abde3ebfb844a9b1d32f77b2bf96b5d29fc15dae83ea80a990aef6590776ce1cb81587ada80b9a7b45aca3bbc54dbe67df090104fa196701280b97607a333a9b56a728710cc1cbb7569b79ff034572495181a92d2380a7ee5e9cd1b0f758c2bfbcc4e11464f1cc7d91f117319c30ccbf4c11e60b5dec724225b8d77b71aa58f5fbd498a3f49115687d58393be648805ba1737bb921a08d738243920c3834f8782a8256b7dd22ccd5f4ece86b8a0860bff21c5c8f0be987f2d510ed4df9cf94bf698680b7cfa22a575a3d1b5b431734b59a4b31913019c1f42dcb76a9ff32bfbc6e16d2fade26e3c17bae49cc415e4b370d1fb43ff652be62d18b0affdf286765f4f30fc8d6f2c4a58cd17b3bdfa013bb2daa075be5f522ef9bfc2e1506cc1c4d381b3342edc19c955a5fe48a712af5ace66a028d03fc859711c9d33231e48d41e58a2c2ad81da77529ad5e6b73e1ac96f0c8e53f153faea7903f917492a1d2b1203174a08551ff0f9f91e32bd0f31d606c80a505d5eb55265542db3653c2621e7eb3fd677f49534f261205f834eef1645af419ef6be5cfc16d54c7eeea12d2eb9458831f77fa558e4d5c7fe446ddaac3e1d502c941c95f572ad545ecc7cad21f0dd50845cbdedf589505fd34cd8c00d57243c3aa3615d84c39b0a72c28f40ac72da25ebc6987df5a7e390399463786e75d524ffb6c961bbc9301264bfe3c699101d18ada4a72d193971d54089e6fffa684cd3d77570ce0bb9179a156d3e2dcf266358499bfc158ac9a6913f622ca861c968ebba0a59a12674bfe39389a2125a02563b082259483e80c89a3763c0a9c3db485aebf22c844539edaa28a3fbc0053eec475679b741d9afc16b5fa109399fdd1fc3574df8a1292b8d7401aac1be452d38f97d531813369ee4c50f36736b95ae9c3e4f91ae85e2d664337daa40f75cced2f4a4d210bb4ee25a56dc217dd176db5aca43c002afd63ed8712d89e266674d9736fe4a9f202a81d177970411dccd289b25798272d2647ce6451906a4f7d46e87a46cf6cd048b6bdb62488a24f48d1ebd61ffa474321b929e0a7b6f9d0f6d777acc14815f343e1", + "sha3_256_hash_of_signature": "aa3b34d4843cc07188a670b5e9afb0cbfcd5879ca3eedd986d44b0e2d4c53a90" + }, + { + "key_generation_seed": "4a84ca5c3954faafa11ae87fcbe701ebb5afbcc5f8ecae7786d10821e01ada5a", + "sha3_256_hash_of_public_key": "b0bef67f9d9106b60802ac26409d34ca82d8fbe71b7e7ee7f9cb818b687214f1", + "sha3_256_hash_of_secret_key": "ad0037f8e78d9c44b4e76a8c19c7ad073870e71f65dfc3fe257d71dda94b499a", + "message": "56ed7708f98432fbc623424c2a3634780470a01784becff01bea5ba192d02c33675084263c4315420a009579ef80dd15eccbb812652421872a9577ef7d07896a727a64141bae7173426dd5a3925159bfa927ff1039e70f729847b48365b4d3551476206aa049ba5ae8f605847aa03965f058fcfd478961ebeed06530abe900042321059c297dacfe76cc12d52311b2ff8ee1231c77049e232d9fdb751fb27eb7eb6a373b4b1c06bd0ff46b1b208072c873e6f938e689839079e48c6d18f678769f5f28a903467f2ff2a8b02cb19df675a8fc7560a7d38a918ab8be083ec4e0ea148517ab90f38394833304f245bffc47f9eca771fb80b9c71ccd05fc3b0d66eb06d24b914b63d9f16ad2f2bc454b591d01ecfc527277ae71e3dc683161a53f129743f3428fb82a89dbd5d42f3eed237cd2f8d76de2e56a2143ac6b2ba811f745cc72132028eecd4412b76fdd87a2e396adce72dc69b8fe053042e798b220974587af96ba419da6888b13ffe217c9d01434347f4162fd554b760883e8eb1aee46c4c26b990c6ba10d2d939f513bf0eecade8b5deb8de2bc8c8894aca51e65aa696e390c11689f1c2cfbb70bc5f72c1872d99babe8de8fe2dbb446a8129af0ab8d9613f0cbf3cfa6ea3cc409f4a97581d5012707756994b6c8d4fe7f64e0f0b85a85d0a5fe23224dfd7abeba8e3fb2e97ad87fa8dd477adf48f64faf486d0df11ae9c3bd3a04abc962c5b02cda02d48f0b52d84d4920c116c22455df291a96e6adff91e3cd35cb8b5b4e70e3da8b87cdc969643a32b1f97131c5e0bae7f6dfbfac32218eaa596d444574ee85ef7c9998dc1088e5813d50a4377d29506817e4234f68b32ad68e00adbf6462f8d4e215f15a19dfde452f0a65360f7c1f20e11c42eec55565ccb23ce248bd62e9dbe8a7d6639028a92b422ab444c5688b5d191a4ba8956f358d131e2ff6dfc607accc5d31af9678f1a226530078ff9a73d681deb697670ddc3e9096ab0fedab664473dcffedf9be62a5c7c54fa2eb5059e9a1d38413b1a4fe6d531b799453bc7185abaf78cabcf65f365b00827cec5f29c4737047e3b2932a78757e9626a958486d1740ecf1ec17a01aae6adec5104eb934f432207ce31d7096acb3a0fe2f5dd7890c021892fe7d3f34596cf20b6b12fd55911acb46d7386f99a9e9ee067a45c6a1fbb463e63d69cb582da6ebd6330f4f80a1fa72f2ed24ce9bbcd967118cfc7e21f6bfb68a905f532bcf8b8befa03295d362b41d25cdccfc9b41767858f651bc56ab2bb4a8675513c5d6f1c943a20a27dd29f941ad141debaad219e056510bc984063fa0f389090d434157438bb1759690c453a2f55f72c033797a4b0c534ea2ea084b3b6f8966ac56b106fcc11ef08902f2ed", + "sha3_256_hash_of_signature": "c55c9abfdde71e8e4c24f4019f7ffd8b20d2cb65507a0f398daa71e917bf37ce" + }, + { + "key_generation_seed": "3e74ae2b1d49ee6f149076f0bae2d26a5cadfd5de7bef66dfcae6b588a1f4067", + "sha3_256_hash_of_public_key": "1ca9c6ef50c7fb582f820f882ca1895f4d6f0024adce134f132674ffa5765712", + "sha3_256_hash_of_secret_key": "eb2332073f3c1159499a88c2416ae97b4213340501efd185c128f652636ebc95", + "message": "e42c006f144b0b4e188febc82d63d3d37096deec9d3dfc3b421635dddb73c76f6260ff1c53222a50d30b26e2de3d16e3aa64c78604e1191bbc0e2553117a441159b2a35fc8889499a2efbdd2f30b8b4c6cea38eb5b2575926e6f22ab96ddb4b0c5c6d78c3754a1b6deba49ffbcfa7477be9a0f74ec379d1c9aa59247c091611573af765ae698d78152187b291717a9f03fe767bcbb12f52311215579352e7ceaa8654b5403f18ce82e0a73bfd5fec1063b506f44eb1c9c5a03697d03dcb2ae15c5095f292b4bcb130b55c19ab728b3232ef77d1594611573cc6bdaa254f05934a329dc27cfa6cd8c02cb51c3c295c964c40502fe2b1a81a51c866f7c7380bfbe339b39c8f51f73722a05b5d1e9cb6313557b3656863803c9dc99bb1905d7f729b2db8da23d88200032f36ffd04da11ffdf6277acc69c5407289d00fdc3c56b32d54877f4a8dc70abd37ec532b8617d9f3c535b8e962fb389e976b4d1aa12de5c1c2ffacd50acfff65201104648e0c04cf7c1f880e8bda1d68404ba67c4bf64c9d2aceef81b35fabce58645e0f2f61eb4ccfefde7239be408710d349987d849d40b3ad294b9d815a91848f9ed53b69f78d9e955f6d1fd7e38ec291664d54c2bc359fba241ba6abcbf5fc2502d93760d9f6b1f7fb766040e98bdc23a6047134a35327fe128ae24b4c7d0cdcf1801947a1821ddd7424892df50e2dd5c1e2e6c5bfb4467524fb45c7d977604e7e0f1f98eb8c03eee1d9a5796c8a801f082678940f076bf44d3496730c9a640fefce385865899fc33b5dd34d036f2fd5d07fdc0a40fb725e84ce403b46de712b4b44ca8801a1ccf58233c5da06719769823b5945849ddabca56b0b4ef9327c8b5e5a445e6853e5b66b8d590759d6b2db722c22f8c741cf3c6325a76d93f4fde5872d5732fb19aaadeb7c18094727ed43b305b87ae2dbaad67f90feb86498cf65cc57ea635340f27ae5c5cd60ad3c763223af877e65a005c488aa4af9309e1aa02002b01df8865fd481ea254015796985969997a53b06df0355a6ab3c8219b652b09e1f86a6ca12d27c4bcb9e8d35e6889198c8fed71ad5642f5f9f7ce1df270d68aa05467ef9acd9a51347af1ee9ca7c4a5d78189042900c6d561f68d410a77e79726dc123b196c78829f02cae7d0623bfe9e7b0d8bf84033086295992b77acf027489d51bc7ff006a8d4ab8079d494413a565e7f687af40dd18b86aa4274edb8845df114c0146de3199cb55f773a87ffb126b3a4d00d38835cfd2d6652c07f572f39d0397fcd62acf6ed9f3e8951348ae7e52a669fa4e2bfcda548abb1989a1d74a27b73103770290e6ecac87029359354ee4c87a77bcb5ceb10162dd54499905ac8ed442c173cacde068bc546720d1284015acb90ca19147694b53899395dc663d6683908f3cba29ad37f15cd3903c4c7f4bd73", + "sha3_256_hash_of_signature": "af064bf17388f01696853645b98f81fdaf8e004cddf1db778876f11209345b0f" + }, + { + "key_generation_seed": "39550bd2782d66fa95380f5f101d827377b11410f8bf3bccfbe0e504fc09ae38", + "sha3_256_hash_of_public_key": "82f9460d5a27613b948c658c7b13127aed95d4b01cfe04f0ae8befcfbf4bead5", + "sha3_256_hash_of_secret_key": "2e05c1fc286053fe21deaf318eeb6caca26c540a9010417078b5f3b647ae4398", + "message": "9c311ff20f574cd9b7bce1df705ae7dce6e7a621c935a6e57a59eb31fc443ab1e014ad332fa784583260aa6153c464565c4568108d60cc126f6e8ec3bc9120e5659c86cda8a31a7131936de7b3db39a4692808dc3d2bee8a99880ff9d1d5eff1e825a0f043d908d62a99779e013845ac0c21abe8e4df0ee901e4c6beb8bb36b30228b7756d617a8f30c16351d8ff91786f7406f75d9fb648830f88ea4537f42ead62e8790e9cf11f72c31d718221049c9aa35376ad8fb065f4809f4383a23c2b29425836c2dbce4680450896eeadee6b83539adfdf59aa4fce709d601640eb9a22dc3b41108a8ee1fccde9945ebb1d3f676ec8395255e125e62a32149c73451f597e1c32ad979e5be914ffc7c548d6ae92ed08501831e9007770a0233e5778f22adf7f1aaadf9c9a7c82d2f42989bf21627d3ef8bd0377a5be5c9f5a585a246a73de4340e6b43b36db775b34033962646c16f26a2b7179c40a721fea54805b9ec42177b42160b1a67341235b5af9f30b2703bff8cdeee5bd7ce506b0707a69f84225b6e5a92e80edfa235803dbe2cec47cfef0d9fac95c3379816a39f4550bdbfb45609c76d0351ddf8d61724bd5e8be94673b3013eebe172cace247d79925b12b5dba2f6fb72e797b2da849b79dee3db76775f5f1dd4595678671c7b18bb3749fbb0c6a7135d639f16b3864b5a251114de7e9f8cb02b4cc69902ec8d7d544d98e24a05f8accb182e2eb44bde868b077b1fac4726e8b01cdd0d024405665f7adb60a23fdbacf421246354e824cb74dfb35e57902794e459493905400d0a0bad51d8eb94efad55c67cd0c7cefe7a1b055f06371aec7f490fa685c611d553d8430992ee7b1855a9cb305b5ce53154345d7def6110ddbdb5cb59559eb664c6439e057dc022f8686f2aa0ca81552428437b0ceb5fbb5df254036bd2bae7290d947c963046771a39d2656312236569e775e7d2a041b7eeccec99c1b9d2757c7370e474012ae707ae00ac37b73ed9c8e1a2774e54baceb42e8b31bea734463cc15576bd4f7a33430b1987d62e47473391938312f2481838f286c4dfaf701ecbc6eab1a9f074c1f8d8963457dfaac9a9a8eea70c50ce70d1ba1006760ad3887605ec38861dc1a777d21e46ea169537057cdfe256cc08699d73b1ac4fbc62f863353581cad358b9c573d77585df6544e5d55048d66a352828cd1adf5f42310ffac022a25824430f741371027b2dc14717dc87342a74f0038674187e478d8eceffc16474a4aa8bda0c8d41962ef2a4b64a036c888ccf4ea628e1cb9ee0f9a918fb1b22b9367feeee0218c83cc7e27c5cb2ac64dc7e111e3c85ca0e6bd4f685e5ddd428e028d192142ccee3f0c8337bdf43ce4b62704aa53c703ec334fb56ffdfb81d7d4419535d17e5fcc0e6f558ad82149c591fe0357da15660f61544b4041128218b6de2b75d3801510669a3977e2983bcaf957ee2942e504c29890a81542ea208e1cec", + "sha3_256_hash_of_signature": "2fc4f6728eeedd77b1ff0a36879fe8e3fafca2c37593c3e1e4c740db1207767d" + }, + { + "key_generation_seed": "b18f0fdf9dc4f514107f88cc43fb29190608ebc5a2cd00b49fe20631761038df", + "sha3_256_hash_of_public_key": "f8f7d684c1427a268bb451eda1bbe43d24bd0e4a2829fe87b51cfb674803a3d6", + "sha3_256_hash_of_secret_key": "96279e07db6977d2478dc9e34479943595fca0e91dab78cebbfd3315c80d4d80", + "message": "7ff38725f35312d75e58845fbc33e112dd95d5c1cf78119cb413ac839377c7051bf5f17add1484f5ee12f42b0587ab41df487ba5e4d8836777b614a9931a5fefdc4ac451662b342d675c940061c4ff01f747b69cff585fc5317636e2a830140c0007f73c76fcab96195c86db98e5e65c733825db0325407e5bb059490f2e9133f9b4aa328976256eaaed2fbc59d00288d4830d99731a3aef36e5bf5239f2899c500f942b80b00c3b33307450ff0c105bedb7df84231c5d24c3c3475ae2f46336582de93aadbfd385c824f21362c19b1c6a75f56b69297fb3084b6164204e2348cb1d7cd3ab494bfa7ec8fe346251c874085f803bd7f4dde1995f0d3d17033c461d06b49ecceee0d5312c3a435af5bec9808acc524599668aacd95ecea7ef07c4ca3fab1cf964fdba987c345046e6507ac3d372bf07d72cab816ba627c2bd452ab8dc3044a7f0a01d8c0ea47904a5dd66c6b7ef9130d628a4f2cea5a0d05aeab7daf2729c1041fbdb3c2d17bd66ae293c03e77a0837419471c29691edfb20cf69bc6260975089aa437628f140a44fa2e2967357ac1bf1345e4208c33cffede6cd634b371e7745143ff848f77e5130d1e0f51868585509f9cd3b906ee0a5072ca2e908d6765c74d9b5c35b6ba784a3ea59d808acbb1c24d6c088ca6c9e17bceb18337a4da0c1daeb5d51efb35712a475d6c5a2ea51e93fd79f7deb127f3418f354df06489e10b42bc1f20651660caea17f67f306f48e15db7e67a1b56578ba7be6c229fed9567e128d48551e6eefa17af5b95a716555571f44fbc41ab29208db7c1846e130866d5c9be6f73e601c55610dfd0f67d98933d252059daa1dec20ae0e5bed6568a6322322d8a40e6835fa66e317733e1b465434532eea8fa76886b600e06efc1da41f8dcec0a5e8ba8419f0b7879cc0a93bd14d99608b5bea931d8971da8d2d89053e1de40209e257e741bef48c17fa15467f1312a368d4a061bfc76c2b7bbd900b4a34da51b7cb5bd6e2fb08806a53c0d60273167d822fb6982785f2c3b0ec7d893b615724d0193928d0ea8ea2a1dec5abdcaa904c754cb7747449e87221b3d86bd5df26e11da753e768a8b481c306e485ec91074377dfc68be74a444906e420c2d8bccd84be13aa5ccd11115b669c89e9c0ce374bc4059c696e5f8344fee467ac8c8ade37daf614992914c763d971327b60946943847fb6b82672cc376b780953b6f4433df69ac61e110fbf1a35f6272561193d8652ebce3291333fdd4d84b9cfbc60a57e1f8b817e84ea15d440d4a4b4f7e19c08ddfc5949fe8cbddcd0296a62f12f53d48b1288b80e24c756fc38e2fae9c7a3315d1c6da42ae838afbbf5569f633a68289eb7073babcb210f4e08856fa65057bfabc70ad3b58c2c870dfb5e1b0d11b6fa6d5bbb68285d8f9c21bd89669781c9f4dc32eb1ef58b80b1d371334d36fa66a2b3dd4b3e4dedba7aa9fb7e0245f5fdbb66cda653c5232a131ec1f0c21db1c47b990a64a24dc8c4da951f419f57c03ff506e0147c22e99461", + "sha3_256_hash_of_signature": "72c408687f0a9301201dea8a223d69ed9724917861675e3f6fffba389afe9858" + }, + { + "key_generation_seed": "d4fa14da39548392300a41be413ebd53bd7bcbd045b4d3c8ca44abc9599e269d", + "sha3_256_hash_of_public_key": "d7d081e312dae655a5742cd76a15c5ce913bdc252270a1f8404766b5ee3396cf", + "sha3_256_hash_of_secret_key": "902ef0b520f42d4b3cfced3108aaa8b8df36e9449a134063cc510a7214928f6a", + "message": "789518ee21dc99cac94dd5298b2f3eb8f6ab8d0705d24d9aa3012f217464e7f203e08e5cea9e44f54a6f73e88d81592826e243b7f0b2a1b3a06e5afde23a2985183a0e430e01c3fa90e9f1db7e69dd8e7dc6fb802933e04a18834c091ecd46f0dd423f532668cee8a12a06bbc7e5ff3b9488b8f4a87a92bb8d6f313269ad95c574245e06563bb58bff6169b8f4c333033bc128b91cb81dd41b831df5103b295f744ede95fc3a0c72f1134a9321836afcfd563192c343040b943f69c0e98e8d740c06ccf840cbfc6bf777c9561065916f13d116d758a151e8ff4c355363aae8e4f49d2a2e062a2bb213aff25662d95549b4b025e70aa3363b50d25af84a3e5b0ffa598ce074733ad191c86c351592299c26c0a4933573ef436b73dfd0c4eacf93d361afe5f824b91bc178ee8381b9efd52302ab8cad6c08c7e090393b9b8abc78af374fac6e60bd104baaba524e68d75a759b94176105a9cff2e5b9c3984ff61c5afbf22b8e1b9e4f9bdffec0b19c2a5c8db3b8b2c02115d101805c1bd6652f738f02600e38998ca41ba8955094fad5bdc34133d4b523ede66cf483f1cd5acd9efaa69703807410939974d6dc033bc696541357da9881a4fd1385671b6e4bb889c68b544175c1e2ec1395dff4cc87e037087c615caf40804d5f44a2de301961a59818173730a45cf4c2df172614aff7199a40c9ffb9957242a89ff86b36a4f4d60f15db569c2fefaf677b35fe5f12ad5a323397714286e338ff6b9080fca50b657db477a52a93b243bf28ce2743794c361f443ad81ebaaeab2b237ebbc572d8586c3eab1f42baec1c985d28bc58b296a11d96a04b0e1f7f6790b92e450248804f3f62b5865941bfd444a910f31e1d6b79d8906e7e9828618f960ec14124fbeed28e1f58a8bc9d31773442fedc5a220f3912d0b41267d427c0c15bb76f9200c54b5f050307e13f1eb3de92b864c994a3df4cebd1bca634710fa342e23d7c8a5bac1b58aa321e215e4418428206f05232e2bcd1b5ee1bb7e34e7d4c93088991ee9dd643fd08b0185a2f0aeffb0ef0eea3acb4ce234bd5479a4f4296001305826f23083cc9dc99011864f250e77e42a0de26ab09ff6e3f32552f6f913256729b357cbf5dfc825e91bb5d3fac1f729803d431d339955960ead69b1e54536cfd774341cdfde1d1f527da4e738b2e292bdc884687d1016dc193edf34a37d284d026d33698295e864196e0bf16fa83a35f65ff2b38b7030e9e63eaaf594f272e07941313d538546bc84671739af822391ca4dbe6a579a81f45ff51fa5b7ef49beee7beba4ae07452c13366668f02752923ea3653043b26c883799fe6352f95144283d946ca87143b74c8a009c024d073baab9bc4da6c87d35fffd753e1eec7f01944639e566fe17a6f715f4197d1cba58d3d153bda37d7d2d5e19620ff0842527d109333fa2ba8bfc491689f4551bee6c9d13bb9e69ee4f44b782bb05d1e48d293bc15b9fc706d52b021c7159ff7df80e55627dd7555795f1fc616830a4ba2c02fe1a19dabe088e460bf3c5a88313c443179c593458467faa468791ca74e9b1e759847b6939f", + "sha3_256_hash_of_signature": "fa84c29f861e88282b8e5c3588e8c505a57cd265b1e19010217a3c28f7b7aa70" + }, + { + "key_generation_seed": "c796fd12d1feb1df46b162c38292684c09059e4463cb95dbdbf498a4dd4f7f00", + "sha3_256_hash_of_public_key": "91a8e0cf6b5025339d1f474f7eebf9e49ed4170a1274b8b0abe1e707c5bd040c", + "sha3_256_hash_of_secret_key": "254a30f2aff26567df3d796e66e7d07e04eec0a68263995bf927f856d2f47439", + "message": "a4117808d9d05b702483924e99623e778e7a3b7623739ab7ac488ed93e711ebddec383bfb7e06086fd0c374f4668ab744ad99b8af1c75309b60f55dc03ff7be6f23187ffd5cb224068568ce2d06abe441557b04a5a0c2858c416f6f7aa89a96adfc2afc54e0f31416ceed005b7b140b342652dac7bf401fed4d94d475784936fceb4b4f334bb14ba55b1ea9a36e2b0591287eaf4aced997162691a96e7f59853e609eca9a225f615a49a12763d80b5dfe6f8638923c39bd652936b19b944d5116f790e866a61947eb60cd1f3a1f319710d0f40e487efbef51fb4d00f5dbb94810128215f72b1aedd74a1b1d237088de3098417714eeb67d6a3e6bb647b6b0ac6d0ba3089d4cf6252b69c414e2bd6614429b6fceabeba50a4b53c7394652acf7dd9403ae14436ed5fd4d1c9e238a8399a763806fef5c3742c55b7159ebf5a13b271428f91229c191d617808a26af9190f9d445bfd3b273702bc3e7f610854c8e86066be7757960a880cb6727cef19dc7b464c464a7dac9ae85b799747b8488a4123b6bc7f0f7c2a8e53fd4f8687075b4e25660f5107acf22ca688057dae0496ff15a3eb9379a9f6e22fa43c932f137e389478c05db86060686afeafbcb9ed79ae194c4146a48ce5e07eaf585279313851cb864a50075ae46c1aab3b3cb920dee2652f5afa0138051c7c980946e8d5e18c16789cd184dc5598f65875ef43418dd56e11defb5a4a6afbce041bb292e0e2ec563296ba4ea6cbfdcca32a18c8aa395515a83d0fb7819413e5ae056ff0ec2f63f1d52a8be0b334a628d00995bec7e46a34bcd2dca0e9c5a88e0fc8c43843d6ae074c699276293fd8db2be48885155688428c2f5a6c6c91bd4a03cde2126205f9ebafe319d1b4f80277fe99211a09628ad840046eb9aa568ec71252ce9f69827b677d9c0d99546df5a48a8d253ac0036ddaf4d045a70f94ec54bf5f06296b2c2617f2b0ec0b8374dd28de269faf739b1e55ae1846f548fb6c0403c5ecee3cf9d1927e317f0d07e11aeba01c240fe17c6660f7cb32305af1eb6de4312fdea6990da4e9135dbc0b88ad0ae0847e1576f3c2711b785b846c7a4b823688e4218596caed583a90dc46bb9b27e00e4c1110b65f77e602f043a8441563667691c07162e52a53cd76e2d74dcaaa2983bf2e8f02cc30b05bd4f9ac731931c59f9ebc038fafb09fbc886f4c4191352206bb49adaef9d74bd08a5b780ff0fa301343f5ea81d36912eccb0ff24bbf0be6a8283ebdeca79cfb22639da38c9c639c4bd66fe5a75f0414fcc1455702856e6fc58344bf02998e17e967183ae920b7e04f58aa09145d6da79b65efcd18ec55bb9cfd53914f80d73c2b08bb754ac63e4c82d44b72376a544d97394b7c99678758b15cb94e71f9fccf674b29ed5afdce452959be5af510d57f9e5395a576eaa1fa7ba9aa4122a779727071fa485c005b447760410dee20b7c2299b4a0d5d9e5e4e038a19c87806c3fb875ea5bd7f47d034d7d5fec4bf132b04e47574172d392ea7b371516190ab81c67b45fef6332848a51b6c7dba90c410a44e9a88ac082fe296a7435e7d2ddfc645d5aebbc29620525757dad1b0222159d658c7225d02374ee6af479fcf1aa28cd91b", + "sha3_256_hash_of_signature": "b386924eee0fd45ef2c8bf7ae9d7cbf3a891ae20710bfdfe52a2d41da10d199a" + }, + { + "key_generation_seed": "a18a366a5ecacae4732dc9e954333ead153203013bac4e3c50bee15269f983fb", + "sha3_256_hash_of_public_key": "ac4581fe8fdf031088a2561efe2caaba1bade606455f0008a7ec762a57b85b3e", + "sha3_256_hash_of_secret_key": "bdba29841dc1ad158459ff5e1e91fccbf9020f574f5ecffbb6a37a9c5c1f2aca", + "message": "e82f5acc7c1a326d430475357629d568ea3d0dbe131114781d5bf8daa32fde9f3cecd288acd14445678c5ea6d3afafce48ea3957a6af8d8f23f78d84130fb6419f706eadd430cc85aff48283f15602265059abb075e011e3941834ebe70787cdd55f1e604c6b86f761d94c4f5e525791333df6d43869d6f36b212a8f35583d38a21d0947cbe26fbe6a36e189c73137f2f2d89f48566d04d2dd9125d2ea4e0b2a7e5c1e9d2ea036cfadcf7bb28f6df3b7d6395230c9d39d1e7558ea25340252708be23ec6c0c9a0946c5c5af0fe037c254d1a5b2b70b8f916cf37945bef76bdfdfb19a0daac5a83a6357e986b3155cff31024121634c3700ca99e5ecef1f2e411c6621fed6092c1ab59860271ac7f431e568075d59f71aa18096195f30bbeb1a6bac20e034f83c72be0536315879f1d1b7f31d38c12dd8e97819b4803d02becd436b61d1296ceb78ebf857e34087ec8ae8395269b5b0770b3423b39638910d2a3ddfec8502389fd8b5b09ffd10caad1a5c86e7e39629ab09a4abcdd00fbb9821f92e7dd24dda83d1d9762f52a89bed6c20648ea04fbad4233e5920ae83ffec28fdb5e432929a41db782b2cea8feb40cad0b27903050b650477e5d9443a536ecdfdac673952810596f1985427359d9e4797cabccd2fa0c0a2394d853b4e6f8e150b3e3ab5136cf476605ff5ffa9067c0fe58a143b50b18b09256657cf091132d449a6e7ee79aa870e9dbe46bf840edcb983f585ec2856c059808e72b8c901a25d6afd5372f168d533052a6d26418e035d87d0bf818adea19915047c8d824a425a8c7915756673e0f5fccb1b4fe7c1fdfce505f7e18f023fdd32a605906ec48e0fa755b6d87e47711e158d672c5fb4cd3b8d1d13fe9eece58453987cfcdd87b621b870f3aa27e73b6fb7fc0a6757893b978c63b7723c49d1005a1e5b1a4d60c4a2fef392df7ef97f149b499164455633fa485bdf92f804a47c8703d124522d73887a2b032f10f45343993ffb009d69e80fb54b6999a5bdb2760f8bcca648f3c52bfa1d887ae49862db4cbccc7213acbfdc48a57c3da1f1ebbea828182432aa1c593c3e5591c825e5706a5f9503311e91ec3d8f4a9554c3df915b5fbe0516a7a5597ecf8862a8df286ada96c90c9f2783f7f947a18ebbc64c1baf24b29f77521a9ebe09becffdb902efcd024046fd3e6182bf0c84bd3a0a5410eedbabfc60114e5db28b0943d79f58f766e2edb16759850d4cc3a9a57ae073cf6f3b24d36a4365e2bc64674259170b6d11dff63d0deed085b6321c45f218e09351aa0d4155189cc98de5627a03396a067ab3fea2c133062e3823fb1cafa5d592070c8e82abe812979dbdcb6d2e595f33830ad0e8e2f9e6cdc4d9c74b8026ead1815de36772769c4e00806f79950a40c979c14a4bdbfdb79df1de01fdfcaaebc93ddbad62ba166843a121d2b144559064e9de9e310dfc93d624c1061bad3195d6c9f46db64c65a31e90371f9b644e2a15e01c262395269a9ae83f50776f852903f86e5518bd008cf1b35e78f910d48c0b7bbaaad5dff2375c55d56b8f65b922229d5f494edccd2d676361619fedfe6bf0bfd7e4c77fc459f181120c4430c409ba89d2e5a8c36cc6200497611d9d705da6ae1aca4e16b389d632a982e017e1dad95dffbc7a7d7191e7b8fa1c0ed", + "sha3_256_hash_of_signature": "7a8d0993d1511809f5a9982d6985aa1a1ba3d6081df3c580bc5e6dcd7c551db9" + }, + { + "key_generation_seed": "585e714d565aa66078bc2b12699f1e86c6ff30a1abc8cbd19563bcddd2f1f6d2", + "sha3_256_hash_of_public_key": "9c0b547d9e5213999c702500829329ca1e73bdf99bc4208e20b39ceb61382bdc", + "sha3_256_hash_of_secret_key": "cf465ed45cec7593e592f4eac1991d4a69614531de5c0a867c875b5175536ca0", + "message": "743e5d96b9b4c1469e7ad2b3703f711faf60ca335358ff3efc8fcff02cd020a443243b4169f9123351b6c36762b85be5e5eddf8d4b43d82caa615788406a31cdf4f7087d42db21ae48a069aa23a8f6d20a1c0762f973e526f011dec737e986cc324724bc5336d0362525757410e21046a12ac54f2237e68da036a5c1389e46a53ed8c21774906948d4c9e14f40519c54dbd02b7a4acaabd24ffd7f6ca4d6d582ef48940296d2893415e811fe7ef0801b35f1c594e6fea2c293869bbd45618b6f04fc26b55d55a0ae99445aea12f851b7e58a49cc6a0044f28e3eb838cfa6bac5df53b0db78be2ca2bea1bf2deffebd673a783c91a6c9ee710b12042ec2863a9b52eada5b0d32101bba8338f7c75cdae7b7fd6797b25f96abd53a24a7647a1c91610306ffc72a8da4d46b1778146a98bd59cea3173d41d5a53f9a7f9e282b5fda1afb062d8afb63cb19b0e76df782feb9f7fd50902133529cfdd7c51af297895ef6e1871afd4c3de93defa8fcf1fe67bd27b7eeb0cf37a6a8e09af1203922bd9b62672d4756519cd09dd9271ecd0285f92030a9fc81c09bf2fae86f5f50596c628e0be673571cbc2fd76c563e113004529b234fb50e9e3d6d1f814cb8e5b5cc3ea365d0bc7602b146cc0361397d9bee9246fba3a724c462e177d27836093ec009741abfa28379aebcf5ef09bbce00ce449fec3a3302fb9ad0f010ca338363539da545f159fbcd3d6a0482454023587a324f5132fb6f4ca602fab2cf6cd59104427264cc9ede8d10cd9dd7fa6133e65693dbf744443ae920994226e21d98634bc7f0710dbc37c18203efa5adb467b523322e21e4e686b6b85b00cb501ed84153baecd4d6cac9d1183e38b510f7b1dbbe5995bcb717529b83fbbe969dfd8de21183762fcded692b16502834fe8e7a7c46f84acdcd2c9975098cf0cde8ac0efafa449dc26840180dcd9353a2f1b06962677c808b07345e8abe95b8d24f21d751a4edcfa0e02ff077de64e6b992e8c8822682dcc7f03ca7582fe7c74e0a9822a02d888fdde1fc9e73c2ededdf32001e918771e5f511ef8f88ac19b76fac0c812f56938f814d712d99269d7802e47634e541b54e00f9eaf78a421506a88b4bf7332dfc7d79e8c41835031fb449507d19d5a8a512a5c527c95b6f21ee3e41fa43591dd9bd2e4293701bdafb624e0ea290da4b7a173003867c4cc3fd814e117b4eee283c58f5fb33d653e410f68c8962155b8c4fbc13bb750a0343737d1fab36ebc618a6a7c8e6f93855cb24937b01c438fa713d334df335d0745582f680627d8b94cbc25f0d12e3b1c27a3ed72e2558b800c19dc6b719b961e0fee43bfc34e999027ca1969aba4c45fdab9af01b955e948de951f5a1088beda43ac930fe99d8cbb3473475c444f43e928e1a44966265b38fadf9b1183700a95a81f85ea43e5c61dd9b2d67701c95583e8e3f15083717e1722d764b6e624505347c30e5e70163ed9a046c504ff534956e911294d2b9097bbeef8740377ef0d6c4cc8086422902bf63556ce6da8e33e68fcfb42707c00693a995d17680b76293194db217eb5a928303dcf1814e4a881b057baf2553ac4faac8e4bf23fd4074154cd4ae189ff7e204eedb8edd594cdc21b5b7d73a712b511d068f4d217c0f91f9d84c524d973d67aa741eb13fe922afabf79cd2396181143783030fd2d0cfefc877934d8037a4c32ae8e15b50a6fa4269", + "sha3_256_hash_of_signature": "c73098606a5a6c81150d865647a5c8be4db1b6d643d1a4d21295114f36126ab8" + }, + { + "key_generation_seed": "662cf70d3d5e95a9c6a33bd7c6abf0e8cd23ab2d2d9420878c4835de14a6c606", + "sha3_256_hash_of_public_key": "1411b918d7f6d4254fac84518bd9efd2a1002317687e794261fedde5bd25212f", + "sha3_256_hash_of_secret_key": "1b1f30e01ec99da34abffcaaa377ce0664be6cf9c535897ecea187c272d61319", + "message": "3382e87ba70ea986a044b0cba2eafc3316c1ac95a5f16f6368c210dbeadfae6cf2382ddf5078ad594cde3bd1a837c517b1a20a2099d938df6aa02b6c0e62fe6147c904bcf3ede51ddda60de7887dfeb2866db402d23e5934a74c9ce4852d4b2f53cc9bcdda312964a548f6f7c8320af1d1bdba7fd32ec6c86bc3fcb4205ed3db092fdcad9ac4d2b8575883e13f69d8c16cb18d1b9284b31823ece917c905c5c8b9d180c1bd87975871014f773fb57d402b8fe16ee312692665824cf0bce4509326a31957319364cd421e9b21bbc1dff663ed850858a2450c2ffe64b65e009a3999ce4504ba5313ba0ee4a8843349c30fa6e59fd3aceca130a37c04f9b64722608768973996112684b64d0c87bf95e5dd60661935831a6a1a9575ebcb2f64a15296be788c775d80523d6bb4267d91b0c71ba5f90ddf1933de898e79fc7e39d0a3d146f185214468da50aeb47402ab542e52ceb768a70cb1f749e4164cf20e549b674ce965ffbb98d874d34b5b7851e575e6c1e4de9c170a10dab84940af055a951260b0119f5acba320b55cdce4f16346905a2073cd9fefba95734e4f4dfdb7a33f292d45698831f1d3e9fbf56d9692c14a8f9887265cbb4441ab331d977e3a68a1bc9f406ae0fb1c6e91205670641b9868e2a987baceee2364fdb089a63b53976d600bd7a8ae88a02872e46927269d281cefa385c98ccdfa6609394943fac32237368c6203aafabde072054ab5a14a91391d5a943f4ed4a4407f275ccfd15fd28f1ae0eb6edcc6612e3436572919e4dfb57c049bd77b344d8e04152863efd4fae8fe3a7230aeaaaf82870820085f4b3eb5215111b6b8952cf2ff468b3d10f3af849f16e190e9560f40b05e6e2204591b58a850e2710f7043aee2a44a6d4a108ceedeb2d216e51102dd08751925de6a7f67bca1980f0789b34e2f86729621f2285c5d3a036cd87c76102e9d607c37ccdac8062ceb961053f3195b5abd88bc64fc65f8be34166841683f1eed291938f75dfdb3af4fd2aa98ce95382acfb5d5dfe6ef243c8a0b19b80584fc0cd533e38bd485d1c52e0eb5bff90c0a947d9b9095ac1c0ce9754eabfc860990206b981235c7b612db61c9fdefc0f14dbf68a8a0ea4986cdc4aabad6c218559e11cceecd804eb98446fb33eae47c0388bd8972ddac02ce807b707d6d188cb31a1d76d44323e93dac4f8ecf77e7896c052ef16009ce4d1147df84fd5785d95d77310783f9aeff1dda693f4bed26457ed82a1cea19d9c4919257e3050b25a7d1ce7561740ddac3fd93a607c79875e050e40498bfbcca95bdb3d0fe639dc7cea80e3dab3ad73a4265f012451c1bcc2fda1e1aebb7fb18407f31e7496e2a18d2c686b47120688240a2fb134a3c314d4cb422811e850524684ec485e061f7365494a6403af170da461a3bc32ffaf9143d5e9b17b2285c56977aecaf880cdd34f26120dac4c950198233a50654efaca6ea97333d2bbc024a5e668821d20333df0b712510100aecab6b484ccb7814178f851a3e6ba0b76f16c4685d5ac8ba48558d382abecbdcf0b919c1acae46ebeb5011dd0b3c22b539810720cfbe4cbadb111e100c09c811e724a67c66a1b89eed1e7218861f55a4dc55e236c6e3521dcb374437a14e8000dbebf0f7f9bf409af952888675c11326d9e3e8a8828bf50caecff96075cf29446cada373529d310660cbd60c042c143e1736fe7afaf6fbe42791a8db01ec0475145257fe2df766d4ea972b14ae5110b8f8f42d659383e9bd76", + "sha3_256_hash_of_signature": "5923586ec95d1487c59054ae557e9788c544c4d1c0c3a69c0829296315c5828e" + }, + { + "key_generation_seed": "1924a71628292aa3d2d34ea72e2bfc2520864205f54ec6f19f7714733aa34cc9", + "sha3_256_hash_of_public_key": "0d04ad99ba95c9b40f6b279fefdf8c67a74bcec9e274eb748c40d9cadf9cb35e", + "sha3_256_hash_of_secret_key": "f9b80cfa34adb792f9fb2cb0674324db845ef02481226e79b276953f8f930462", + "message": "67109894c579974373ca0054ed5f7c373b7aeb810721c3d9cefa02eb244ef6b17507300370adb24ae0173c6d114c51e05f822a770318033c082b6502f70012283eda2a9dc0a1381f145470e5d3729d201773d2aa63c18885a92c962bcd3628835391d70dc36273dfaa4966f65ad40eb51fb4b416a8d0b1ddf39cb932ec4503bea23e3d9d3b4501db426c6ad99c28d415fb565f62eb5c22bb043c8cafc42ebd1c7190dd32a5b14b571644471453740c081f3e3305f9ae70a5bd505874382ec0f6e2188563e763bb8d1bb8b16587ae25a6252f51e4ad02d0483c4a6e8aa2849c44629cf4b7c6dd6a5fecdab0f9b2f0b35e306c7532b64bd5a3ce67a0247d97024aafe5cbc13e375aa69b8287bba9ddc9aaac2bcf41a71e373ee36b13df9f829bbee8f48802dd9e03be42a5e290251bb130e0e2abcc4e096dd0f264e5d29f8c2388a0c3010e78f2a03f5ba1be13aa5e50f2ba67a031ce3f787754b8276ea1af62bc5fb4dd9a9b9bb84217a37eb9fc7aafb517337b30454200d6aae491e50d5007eac2150f60f640a5c4624ce6d8112119413731322bad9762bcf72349ee38e2a41102bc5461d72033072a90e82d105e6fcdaed9c223a4142cd55920196d7b1b9278c84b67a2e35bde3c9ceebb8e9007ba8758bd35c875dd5fa0a8fdaaaa9a09629b9df69afaab456e105dabf2ac5834b8d223b0a406e0d1295c876c447e8e09c93fb09ed1b3ef6e1f3b7fcb029f576a45a12620567e05f218bc3753109dd29ae0ade1370c0f871ab5ad8a9dbaa277fb869ee552e8733e73886d6dfeace6b35e481f37a516ebe191daa6f83e4ff453cf9cc9ddea8ee507af0e62ef3cb8c22949cb828e21c6aaf3fa9ac301e2257b0a054ff0a237f527d53eb757820af637ffc9f983a2b5aff0b4cc493e610314432c9c2f0ff73c4240d520d1d73721b429ce41807b7424b14f5eb1cd23d5562263fe1d58cb1d52e5175414800cb090242e240c3a7acad4c84dbd8abc2731fa2b1d9820da60fdb6baa7ea849b6a146e07af7fc201b3a98e5194bb5826945faca3690209e5726f070a71ee07ae76adb7e6199fccc81c8af7a463633a58873b4f7e65f522fda409979de41cf54f659e66cd5950a3a3e01570526c46417a00ec2e8821dc380abfa21384d141d259cbb9722f267e46272adc5cc4bce382b554226996f4a6a1605287276c18a48c8ff1a92ecd2815ca5452fd6157fc27532680022993535549bf9ab064052e6db4e9f83b5d0d885b94a90f59e67b9df0c321eb0f95ac07007e4ee33ba89aabeeeea01fd1172eca4e31fb02c507ffe43cd0d6c8570769a180e68a70bd344b4c992e7d3a6bfb96ac4d69c2d4f5efaca1d348dc1988de44b30da76babc307a88124f96f26737a85fe6047e7e485c7e4b6b99b575faedc9baca3e080e2b074cffce1f716c6a1d08234c45706d2883c6e5a001d02596cfe5b260de6134c75df3ac8bcf1919759e15576ca147cebe041d04e369bde70cc64157aeda311c8da520eae907c33e30dd89013e24b7b02e66c9f285bf7d5c3fd65bae24ab20d40addb451ab4bc4b9772d0b9039461bca8d3d2a4d71a2e6bfbe7f02325fd571fcae1fb47f855612f382188a5fa3d61c3e8e59ef016db0149c52e1c7dc84030e6c93c4f32da6ce5f3b8196affde834d2adc26cfa05940055401891519386bcd33d85584d74b2f16d8e19556c272aee8397a1741effc283dbad317740c1b67f8f4b7d2d1edd68d6615eac3f8e3cd26ac4f8058667fb388b19c654711b5b2eda75a9ab55174157cbe08c186a3d0963bb3011a9567bd499ad2a8", + "sha3_256_hash_of_signature": "933889d36b165437f687cd2c8c82e3a4ad1cde3105348434a1299f4118b816da" + }, + { + "key_generation_seed": "ef7ba21809ae7e0bc3230b6061c5fee206d805572cf1345198e1ef22a8fe7322", + "sha3_256_hash_of_public_key": "de3c66cc50fedbd8601f6bf8cded4ec9af28b27299ef66215717d0b0cd29ea15", + "sha3_256_hash_of_secret_key": "af4923d9bfeaf69079474e19685ba206e3eb7a9637ac19d1fd615416a70c8913", + "message": "061934748c6758ecdeddf3a2df78574a470621496ce3f12e5e4555febccc1a46a772fcbadeba8b2eb5231b5b15deda5a38076c737e5d091a8ca8482f84ec4a20a51ddda391088f2c3926f8e1d8b77dd0abd606e9ac25a17a86a5c75adc215c5030355c4a1b307c1cc80a3bc4a7d4b4044fd35d173a2c7c081318f707828a3438dabe0836c2d6c14e1643f05ef8405531d5594411ae4dac6f3992279cae379d7c1762b122037301d3ffe8efd1beb4e027e055527d485d0871f2013e7b25cc26531c2ca6ddb98b31f0ac2c3bdf400a0bae942c9d4c4003f9952b67af67e85f572edc3345a84b6dc3cebbaadb7e3c876ab2da16ed0eacf4858033bf5a4f739f9e083a345c2bb5d8611dae90d25ac45d8b3d39b4de584cbeaccc6f5b6e61524349b50e818bb6b03c7e5b86795d49324ce6b1603791f20b3500a1b8ade82359263470d777b35dba38276096445842ba5d5e960fb2ab58730f970a15aa42d9737c33be700127a7ce7cade024d3abca59ca49f9a7edf44db62ccc07a595016868aa97a140178dc92530eff864c24954464ba886db7d74be7b540baaf807f1aebd014680ff4a51e16e1391e32069ee823f3d23db72244d657233578cb7d29a33e6ec31df1fdd43b51742cc30efc54be83149177e7bcde4450dcd142eb2cb745f8865dfd99dc84ab92750f1cfb0f3944e4e4eaa41261a1e8c58d9b230add792dce20d2612823c0ff9f82e04b61e48dbb83f1a6dd5cc7f92bcd0a37ab3053803d1188029aa1fed9ba04f4c961588c9ad2ba7ef1cfbc50fa69b799898eb0dfe9668260ca5680f91a10d2bef8f108ab28fcab693ecdb942070d2b9b8bbb22609c8395c23d7482c31b69b0f555b7c079d3defaa5fb302ed92619c058adf334e845eb1c6edd903c0de2aedd3d9830943f8bcc5954b65df37c901a17ef13fa75b0f2c8c1d2e38681874aebfe90b463f2cc7831958fdc0de0446991eb3c3612cc00188dfc1078fe458d2e5b80efa7bfce800c6b4ca0e570fa5858859633551da28f36f1ff418a9b7ad18aa89b4612f9d676d5fd98bce6f144cd7458ca9f2bc732a36a4d186ea290a009a870da3c1f60617d56ea7554062367121f3e5e569503aa573b172c6278dde5aa4ccda79d9d8faf41c6c9040c1d1d3cb78b41ffa8a0180395439f0d1b72e42471a9100973ab3bc7aec559d94d2d6402374ba5a584de168395a156324e1e4149abd35c72ae0f79863cb59ee6ba22145e36e0d85d3caf8a427d38c96ce489cd0aea20d7960608c074ce3cd0494b6d6d5ec8895f0f03ce78982ad8fd6784bcf16825286c51325662f34726ba66d3a91eeb598124d6755da090ef863fa31ccd5b08909a3279a35cfdce24d2ba16f42ad280b029a0e27137a671c862b0e6f73ff4a1de320c4daffb5cd4ac3522ef1c10e8a918005535f355ce6366b43a757938594366831dbf7ee72f311be4953edd1ea1c598960745d3dbb7f1e2d882cc063bc0791d18c6376a8497f2f91389a13aa96dab78feca081d761479848a5b4cc2e3d015f343b9000583e95e785a45a06842d7c6c0fe9ac4d70f085503d7ac954516953c497635ac8b7698bb784f73fe6e7f9d0ab9473e828168df4ec142cc1fe18fa067525915adf0764e44292a0316ef3c0a443683c92c4661409589eabd7b4dbd43f54317ae0e3d1c69c35a7868991fa0bc2f83430d89821b91a08ddc2d314a717f5bc6f3d89daf163af73e10c61630139e3feda723feb2edffe6c7f364fba22e6aab75e267065b5e7575946c56265743816b2cf12a106ae21921e3e92bfb7ff80e105468f8409d6698e8660b5b05f3f4bb19a0bd4be3569d24f51795752be74c429aeca5be737de8c01", + "sha3_256_hash_of_signature": "502f213f3715506e3a2f082a83b9956c65256887af136c541aa5a2cf379b61de" + }, + { + "key_generation_seed": "cb0b305fb54e1cb23b63ec1f6f4689137e5048d095fb3eadc854c852ca86be93", + "sha3_256_hash_of_public_key": "a51773eb57008dce18bb57ca45e6b8a1e5954f206d65da5ef44d753324148f81", + "sha3_256_hash_of_secret_key": "c88e6ce100ba0d50212edf5ca6c066bc8fad58a478522bbb58979e6420212e69", + "message": "ae2638d944822298959f47b2173de7d1e58aaa622296ad4a4cb67ec7ead8220ac2f171605ba2d08af3d6ff5849566eaf96209e9e00cc28eb9a517cf5061545aad24cce143a2ee1ab7cfa259ad9c01860b33b0036f2cb3a5086861212f408c5f055d226ccc77cc884452b2670d89548ec1c6e98fb311df03979cabf725e78956af185447287bca2517f554e9f25e19d93790318efc5d2602fabf262e5c7fc307e5a991e0122e332a803ac4a91b318b30d79394248521190d2be326037a89fe918d139f763dc8daa2c3bbce53f04809f0d97303f2f1b88b572b3086acaf38eef36b4c0791b4918204b0e1e923bce9e3bb1e7baa07135b176e266af174d5df26c44842ceac4ae4c1cff05557da3db8651261be78d766699b1891cb825fa9a418c45bb9f7f2d347f3f92f9529ca6db94e2ffcc69337fb3690f556c5a44cbbd9d79f60aff063de68b14bd2f4b7e8cdf94f6c2f40219d27f71e8ab3d4d6872a5d4b82eaf8e3943a6d425ed04fbc5c7596ae929ad680b245e3d6a7c5ccd7fdfa1d14ef0f72b9baaef05b7b84adc02913ddbc76d5fe80de30527ffad1825ccba34f8587c5b0291471d6957ad99c5fbcf3669b4ae5930c8af68305c2d3e84e714cb9049a9560a3c94aeb95a252f69b68f755dc0e0aab52dd054b670a275bd2bad7ff8ec0cde6224e9a0eb537e95dab992c382d6b03fa045da402ce7c5b55138fb400d9e86afe30923afee82c4528d1b38ce16d33beb47a96c18428d919ba98c9782806d6f4a40b52f7f0989337c724be24e9a5430cfea470d02ea36ca479faead94a74049898d1f1be53d5ab8cc0cdd5438a7c55827131de264aecd18e5f5f2f9fd60e8d2d6f55beb27eb77aeeac2a15432a5f1467483be6073243d0165a6c242fe1bd7b7aa701a0827f286ecb51e4c2626dcbe95466bc94a7e2a09ab334fee3959ca31974b6286e2a2051653341623cf3aca65637df657280b6025db0c0377ec09e6e32010f0f59711a30496695d23728319dfd0ab5f3aa69025276e68808130659d912a53693584188e310b1cacc41af4b19fad8da95d4b35e2569053f553a9dfcbb8fdee1455dfa0e4f5e94324c86a24288ae27f3576ae15fbc8bed49bfd8521d77a61fb523badf0e3cee53799016c6ee4e1e5defc19c7717a5c41ed8fa6bf0e5811baea76676de03767a607735c2a48bede511012eaf1f79e4d2c3566042ff2c63bb82fbb399ce20e1f268d3844bb473ad7366ef86d064c5ba080fc0c01bdd2ad343c5367d80d2a058cf40725268cd34123c219d9109780335611b008ee3f8848ea9d174d7b96bd2fd9a04fa2b550dcf0b301d64c0764299d317dcd0ca05718a1ac008d86fea330095e81567e83bde31a0d635098d7b86176ce6cc4025e8628c73b394d9a45b09b64bfd3a424162b16e1adaa1ab60006847c6d5ca5733237a330147cfe6b9170d7b88834bb79f1fddefcc0ebb1d4fef326e28c41c919607bf12ad112807bf8582933ddb096f1f3e2bcd6bcbd844da317cea2a7688a5fbba14d84c537814ec2b171ade28acf83ea481631b968c26f8d2bf2c5af7d61a93378e1e23fc756e2f0ee79199475ab4ba1fbc55d9adc2b05888b2910049bca98defefe96cdcb67ca9d4aa5bbfc6ca0ecbb78bf29035d158de2a1708d98beb85c70ad1c64b39b387516073e2fe85bd9efa25cb048c224e0ef76547dca67fd66485a97eb5e56c06c78ffa08ec1c9c6f2380912a2585cbcba2cd702cd2b51022f63ec920412989bd743a8a8beb07241e3e8eb38ca14cd400c83dbfa6fc8e04f58529007a1477e9613291af877692e4ca9ae118a1902ae7b4ae7dc2e992a6495cd19df32ce64131a8d8c41969a8bae1d870dd5f1360ba9278d5b76e746faf99d526199e87a4b1d3a5c48a33989f103cfb2", + "sha3_256_hash_of_signature": "8838608796ec241ddc27b06bed1de5f90ca7322bf5f0179298b441a3d3875e51" + }, + { + "key_generation_seed": "f92ffa3a36f43f9177763ad320fd651d9357c6d99f09549fe6af12943b58be90", + "sha3_256_hash_of_public_key": "2bb90cd64e82e4d375e3d9364b9ba9eef85b9cdb52fd5faffe79630477cd013f", + "sha3_256_hash_of_secret_key": "adf7a225b53aaabdebcff5a683f574703b2d8f0ac65d405895e7707b78f9672f", + "message": "9d84e1dd28c513987d5587a4427853762b7d7af668ff9ec2e90211d6cf5c0de6c7e54b298c1a6c67ea9a693cedc4fca1a6adc2c6dd0e5bbcee7266b9c6ac8fa8af5e50078a6151f938161f1feacde4d8079b5a9d563423258cf3ae9e47d8e75740314f2ffa63865a8b30743f773a53e1aedeac45caae01993b75c8116fb0b431631ac001aa8bd02e5b83de627af0ccb3a3d86f66a7e5fb658f9226df31095780a6e8262a247d70f4e7c971d108567ffbd7fed0e16b7ffddd93f5764c3e02a61998c32146564d46589538b2e071af86a26321a3523354f4f0c396b863fc8e9e2e3a173901d0d178a9d2828d0e0974b72cedfb17937d6054f185a81d4f853787e6c3681a74fe25faa6c256a9f9e9a9253f98b9ae4b8fa0068dc28bc7e8d5785cfad20f7ddd643dae6a2ddb02713c9cafc2eb2fd18efdeced05cc24913061bdc38e932db5e8181fc0d3de26a94e2138800b3c01e07e83b3b0be187edc75da576af1cc7b7122367effd6ebf05f4c2eeb0ab6e9f91201a4237910a87de9fef777981d48fba28ab8d64d76380911f2a6621335dfa96b331ae8b3242ea1f2a260260244196b0b9596c411218a17d0a58d3b5735b9ad7b6259655cf6e2d0fe5b37d0a0b02e67951f5d3fb277b6e1ec87528b08229ab0ebd895cba2d075a47cc8100e9dd17de7d951bf0a68d710aac21c8226d8ca95ac49fcbe9d493a8d3c7f93fa61685be57ff422fad036304f317a3dbcfee7a4610c8c1ddaa79e37c19d6414f47230e01ef1cd5c7c2ffc319a29ae6a9c95b06c603f2cfc1d1fc914b036cda6cf9a876946983b06123c2e5c7d09bc190647cdc0512f35db9e214c77d3d7d0234c3f2590941236a367700f9c04d3afb949dca2067571bf28e78ed35fc026bd801c4afee9bf31c97580953950d2e81ee6426e78d6f8134ed19707473f0874367c86c9be170be63405a9bf7c46a420724b6ccff9c21b015e21bb02c5a7aeabca873b46571530de56e47288c3424da398517abb6502a9a6a65d4983d97e479941c44cf0136d225991226f70837e2a7d1e9cb1226f40bf59d52c66549bf8e360096954f5875c466160a0c75a252e5fe6b8f1841fe210bf08520ce74d77b69692086ef50bb64732f19d1a49e5800f077700553290635d418168a6b9e3ae980112afb9d58a18b94f972845c309e86fec7e456191d8760a1c2106036e44c5c9a5f2cfbc67d741e8e937e99ed7820ab0787e39c385356ef0f05cd3e31c44115a8892224197b1d1f554d5098b72058fad49c665f716a266cb4db6204666e1dc07b6cfde0ea00345661e0f94a5025d2ec98483cf482058d2eddb018cec11d91eb46b63971ab29367db46137cd7690d5782e3a3ddc8cabd545fc1aad8a9a0a39542aec55cc3d58a5bb5e4a559db1fcd2932eff6e81c8b8e5ad5b4e0424a444bc55d96df63c8971a5890310fe19dff8acba72d96fd3f32d67d41a2f3d0b343489c7fdee7556012c2d88e2ba9d512b71e7d04f92e6be3a9386565271d755bed752c853e4539f95c3287a275004f76b9a93837c6efc6760be4a39b8aa92c7605ac369472fb29e11acad98fc91b1b9bb3505638d4d46a3ae3c10c8dc115c35725f06649bfb00ba1ef214b9f2fe98be2da99ab23e7b9f014f5c5d0248a9e0e088ac175c8048c6beb5108da59dc234e9edfbe603ba912bea22505c2a9eaae766ff55aac8392aea5c722df25bc6c9fcf9b0275df71206a4e5290fc5e71d79928e357400dcb04efd7cc9bd0b86e04bfed9bdbce5787e40fcd6041adda615b5ecf03c30ab9b2809e3514e9ac87226c55f259c5f157945b0073431715e1740dcb319edddd1b5f2763f0439cc0d6ed5867d9d98c227ca3008f30d1b2aea40dc73ff8289e4a21586eff519520f888e7e2f6d29a269c12607d13d398f437cd7f0a07c94ee1e1e3d8518d0c97be1e250d79c5ae1709ad8a638f55", + "sha3_256_hash_of_signature": "31bc2d1d9d4fd9f3da505cc8b9af0c66a681a983948347f66b7a6e5125db01c4" + }, + { + "key_generation_seed": "5d3cce926a795abc5f6632cabff8bf66275dcc7e4a4ab3b8399d23e62a28bd16", + "sha3_256_hash_of_public_key": "2dcbbbc258e762b83a427706079c9db738b27dbe4fa92e5ce46ef651be1e28ab", + "sha3_256_hash_of_secret_key": "ddb98f2095ac235e24c0bbca4ddd67a10d9f49f0c30d456cdd51a7e7db64a6e0", + "message": "af2860129c08a1a9c7a7bb3120b3e40afa1a4a09050c8483e7511fabf3285544d4ce3f41401dab8c17da547f6777a72519f6eeaac83016fa0e0fb0b33329dd02ab8eb1f291758074ebb5b7c4c102b75ba422821e6755b37b914d689d84808a89cf88f69a446f489a260ba03ca52a4aa14e8bcf4bfe5134dd2918a88d67329b9badc6ada4a3071fd21cfc45235fa0a1b82d91c5877f10ae087464251c8899732aa7fc8f6c0a5beaf4fa41e64ca97932925a06e218272500249577705804c6dd9f0f61dee6aae096be0ae5e67923137933fe4d61e9a88dfd5b3bd75aeeaf5018a5153985e2837ad1aad5eed91620d935eb9982dd2364b5413f490bf251fc783503fa146300e6adae0682e0597c3839c645dbe855919bb1cb80c3dc6e233909017bb31f5adaee05ce442eef594fc15fec3a2b4b81ecaad1340b0677f27009290ab3ab8788556389047f63c2ce9390658e151ca85baae45ed2fe12b6667967f6b772ee683ac2e7347c7b0efa332b3354b5043cb86200f8e4249f68030844d00a86faa7b79a4129ad676d1e9d58828a1af4c6bd68c29cc23002e0a0313500ba717b8756d4a18e41e381df8d7a999a153876db876ca4a508486a4f331cac9cb3e7c416c6329713cab76e1c8b63a8cad46f8eb1e65116f89a3b4eb8faa14a73097ca71aea3220be7fb7fe64919893930445d962c309e23332e4b3ed8ca768ef0ed46eaab199827ad628a1bc20ccd9f61bef67f7fcb017300ebc7493a7ccdaedbfca5f91e80b80decbfd9ead9bf22fe16b563512c7383d34801c504202d7a0e19821ec8495016362edac165904d2bbac484de1d4112c3a3e6ea56a78785b7caf2a44b5bc8becbc50bf4b521c1d086086feb009c06acb8fa0f53e7654fb02ad7898e35e5f3a7dcfc50124ba1f30178c707f4d36e4e7758c4cf82747753cc30a836311794a6a9017f53abd17a1c9647ab38ba56aac83c1812dee8a5a75c5cc958780a3e9c3c1f39729bd365948f7fcd8104cf09660060fbad2be9b8d8e5bdd22286eb0bfd4010681ae7928d0fc008e21c8f877d97b5b9c7a06c02530fbc6a9d6fcedfedf68a9682177757cdddffa6cb9086b8330e61851e2761d84da37635ea8441e3b23fd165ccea562b0a3616b30ee5fae00f76d6801b22f2215d80829e01db2c0743e3074cf26c96b0eddf97d79fb9c7ffe9b5cdb891f9e61fefe7e1cbd28fe25b7858921c8c99c45a84b50a8233037dacc20beeebb9b22089ddaf2ebf0698498da694f75ed2463d09ba2c757a986b8ca556cdf46cbcdf288c078041d497242f66411f47f35a21918855f105f24686076fa21bc1283f17245a7122a848b4bc10d996b2c5161fce0336b2ec747a4a07fa9851ac5423d1efc4b524e795b2e4bffd1c5cd21f5fec954824dcc53bc3883a7f571a9323dfdd2682c4a4c54e8862f347c9a8897779170b257ad26d90121dde722a3f214a44cf6c5a5ddb2452a2471ebe7fc8d0ef7f1edc7920cb42a71e4db49a0168d51843f47d17bade50dcb340e5f7b7e5b6a6c3afe0fb26b5ea172a4011eee838e5634e521483c6edbe9994b0658406ed8f4998c7b4e869845cd16cc4368da3bc1b025a6ffafbf540133c372d452dd831dcad39d61cced0a0ad193fa9886eac749001e3bead5a7962275fc62298a1bd054f4bd97acab2bbfdc355c73509d98b6de5b4cd774bdcaf1398532bb3db56524cc047abde6880c3b282fce0fb2ad7e4c5f7bc138b48d194e8c8036df4b9f3949e912afe5d2734662f27583193d0fba2b73c1a0d012db853bbbe4383f6c391f3220e1b5761c337a054fc9fdf09c01864b87324a90c776efbf5d34a68dee38ebaaccbb61b4c79a58cc848184f605d43cf9d40be90c1fbcf6735270132b59a636b16ed28111246270af32ea2cb7a42a084005aebb6161002e65b37217361bc269f5ed12f7d50613c82934a6d1d98d1308ac82827b7504f3fd351e0aca1c62843c9219023fd092692ba4b83be198ea", + "sha3_256_hash_of_signature": "94025bfdef935c4c93e41b769c3cd6a331ffc51544bc126a2258346ea6eb80df" + }, + { + "key_generation_seed": "ba2386ba92aa89049c64ecfe60fddbe136815d3874527414b63ed32215f2e06f", + "sha3_256_hash_of_public_key": "9a0459c3d433b7fb3af87fda17eb268926797f054224da322536dcfe79d2e108", + "sha3_256_hash_of_secret_key": "fc9bc531f5967e5dc9a301fce159f0b556852eae3222891eb71eb0ac85418df2", + "message": "eca4505d43235f274d902464f4e763312bd11060f908621a063409eb42faa6bb5e20facd87b8ff41767c20f69b1f7e05d5f3a957f48dea57dcc91824fa48da6ddbde7e3327a0a8d46a47606eda01e67cea1f29bdc5fba446de60541dbed6f73d1fc5f49bd77d45285d3d8ca93f6df25aeef9324bedb40e800acb49794ab05e6d0aeb11a5994fba36dabb9559cd93cf522174061c116cf31874a18c46689fb8c075079dfaf73ea0ea7faadd47ad8ef68c06af9738b41be771020fedb79ca3d0165427b58e547105fcf82a12b67579d1d3aab29968817068732cdbc5a2e9e8d55d17468d03f38d564f5ac6efe1538e4a680e9e15e35ab54d07b6b58ec9ea7815ccf29f4f880cbf1946f39556bdc2bbc78a5134fa7a086ddc146ad9d503a4ca837e0823bf0728453f6b053788c69eff8d11acdf5f07282a75cbd17f2aed58e39d862ff056df17178625234ca7e03d22aaafc4c07e3fb08f4297b511b10579934d2761fbb600c9454ac05fff80cfb93de3b9e0ddd0ab1e494de477da2b5635e48d5bed5ce359e66a3ac845826be2b4bbfa6d825373bb2a4e93aa417648d1cea755aa4978784d6d9489f6738b4da03faedc659408d9395c934af774749a498b1406522351f86838865f53cb0157247484fd37ea59ba72ff3226aff1eee353abd34ddd63fcc89387b947027e04a6f4ecca1ee5f6bd1ca758aa4f796fe839338164b58d8e5d71e6d5cdeef6b279ef15a7bad873b12f7c5b3e2817c37bf00802d2534d425d52d0bd5935bf8658e5bd39b5268cc45d0f27cee5a57300f497e77af5268970782030e6928281379cb14bb56d2acd963d189c078c7a60e98a782f9483ece7b4871a061277186a01e878087381704bd72c63c32cbf2470a561c22a5dd3a1988b7ed0d274182e1b075af277920b362d612dc7ed82057ebfe51a3ca5a9a9a45de015c460be6a48cf67c820813048a1cea0fc3d7307f802b4fb7e523e7c8555fa56dcf66237f176d3d973c47f55af93fc4bc92b98b7de89829b1471dff53b649cb03b719db58daf824daa2de570df6314dcaf5b705557f9d783559277a754f3cd5b783d5a577ebe4a065d320284b01f71540f1986bcd443cf4fd480dbe06ef7710387cb5185deacb5c2a612bca275950b8988f247c4b773d8983d87f47d60f5bf80e6e7baedeb14b5ffbc46893a81c63f99f511d3e24fa8f7b1ba66a7db0c1d9acc6b5010ad725bdc2282d8a24018c975c8b12ed3326f48194d4ff93ebf051204cd224ea39f27d63fe07cfd0162358b412dbfd4715ad049ee5a31638d3111af2db7952f3a973646612712a607ea35826249d14cbde4380d8bc986067b1cc27503449fb128767986a406585c3d40daca75c27bd36117d2487bae82cf639ed1fa016add279d109b8cdae59eb31e1f006cb7af000a267e8582e55375cf6f06d1a47be9bfa21c8428045b9df96808ad74d054820a4d0873257eb318a3dc9b6d9585d973e26d435345b4d699a952c3092eeddd975fb59474212080d03ec489c695f19cba4d1cab1ae8d2e2c730b06e657d33722d24222ff7b613b6e8608e8a6003e11c80239ff431b5d8fa52b84b867a581798833590524c7b84eaf6cda9ca94c5ab8ef55a1262eec5c37467807c89ff7d075606a3902e7247e9c6646839c18493584d33db65d6dfc0f23e68c9d13fd57faf4836c28926693dc3ee372de27a9d3e4ab4229425ef48cc410f1792a51c9f6fa5316a1d9a7c99979884ef350b4882f6045921ca88d4e44b435c69c1aac11660971c2a3f6480c79e6e146c0b5cd2371bf5e7486ad7d0be88d62a2ae8f0d73c17cbac86ff6bda55a880b182a5237498e9cb343a9cd82d7784b72473d222e688d13cb81b2908bba854b9624a11dbe8cee9c3825c1bfba476b4d23d0b0c325f1c498a65a3589ea8e8df8dd9030b279ede30443cf80367ceea4a122dc8329e5ad42491cf57ef47ae2b15f9c54120966b95acd727a4a2b686b00626bc808f43d82d20deebca79b074a7bff38d2531ab2f726ac7087236eb3fb4bec8a2d4207dc84c", + "sha3_256_hash_of_signature": "0727ae4e553d4ee5491157f485bd4931e01414a14cb4864361eee8dc3be8dddd" + }, + { + "key_generation_seed": "b4e1af25e8dc6934ba391a89984a358702bdd36838babebd982638703f20eef8", + "sha3_256_hash_of_public_key": "7e2d9165009257e975e785ae16e5b63aada43f500c393f2b85c637e007ff60a4", + "sha3_256_hash_of_secret_key": "7537c48998c62a19920df92d5698982ee79bb8baf4da53afe57124a00c28fb57", + "message": "96e2865a0e602ea4e3c5657a7f761a6f771007989ff885261f5638c14c1bf80aade34cb956d2b5fa1ce38fde831423201d3692e8e6f40e68a68c085dbe3c4cd8e35394f74072f44de98a74e42c9176a86ac06bed8c0ca937db4c3bf92371106b7a68ea8fde1d1e082ccf522a397401ad0f8da6c82bf76eab8afe101c7ff023a0fcf015b40ada0073363e7cb25260c18662d651222a4ccf1b290ee6f7b111b9a963211d67d7674b499449f760352feeb9fb7265a5f2f7f20c0174802c7f48226d92620d3e009e85b104230c21ba2fb0012dac4bdf9fd184e09cb3e593eb1f3eeb418a8bf3173e6cb91fd8080c7e80dbe6730833a4a9f22c52716731c7cea4f70cde0f81d2d9aafb6b60820598a7f6aa1b963b7686528e6e7885ae085c3d26c4acbf9fc15080d972ca841175b343e59fed79ae3cb4dbb4f0d7d463bd3e0c4b2090139145b8d7db5db10abfa51dc909c5cf7809030d72a5090cdc765eecade2b365f719127548ca601ae0d21e402e18050acaed30ee13cddadacc9373a87a218787b585319a7e66fbb13851f7ad0d2bbc1efe6efe4f7ed248d844f58b6a5a21fa9295e0044982af6286de296550f72b5e416373f1dac006687ded1e7d40961e5177c207579f25e77be808a6ba33dce8a2a6f88e97ae98ecfbee5296d4a170e3574d9ba592a384cb0545bcfc32b3831c0b736ab77440722299f192dcad519523995f71f2983ba87aad2261e6e01c19dccae00f8d6914501d1ac3d4aff0c12fa125ecdca34dcdd8407f0045f8e8be0763e19eb007ed4dae36e30afb07f8daa7431b72f4a0a8017b3fde27123ac3e8ee575f8be310f68f81b696db1fe63ccb8d32b899b209b2205956d209bd6e48166bbb4372a607e83c47698db5ac8f9b40d05f38efc4a4a1309d999d5ce1e1a5828d56eda4666995897c8e6362d0b5054f04bccf79d03852d1003c80ccd55e9f4578d8bb2c8e220a4d7a4e2190024c85c718654ccf174ac96c1bc50ea49f961ee7697c88e6bb718679f1d1f1118376b31a4b8c0471f6d7aefc5ab426515d1b2cf0eae66246b3c4132a63c63d7e33eb9df8d8807215d58f46ee832ad3ec893d74e00c73510b9625f62d4eb5b500eecdbc7d088d3d318077a4a0f7d64adb13220232c08da75d23ca7b20cb109c972b7c159863991c32508339558b9383ddfe7e7dda740e5bed0ebd14ed300c634db01f359f81a7133669183eb187c17a2c8ab855bfce73e34a1f59adb0ec39ec0c7573ad3620a819333ee79d5e09cb8449f91923ef4c5e21549eb7f56075c014e1c3ad2805e682f07ba8aa265745cb600a460069678745fb9638f6709d62d2dad8defdd5a4d0c2ae7401292bd1da5f40d4cf5d59a403932ffb677237ad74691cae29fa31b955172efc5e83c225f2dc0430ab0c909a97bfb468ae182ecf91e9026de819f3440fbe69b9de26f812ff3f3ce8037f124ab368b1153c1cc127d140f754c525d4799e1a19d93b90460e6518f0b6936dc6310b7e9e6534b595e00225978214ee5aeb12a6f45b5c73fe86771818843ff7a6b88379c37165d9dad48affd6fbabd11b1fb90aa5a78918b317c5f9b2ced6b9647f130da9f91e1b1ceb84f6e1618248f06d654e159f71033072f1517064bd96a5c138402771abe7f39f53a798c2423b748eb7f310485d6376722e204fa33b9740e7fa68364289a677c5c78a19a7707d2549bf9329334478c64351fea1634388acd4be57e4abe9374a0e999b770cd81b1bf4a8ff300c297b116ceda1a4a1c1bd5a2275581a0589a46142139fc596a1406d16293076527cdf9aea2d0919f9678423b7d95b153dd1d9d62b72a12f6491a36604d19e7bb83c476d232769425557d3480623d40b7ac27c0f67d4ed5ca4d487be915a68352dcb03a3929a4bb795248ebe2fbe0612833d9305a0a31d195718bac193fc59b880042a7f61358104a919c7e7c210f02a856b8b1057dd8527fd4ae1ea81f9e1bf7c614ed8a312c95154873f86632cbd60c65176f13cac695bb4c23675331058397d6e96e4f9deeb859e3937553d94bede3c2b9a5ebf00964a49ab294bccee09e5a97381d2375941aa775a47f726e9", + "sha3_256_hash_of_signature": "084d0fa2686e89901511b2a44bb6b4dad6e4c7d00641a1155115fa651d1337af" + }, + { + "key_generation_seed": "a62875a3a6d305e120dc7975962552126cd844554857c2943872a4e524a6eeb5", + "sha3_256_hash_of_public_key": "86f7875564568adeb70887c6d45b5676318fc2e3af6178bfe5dc913729996231", + "sha3_256_hash_of_secret_key": "5af4ac0b2c8745cf21a7e3d0d82b007c31ab27f18f4fd1c934e6274dabdd8a5d", + "message": "047e2d484d798b3829ca6037d6c1588a2349de09c5ddfbec987652cfda01454ed791dbffa3d9da13a35230adbe1b39b042e3c70589658a03f75447c1cf3970dc10fe5a4a9e980f2a33b642b42e5e66e9ac4e7a56888fcd72913a79489b5b163bd37b8c3c8d242ffeb37d0c1ece21034be9e3685798c2ebc6b809defc02c6f0c2a3ad70ec0bad12d57add63ec3584ca98e680267fa514b34de4147c9d901b59914d49ce9e0f885855ed0ce7973f3307b675408f90b51c6a4d38a414d970eec989cc7900d7723e19acc4ef743f6d39eb1b563b8c13d42c0056b6c49732854925b606467f7bc662d17b924fc65e9c3cdc2ae73ff73040011a152b05ed7f96b2ff4cc39a22484af72812ef02b08ef4dcb64c8936e74549afdd5d876027fe2b431e61e52e8793888473f4c1e5c1bed2c4aef8e5e300a735b302474fc6f54869984f1a62dae29c7c9a0ccdecaa55fe137ba14b5c5c121e0c5eb33b035e01f3415529e0826b27498d7a71b0c086bacd140c02a5948aa54799d0dd0ffd384c7e68578247fa28d205b18adac94f7d3c8acb7daf71aee347b577d97ee8e7e865cf4fc1c16640ad1e9d0192aa13ae81a71118408e145b6121abb75b4bffd1d403057d4ad5cc730452475a7f067690bb81e81e17ba8dbc31059969b20d387ba59ca8ce499e59a65c8583f29cd539f4f75ddcc68c7bbbc43c849802d8347143e2fe78c1ab6d7ab6ba9917301c88386b294aac995c24ad680a8c3bdd7aebef21e84f5a1909a2d83a8dfe46a75f4b2b47614cd39bf3ca3460de9bb5c37eb7349a17ab32214d031ce927806fa394470f407673b0cdc3d9a7e3749f09ca895d464a4269682ce6ddcb8fa0ec2f05372c73dc3d06fa6f58090efbbc6d619a7a565d4efe441ad7e018a7f5e1384b88eb4506fc54e0ab0a8b9ee3641760ffc08f6bda78c12396473d1243baaf6ae10316213115441c0b65c7e475b4e1578d066a47d9c6e92fa32d0f2c365fd15f5a2e88a81691f039dc642ecedb6652d08acbe64625b46083ce758fa96c142eb34477e065aea04a45ff4fcc3e3d146acd7041f5f7e4c6b26c8205be7b66db46da55556ce02b48af55a4710bb28b8ce102cb15c1a4af59d9a17a2dda6e2d1e96987f6aa9f4216d8d5e5cbff7e2cb775e83a776063a4aaf937bf0ec84149ec1a7ee21f735d21625e85831b80dc11ebf04f30b13e3a7e4d4784c5f8c61c679e0b6863958f42ed31deaffb4c272a3731c1407445ca7673d225eb6509469dc6c1f0af43eb00f18b3a210aa57d51169f2a9fc251bb338ed4e9ddb19282dce871211d26482e13a8d533dee00d36ff5cea98dea72d9f0b32dc398a3d5537a3373058faaa3926c127a1ec739faf3d57cc1a05d578074a3a72c3f2b1692c2ba1f1ffed943e7bfcbf1e664c4f52f7bf8d86174ca8910c290c06804a7748db21008ac43e653d7fd7e0c982eda9356f68ddec26473956dff281f7b767010c57f4ad09a05063a6b3ce078dd32f3de1f40526c06a2d60e36e2c70502d5bebfd2f3bfcacf8720cde1657b9892406baa3df01e59313eb655b6a545331eba01bcdb9c99e4ad7fef7438ae8715fbe589a2f99cb9ca34b9610b3ce5be38fcf979240698174348417420aab069b8ad5f646f82958a136dc9f2f81e601056bb4ab5e10f4ebc4a00e18924c51d0fd104078471c6805c49d92c78c832ec3f10d8966e19add3d3b4516e12daf4f63fe6bbd228062db743d1f867800854f7bb7ffc2caa0d01a0bb683e368673a8e664bbaa17a8c0c04bcff05246f9c4f3020510a992ef26fd0933bbfde9d042862dffd33a6465f590a2287d8154777a89724fc3df9f2f1b1ed8765e7c7b761ca4781006822065703ade07a6e874e70928e1aba29ee490690d24f6e73d96b85fb53abfd1c1fde439279e08fa232043b2344b267cfe5901c60e7ca14b0c85edcfa2ab90f341821d2b4e25fe23129f2432db932f23b5957706a433b308fb918d1c8d81eeb399babe95e7229ad41f30460cf28671a4508b0bd1c61f48cdc23587bb9bdc6f565e76c86547cb71396661bec8c7fc2223751f765c91c45c674c36b49aedef3df2537f888904b507edcd89155d40cb81dda74376bc9cdcaff8a368f1086c99ede25526bc53f95f4017", + "sha3_256_hash_of_signature": "59a6cb2b728a422fd283804d1723880fc6506c04fb802ab9d68016bd3c39c207" + }, + { + "key_generation_seed": "76ae71ded1f9e73af77a2feae4eef80f87414dfb7580fb4ae0325bff20d74a5d", + "sha3_256_hash_of_public_key": "4b6ebe827515416985c9eb853532e408fed8e753b48d1564a68029b6d83a05fc", + "sha3_256_hash_of_secret_key": "c27e524d40b55bec917c1348c920bac22a3bf7bfa7bb43c8b2fc952d26aa9ea3", + "message": "6a58aa820275a2f43d0f05dd0ee484af42b665ffb8f21db322abd256a5c753bc8ff6a2c71467922e09726655f1a7218e736752065c871221c0b9dee6a9d56b78a1c3b7357774396f6980226dca1f91ba828e06bbf324d5cce8d584d9d298261c7149899fc9f74d501e920f22aa34706a79213e35914dbf57b9642a42ef0d8226e31adf89d18c5f3163adecc79172c95650d764e3729edaa08c207d930c26df8ee1291c1cf889283b70af00c0489175f799273c837b281a5d1284e4447ed72598efae23b523274644da19bc0359ba59e5be9e5828ff587c335e136c1d789257864d2648ef9c03d1c4b9809dd07ceabd865254d3d8d597587d71e374fc2dde89c22c2330e8904f6b53f637348434a21aceab9892d5df8ff84cc58229782bed739bfb13448896f7b1064b499087f7547cfc0a49272c2a670a9431b1b5a07284b6749ef834510a3ec0c61a43d5d0eb48c8f487947c4fccefcc49deccb6111d617407c76a1b4a849c9a190310711b102f142f9e9cbb29f46447265e2c8ddb9174b780eb4a51003fb68483a265f2475d5bf6ece18af0cf31bf24cdd56583e777c4340086917b78068dfd380466f43d020e285ceed97a467db96bfaec22d80b4a6ec0dbb98cfc44436a41cadc85a90b214f00990d7b7010bbe4ac94809a0450c9abee5aa4037a44b0b4debd264120e762086b8d6f17afd37086c93a8a368be97e0f7546af16d731c21878063e38df3dcf3ade6dd2daa43c198f49b5d9ff5362333f29ec2f13cbb90dbe4e703edae9a4f7334a1c5ac60d5972c4af2ba61b63c93bf719854e615d16ba4f704c55260a8838679815fa59be08c4243cacc1a584cc1b4e777fcdc6e5a167c4cc9093749ace4836ae058be89cca3221a3f63f07089006e4c44e40653bf262945a640d8c2a24e7cc3529e4be76286c86ca2089cb8d4684508d1fab81eae7d8c731b65a22700bf9009a3190f5ed837ec22f9112383422027aed838f16a7740cf79ec101865d320e380d4aba745acc8eed376dc5b3aabe58debc35f8e983c92906aa2e3d8fbbe237325302e2a23cb1312ea7f532d64e79b9815996d28e0183eb728a37e19cb219987576c142f4b2f66ac6c7c77028ed59a8df27f78acd3910ddfceb88888b4a604e5d07ae1b53ea6df6ec2163ddc4bab422d2438ffa543b22441e50e4087fde4bee6d79d90a2f72548ddc41c5ae07dcc87666ea3c4b89a0b14afe03b585e7ca507e5f29997f2368b0c68c6ab6e344c082bd06ae922cd8089634918d9132df9cbd665a4149c59bf76b0e94f66481766fd79054aa80c02e0ae04a6e2be090582171b2a9af455cd9fc302ca9d1ec837ee26e0e4d0ac8f0692cb9abac979b58ca92e5194ebe46b520125bd0b3ed1ac2bd817d3510e33cfd17058f865dbc64e9b99352b6caf10f0a5a47449bf927a8eba06d34c80d77a0b00b88b25a4c8747aadbb11ba15adf9c959b05c4371cd8439fe5028e004a2e1d2f21190466fc7fd56e9ba0599a0eedd98246aeb4b85994787b7604cb52f5515b42c2fbd4b5e9e372a36cc4e66483dd884dfe42aaa5ee7fab200d8ec6e3556dde0f9e9c7346f9967f8f3cebe1e4d1cd8e6046e5e94bbc74ad3d51db0dc704f4a4025383f0391b9da37bca8ec59e807593a4f040fbb186607280967e5048cab92215dc783d9045f7a0922008628c771778661e97e9f88ea84bdaa8ba61126f71d193a2a564e3acde7adf2c0b3d5b022eb6e0c629782b0025c9079d4545d88aa2ba27d10c5dcbcfb7cf648939155066518878cc54a4f611aac21bd3a1ec628d3352f049915fca55234b9146ece5f78fbe7cffb35695363202edb9ec3501a93b4b6fc81b3dfdb5245feec8aa54195262c2467e15506b7d42a7ff61d75998722d0208bbfea05ce7d2e66900a9b34f44c2a21257c220c03f9d6d7f0312a36f5c12da20fb5290d5cfbc1dec7d05c44820885c479063ca88783c5aa128829417ec4dd41cf83a1d991df2efdfefe375e93f0371695e353ef737f4a75106211a5f70c82b4f360abcd078c9e829c82a6b7a36d22b8d1f6e3101ba009c759fc83999d52e29b387a8dc1658a43ec4c4d9330a4ed2138e035ebeae6343a76a82849e37141fce34e9a41eb5ef88bbb9257017ad8696c3847fd77ae103a082ed1a05de9420984c147aff927e1950244912079bdbe5cc07", + "sha3_256_hash_of_signature": "57941ca9a7e5a2ab8ef8786a091102d8e02f6988c18c7b9ff25412189d5e1fee" + }, + { + "key_generation_seed": "a8f65be046001a6814f537915be3f03f3670e1169e4aaa6d7e726174acaec77c", + "sha3_256_hash_of_public_key": "c3ab8a15a740f773dc9b9e7b9aa93aff93ddfabad798bbcc7de6b24d8a7ec00d", + "sha3_256_hash_of_secret_key": "9016fef44e1391494a332467777e428b00e764162aa982a37537f3915923eb4a", + "message": "139ba17ed7b476dbb1cdfe3c42b3a57af5bbcb3be19ed04d6c3072fdfe917ecb9272d59ee89ef83522531d83aff8b9934a8423315c350d1481a4b02980dc29e1cb83b76623869649ac40ef297b153b679c327bb251c6e6bc169c48aba2a439f9ea24ef94656a415c3e86d7bcb43cb3717d54d773f1937dc8b0e02d4e6abbb1c83fe73f1b221c9a359e454c19de5e71ea4cb8c560eabf1da133ff20d81785d2ecd935b99f24840761446c324df81484c5c05045c0949df8d0f10f942e1b5b79074b358c25b6ec2b0b42df65d998b666cf1bc568e7d737f22ff541807be95ed85a9980e940e24d2c506bb0f9bee32effd85a2017de694f61bcc2b292595c97ff4c2145e48af8f0f3d71763b4db433ed7bdb8dbf8643475fb2b9155f0cc6a0048c5546900792bc01eba4b06c83a0c447ea0cf05410de55acb8e5521829c89bfbc084cd86e7ca3d701283b70f78e1ce9c3888ad2689e0ef5593d656285066f319e155f86c0a71256484f42a0c40e7cf13af0cf77c6d1cc7231a48538e9060a7863b774c9cc65e321e45aacc002c0170eddd18cc1424159d46bf99d08a28d2dea8917d28d91a1d6c409d945a5eea19413a1adca40de9458fa6bdf1e5308ef9e67e1e90e9d92bf19b5351fc49dff0a31e035038aaec651c0f20f276e4ef0ee35c14bb625eb34205516d95abeaa06a7a3bb3af2f12236406689bfab11e65fc63ebc5b944818dd1d53c0e7b88ce7aebae581d995ae7d8423778dfe20d6cea7ac0b1b4efe2b9d571de77bd8f71e89d9f6a2dc89103b73625887ab376bd12ce89a65e6280515a44a80d6c32799669260167da0a214ad0fb803930ab1952d93360b54433ce8220b29339dcf2702581e88952a5a1549dba11f4ccdb6fefd6d24522f3207796c8d5ba9d1582f888f2500964f2b975aed5d5af83409ff9720edcf5ce3fe9b6b586b08de21956e7970d8dc28f6208a80f5378ecbc506333a1d98c58eb0e2eb0cdece0f5d16a069ffd742d1e589f546c4f2ea3da0a56f984cfd93f5f2912fb1d068f2bd7c1b5e979abcc62e3a0164445398f5c0208e82b99aed1200d36289b1fdbbf03e43995341aed3ad712cc7c7530c751b40b765073ee4e4cdd411ae543ad5e2793f294320e9791ab35ae1697f23ebfa0280b8041859909b0089c101d7cc429408fabd2e073fca7f2c2886031e9f6a32f2b596a799967ba8a47e87dcc8854d45ddb6de39160600eb4235f4e3424d75ddc8ccf041aa05b25b5a3811540ea5b77cd8d7d611a63bef5c26d57475b28e961645aee0b9c8d47954faf634017787a21a671493e7c5f1a4c553e0a68ddd726db1ded4321dc735332fefdf2a84c22097ab3552f878e304598ec40eb349e1c1ae416f94112a2cf8e8702a4c3bde2f58245166550fc238e153d10f90652518b1d84ccd3ed836f150f1ff103976e743137da5a97a61276dfb0c11d071b240069582265a9cae4987b6c6b017dcd1594024d7b1336ff141e59936ec4ce5410e1b73ba6fb42d35f8999225cb1a135260967f4f6ef2172d53fa6ab6d1a2e3174b46c24bc103baf69c2128f093aeceebe8753eb352e2804ee64ae5140df1acdacd8f225b3c9a61264245b8e5cf759cddd75e25e2d790ffae8421515e0cd6f279d0080a3f80bb2e0729c0d2626b6ace31ce20bcda490c7660d04d1d82e6403000578926c52d8f9a4be7103d64e0f03e8f148bb2236781ec30f6d8bc827c107fcc40f26ddad485e6135bdc3bb331be139a07891717b692e23312d0e5b1c41f30c3b4b4700effb481a835ab54340269fff365ff87f58245621acfd83b7fcc6ff108132d8966f9836544354f7e216fbbb851f390dce8a72362f0454730b90d35ab3859763aee35668310fd501c7501f4599563006aaee9b636b676f3dbb6787317885b0f4a64171bf19cbf2ea7a625e1563032c196e1292d82c7484817dbf78d8e9e478fdc4c92cbef48d4cb4f0e6dcdca6682dc0a56c3e45ea0350d9ff88073748305fd7df3a3be8c055cb1c55167560d5c99345ba80c21ce791c4a511e384a02833b78e8aa02b1b877a9b8d806978519d716c611df54ae8ea2691540e87c6e79eb006569e02745021bdc7852e1fa4177e2c3ec89257618b38719cb07b0ba68f600236167f019694959c2ab6fb39d5890cb176f6acc3b9656e495c07027e3d4de781f48c1f1a8aa1b41449689e191e495ff3f263ddaaa8de0df6f1a4aa3ef1f5edfe437bb74ba", + "sha3_256_hash_of_signature": "a51ace96ab4cda2665a83f48f18bb915f604c03d69094b05e7f237b01c9bdbb2" + }, + { + "key_generation_seed": "802e08c14f6e3446bbf7f4666c8ddf7755dc718c3e02b7865ff33e9d8290abec", + "sha3_256_hash_of_public_key": "57552fbe8781d56f6b41953007aa7d55274f62dec86ca94a496712092c3e684c", + "sha3_256_hash_of_secret_key": "52b6e270dcbc852c39c3b28567a545cce79c8d847e5bcacfabf0bba12a8bccc4", + "message": "edd4da833528b0511534f77857ffd16eafb1a2ac87e6844612dbb104b9f32025b7f54e993d65ce85a061b6ac6d70a15bb42bbbbb6e2e21aea55bb8a556120eb15ef35fd9774fc7b5c2894b747d3e4965b77dd8d5b26f38d413662783dcd332765b4de534d08d6514ca9dc6ed7f2bdb4b5c437178710b04491708836cf2cca08f28582107d27ac305ede6030b1f8aadc4a1d29ad16cb4d739d8f813d47da715cad6b5cde24ea95dff4415b527dd900442d9ed1ca712c58b206d6e79f8aefb882013358bc578638225be79b58fb677277f072aebcf8ccd6ab61a9d98a3b260e60aa625d78058fae6028e4c5562a0f3473c3ad530bc4471228f27502a8f8fe2d1f72022103c3a2dea363e68248ed8693b3b066b495561cf4468e8ebf32b454e54df1766468ad3831d56ef7eb9c231e999c4cc3a6b0ebbf2c4f22820e256f67497427f53ad22d42c9293dc8682d0be3517b63c6e871910adbb3406b6b3b1cad980aae47bf9686e80b6e5df2daccceaf9506b4667271779d00b4c1065951e21f2acf6cf3cccb8a633d1114ce9d531d94420e4ae496086638f031c0baab5722a41a66788d3885efc7fe1c3db54bc69e35b7489a0237a37afe5194b5f424f792cc1d696098bcf327d87ebc50429a95ed82105c4328d0095a9775589fdb6c262fa51ffee4d99c6d1a68fa661d1b6a0a2e0693d73b39218a6895bd83fc1d54831b7df146fe7bd2a91b979018787b9904285a35922e22a7f1761bea541eaf21d74e3a2f3c6f2247b042379ca4c553fd9256dd0c63e4c9dea60912d02fbe4ce7762069a86cde02a4e1e311b2afde435da0816aca659bd8c0650c1f118c0ea3622d72a5e96132f8b0ff8458c757648bd46e58195faa0fc4ff8fa44238e35a25c9807b6229000ee560d8e085f27375c2f659baa5fde302b9529bf4699505c28de33ab5dc2b8c02967947cd24c6a599acb5c2d1e7d6bf3bccea0253fbe11d8043fed532aafc9ee1151243bb80b92be239bc4fd1d1caff502951205f2e6393b704e67141e1218963f664fe0759c15e6c0a1b40602a73990f040502867a9eddbd4db0e554aea4bb9597949d5fb32c2e3af92cf7816bedad5ede1b769c823cabdefca1d1b85213c79eb03e065146b58e3bfbe80b4d4683b65ad1e0611372729b99a0b93934d52dde40c19fed5a2b3dc3030e0b5f26b66474a5cca6d741ab294bbba6be516105c08bdbabc97bdec2141d035bf6c3a71553d6f6350229ca2626b8b0b56a24f2d6eece436ecb77a70d747b6a6f830578b4792de533879b174353424e7d0eadf6bd5a74b36a4e6ea7e39a4215559557bce7a00faaf0d1f81016f913a10f3c9f406c7cb53282ca8fd5fe4f5fabb96f891583e0507912ba02709764694296a5248c340a1b9ec3db0f926f438ca96fecd40c4ad8daed9b8a29691601835fe14283762236ef2135443307e5f0082d1c2180ae96ed0dd99a6e9172088e8b94aa2952ba5e128b202b2cbc1966e69b6e6384820d9ab624bc71788ea84b4adfcfaa2efa1ddaa8855d1db3f58eef2d54fe11a8a5d78ed46b58460e6f2fba6cb70640700a4520aa1a2a9b336aefb17cde8ac78d67f194662642a0107ce38b74d731380a72ad4a0a068f09e0878e521f15ce8134780c3fd0cab2dc2473448654f88bf1fe2020901b90c0ed670866b1bc337881292fba885fe2bfef6fe74765ca12372c8cbd698ac41a4c337374587db15affb511d8c224f1743498d7173897ff5b8d070b89592bebe053d5c10dce67ca8542781ae749f3a42fad7e4a2004a565f81d5faecf11115c270155fb8af6aeda138b9c71458d6d2ff63441130ee9107c39260469521e020d2b42cb5a51098027f23890dae8b28bf722af9aba6224e02feb47e40112ccb164e8cf174bc9ac4c11af9b482df9c9f7f5f1b826428c21be395eb1f07de511e8258c84f5f035f4787ace18c190808efe99fcb455a54d366dde2e230b575ed5a4a75d57c9a38dde3d91d0d1a1c4de7f277caf23e0c5dd8e3b693dbc66b6bf1679b0af74a2b9065b64cf0978115cc456af685b22d85135727a8aad96338611dc109b36c85a92e4a0180aadd1d25c5b3d4c681a44bacb953e50f994fcf5281366cdec0cc50976074d91840b5079180cf643184adcf9e4ccb44328e7bb9eb2bd06dbb7a757c35ec3dcf795a5e05ed250159ec453a1692426f624cc0737f691e475804f155e44293151e42d3c0f115ecee53c6eeef69788f7e8e5c422bb102237499f2638244c0c080b3639a49ffc1730ebb0cfd8a46", + "sha3_256_hash_of_signature": "9c9d6f1e6ff7fadb4676ab626dcb8639e404921263fbf27c8ccf58e75da6a652" + }, + { + "key_generation_seed": "23d7a85a824df3d904a511281a973c979f67f5bfaf3ab0546e85d0597f91120f", + "sha3_256_hash_of_public_key": "3c3ae93144e4babfe2540813ad121842b6d5583b583b6061b0865e2e3f5ead75", + "sha3_256_hash_of_secret_key": "78104dce8935dc519710265852aca397e636a8b36d6dc977617033f20a045a69", + "message": "d868ec985f946f3c31b6cfe4811ba530eacd0ed061ec383c203b2481ac697b8b88bc0f72b635027e443ab1f54478440de16e596d30a0f1252e0af54c0f382bbf5655bea8c6b9a2f6382d003cc7e4d4f223f8e35ec87cc543ead52e0e1ed956cfb32e8075715c07ca4817c4b8dace68c8b0da459271746be41d6102b3fa5e49aee8d443e78ad3246d0b9bccf6ab7cb7cf72b8a847ca16b435f0618594400037179441f3bf524231f747d920e86506e84c61d4d038d42e82d52d97abff896c1db1c646807156324f7b68db620ee435c7b8c9ac8b193b7c892565c3631e297495bd3b59293f9a9cea5e29e23a242b81dd05c8dc9dd669424573298c85870b109c7b593bf864b56895d81386466ca5cb6071005781fb214f1eae9672d0d16351a627a3faac49be4e13d552340328323cdcb4703bbe07c2a39d75d7737d5c1bd04355b8694432dfb7cb4f1901550c7d6f41080c0f6a2cc49d63a69243d137a78260c06e7a53aaf4f4b086e0220ebc5361a6a78c9b2ec09c2ea4ec45a41065b4b2daa866d9babd71c8e6cb378595f068edb258b2ad1f420b304e5924ebe273ad6d00684f75b6a31dc5290a37d0f9a848b1fc4a67dd9a4fb1f9b4c6cd45e87fab4a09129c9ab95c44703b75b54c9ef9e825928aca56527d79b338c5ac639d0265010f3c085d2b09aef0e4f55d080fb5ff79f13e8e4e8db020f4c095140d46a93f2e4811bfbc1393ec24f6b7ef31f13623df0360b1e335fc42098ca1efcd0306c5fecce942f6e299ac9ed81054fe452d3f63991da42d5680eef749c02fcba78db5f4f7c734c6b4d99af79711a0bab723c24364ac85700242878cca93465f286d5f7adad7f68f1d38cd6c6e0575a36f1e5521e420d348d947e745c2355fb5fb0f12dc6fb5e9435cf8e552c174a617151af8d5e7d469ad5cd741e16eb88ea6d7c5806b08571697d22a525c2e30dff608c921b955d2a990d9466829385de0a81875be564942ae740d15ac0af46a876426ebbe481738be19be06f174d975ae8dfb52a94af9a77e56267c0bb62169165ace155041406caf507146a02fb760629cc4c0e7d29108cb7c779455a3ef359bb6198ac75e16148998c16c9410dff2dae5f3c79da61d371992d4a151ba91dae8814c81eea4f78d23871326bafaa349c8eb57231b590f1ac13f599df5b39df36455f05e53cdc4d025410e8f8f8bb74854fefe0c4f790f58434309d36c1e7f3935d4f896368c91af95ec2df292ae3166b83976abd95089b05b461d4e9171cbb4747f3cd9bab04e5a3b98095754021229b4b820ebde63e463f2ee479fbfd83cacc61878773b129cd4b3e9afbaedb27c7fedec2f2d405b99933fe2c203d9949c567a7752aef8a7788d2375900e70315823daccd4f2a674196835c35ef813826b310346abb16b0145cd70fd0a04611ed5ad0b8ddfca6eba6b93445038c3dd23d3d15e8899f9c889af417e5662d538e466447e514a8897c21fe0be2ef18948b66eb04051c0bc961fa485422a66d649dfa86d4b3dd504a89919a9928ef96fd467713dccc1f19ee69ce3935f0416d9c5752b7dcf9272d2db86c3eb6f4897d94ddbef7c483fcc66232e535a8b0a5aa4bd443493fe539a32d433d9e89f7758db5b0606a96455b39f92aa788fbbe43cec8f1d36fea3adfd0353ea5532b49a7286381d985e018e6534005f605bf67ab4aaafdcc499ac0882fcd9d90bd88053cfdadaf466e536f2ffa7f18b3dc254e42fffc777e0339181473e2b7fc844b687eccc0eb543a54211084b1ec06b0d9eb0a0c96b88d6585f414873c13ef7002af2d47d5859a23d12a7d401ffd4bcf642db96c70fdad0cb03a6098437795bc9c7c6c804a26225eaa53f52747f01db4e62471a21dbc1ded9c4de2508812ab11f61f6364fcfeed445ffba549e45e641a80fb4b58ee20677c7d6cf0526dbf4e26d9e5afac5429b4474dffe709d09d766542d65e668d59c836bdfd0f78b846bc412f29da00291871d94bb5e6557d833c8db3d9beb37888c3a70684adc6b063fec3d847c42e0ce20e05482db165ffac5d1f2c661b9db6d19fb3e8909587351b25f2c225cb26bb137bc52d04ad8157f7d634f29a3623b4eb53b4ef9a78945280bca8c5e1882fae373eac69ea366e2f13a9fea75a6b7eb5cd4d9eb14f68a231bac780f84200146ce7795282952382e2393f0c2a99de830d3aa517dac4ac97f2aad3f7f8e3b49b22b078e3708c9cdd1b2a2a129656066c0030d747edd646384611d4eccc5b0b9df4852af7bfa94f6dd7584f6285ca2ea7ed3f8decb534e6d31d7165c609fd9ad235f5af8e4e8e58fd3d248d822c202", + "sha3_256_hash_of_signature": "9ad91d44331eb779cf89bc6f04d896f642068cd5bb336ac6b1dc8e943dc3de9b" + }, + { + "key_generation_seed": "771cbb7c9fbd9fc5db93e3e4de6c034e58be9bade93748c42297142124696234", + "sha3_256_hash_of_public_key": "14c18d7b0ccc011161e3fadd5fc2a6777e57310145b188a7c4b42474f4552e22", + "sha3_256_hash_of_secret_key": "c0e85b731a8f6f0640043ee0bd515353e86261a44c4d9250353b639623cf5faf", + "message": "4beaf8cc3a7c393932cd37a2cd8ed790f05e4038adf1287e2acdcc0bed9bdbf92ce44aae95caf4eb142b858e1421610eafc47de566182835bdacd4c836f19bd686d53c3834efd928487a2ab3402c2e3ab3af97aa802b05223ca6927722c3bd1fe3f8c20f93c3951f907314896cd21cb99306fd7e5b6176945c2898b10c1df62fbb2680752cabc8980b5a0430be39d34bb7de9544bcccbfabab709c11bfff5c958c8763d8d5830235b49ead26c834e63c3f3f2d6ba944fd2688f6350ec99daf4cccc42c6be1cb19dd46514d71cb6e887dba80edb580b27f1142a20ea0d497e0336d55f1ffd4bb3d4b3521f0a01c7bb09258971d1ed4a98ec052b24776623d7b9a83c818795e3989eaeba8c9142a97afce855cc6ac0aba15f0546684ab5c2f48b23bb72a88b6af2ba9c73881103cb6fa99e3b03119eab03bc3b9bc365efcd7b9f49a8bab6a34a00aa8f2c88d7bebba808bd97111ebb192d82ad244e18bca732fe6f72fde5bd533e4bccd3f50332dad3a4169ea85c324d165413f10888ac3b21b91de09fcbb9b636ed00faaa669abf6429b78c3c04f239722f31fb0b1a20cb1a6b553908070ac13521df66772a6036e6695cf66b9a90e2111e499bcbf5dcd19744f43deb943445248a5e84f168e7bfea2dc4e1d0a87fb4140eb7c72d2dfcc27923206054cec870888a79938dacbaacf1f122b22ab5c9701d777bcf9809cebc9b7aac52468134fc4a92c2baa9b8c0f6249130a50337f460a42cb5364a5e7408caef8d12ba6934ab645de9832818f9db71f5eb0b158de6a76619e75245b56020e1664d8faf1c1782de4a688d4055e07d842410600e9454e28676d44357853ffa7740200c91eafa16bca21d0006f47fe8159a733e0e91549df434ef316e1df9bb97da6a2c2e2f20a65b3c00041a903270cbb55ae2432aee25c71ce73bc2322ccb8e5bd0e24820616a890b0851d825d79411c14948dcdf48776d72565422056fe75765e50736c82f71270bbcf229a7b7a45dc88aadf4f84238c896dab889e16c17db7be551ab24873fda82f102d0fcfc139c9febe9fa99819cef0e2684dfc5c843a6d496d8a595d33c51e1fde9a84059c7bc596d32d53e2fe046f23fefa51d13f9c28e227f5e24429b851addbf578922aeb0c5a61bbb666d11d127ba45c9e6378c70d75643de776483582e034e81fae0a3f029c47fb192cfa018ce1f68261d77cfc9e05ef19438e47f3de9a68c8dc09d07b1bdc6ced69592623750f72ec2fb8c5ca981dfb84b4bf0734377ee9dd8ef5ddcd96f438d30ab78f402ebff2163d43345ee8ca119f3208e21aa3a2185de967b475b9abfbc86465275f9a634fc22015e94a298e9c204e9786cb1ff14a5e99f942d42ab5df51ad09654083df0259aa1c26a760ccfdf4a276600c5fd3a54f210b20731941eb48a79435f1f86c45f8181d9758a1835721b87d36c725878375febcb8d48ed2ce8892db50965753a98f4e7110281db40ed64dd8eb51ab9ce41042589152d8cd5876ff30536f8955172a7a8f5c3f5ffd22c9954903136f781f0574f45f909bdf1657fc1cdcb9c4689f41e462c8d39108b10d78b6892c8775fdeb139258f8130bd1d2a1c72b5026506409f9862aa8729b35c652074494feb84a553cefbeed19d6ee94758e800f5fcbcaec19b6a00f33eb237aaa6fc0b3a08c1d8829c180bf95e7d05f919a929933b7a032cd20ace82aa5a45e5b2fb09812f36974b5eda1b387feb13bd49ac374f821341282c8fe2fb0cc5c075356833ff8cc6b648729a4298ecd73bd0ec73957077ac65722d0be23c1536b8db7b0506dae47c0070564e7d7f9444f47b22c679eb8aca4826f974a42043863e498e5301ea162c4e96684acc5ca26ccd083541bc4c1d2fd690e51f07fb08337450a204b0f4f2c17785e037424fd6e78746764584d5f19255496df1e524bff0aac31bde9254429565278a39ece4627c023edf18bc21bb523d44efc259742dee9ff7159d5f700d957ccbb505a88c2037629402c2a322d17647e430777b184ff7b4e8d6b94724abc36a5ccfac08e2479e8310bcb7a617a25fac6efd10d0a07248f7d4597f14309b8064fe3bc4a4479f905e832210d49363d1e5d58176dec9abcc0c5132fd6eccead2b05b56c96ecbbeb0b803e43db2f982ad9efe1e2a49649ed8e42707970c93615d54a3e673559b996e48a3b73143ba0884e918888156ca78f793dff990fd721de0c0b7916a5ced736e31292c5af062d7ccd83fe653294fac8c50cf6ba37b37d5a9bfd1e3b92d1825c1be0795f9b257cdab91ce99c0c51bdfcd6c0ab5a3bc6e30f884ecb4f1f61a3259cd279205b2c21cddb196360061758e67b1c3724f5cb6311eb4fb92e6c0d71e6d1ea45", + "sha3_256_hash_of_signature": "34e7a1786a435230c48f83b418367f7f3a4732092760e8c2c1942f587b9c758f" + }, + { + "key_generation_seed": "fa812d8cc3a9631a0239474eb93ad3a2a3480f2d973d3324228ef92a3b043163", + "sha3_256_hash_of_public_key": "4b3496a24ad7a8835dddd545f7c031d28b276abd6512d26c705f884bb1a7db02", + "sha3_256_hash_of_secret_key": "0d5f59f8a9d37a10bdd5f6a0ef7814f8962a427ef3f7a06a02d89fb874b950ee", + "message": "0bf9a7c0f63cdcf3f850ed7c5db6191eeefe29e498a19f9d89be4698821abd72edc34317b4f8ec2736dc83c24ac195bd55aff00e797a83dffadc7970fe53304f16f5dd92e6ec362b9e283e41ebf121fb2fa2a3f60124ef3ebf836ae51fdd55ca9f59b085ddd660724c072b86041b50a3a446cdb20a45ba65380adf007e005df2d9aa16a9d22b11dcf6f0b1964f04f45441a923691a15d80dc85003b9ae281f2b5983dd1a04d80a4d9c4372d9820bbfae3af7735e7c71e9f085c0a6e4bc107d9e4ba222b38fb236b2cc3a19dd6067beac460383ff2bcc771a7f1aaf092fc72c292fc1d5c6fc6b9715f1e1272eb22f8e0b33a2830e31bd6c531677902f6a95cabc3e9c1ae36f77037a785fea355137a581fc14e6bd5f1f7ad1a5dd19dedd448b47b558c22dd0fcbf296a812a726e7d1b57f4688d3f577104cfb15fc63c27f7b6051c7aed7d645186fca63ad9c2d68bff442466eff76bcf0e398d2bf54c2ca4cc614839e9bca48ab2cc53865803710a98d313aff1ddd06a65680eb83c640052db807eb2f38ed0cc211128044d331fec3e6b0b2f3b675c631fdade62c16d1719278413ea3f8e54ba34ede7e73f3d94802d2f9cb9794d257c46679a3f00015945903190b97071f8fb55f8696253aa3f39b3fad344fb88224f5313b43889b768171895f7aabeff25e21e525ea01a996c764a3acf12bffed08f3f751f5cc094b50b325f8b62c7a5b3256964d48543690538e634e5730354358534b65eddd44a526bb4b15e2042b6210f503eee06d00d615ccad10d73cdcbf5264b526674d85c0ed31ba5ee584f21fe6d13f883ace4b094768865e43099e54671240e8e2af8a7d7d22335b3974ce860e7238a7c1ca8a009eb51c8636f0659189ac8ef01c871e9008957cece0a367b63bd2852bde8690bd74c6d956435d0ab82f94a90cd00fc840dfc7036b84d51f1ff5076ca0974db6cf25af42ef7dc8c30c2b04ceb2510e86ffc510bf4c931639478fd1520ad571fa17958ccf8e37f5f6360030300ede3a33871e9582808bda2233996c5005fd0c23d99261f570ad9027767f6fc96d18ba98e8ddfc2b79ac12cda5f2367b4bb6b99a3e07b59882e49a92aece85339bbb18ab9644d20a3b2a795240492ce4eaf09d9ef728fb82b1de7b64b5d391251ffb0699335ced8c7ce642ff1a79f04c3ea0dc37ea101188361afad236eb218cfbd1d0ebd784ce27dcba0266ddeb87b59b66a4f75bb44665643fa358dd3d0b69b49f45a752b5c410e2299a62be4b57b32b0924a069a8e8c15d754cc34debb0d967e70693a6ffa58cf7099c2c2458b437c7b205cc7e815f6cb494080f9eaf3017e5ff918558dde415ff72e954ebc2ed4c20c8ece38cc916060d22e582d54f74c6c181c2601400110a683f4a365e45ff1387bce4e152a740136bb762b03a99fb68f6ab42620b2e3c00fa8d150944230a6330409b27e4aad1693e2c3dd12216c4e2ddbc5e9cba68b8b5417a7b2edae7eb67d25f4edecbb087f93dc9c927c33076b1c71a2b83b33870d602562ed378805a690dd2a427d86c2c46ba4741f3defeb91a05eace975c836e52868cffe52ca92f97de94768161a3e953bab6a28016782909ec53c02f35184aa9ccbd5b793b525204b72deb63e104376893b9452c3f2c492f423cbef1ec87c85788cf3073ffbbcd67ff79bd038672943ae4bc68da131dba8d7b41c83b4e9cfb6931987b270c74919bbd40612f823114e4bb148671f1aa62bd2bdfcc8b0b24010ec112e883aec9746d0f5de467addaf51f8c070a359108b1f91643071438f098233ad9a94d0faa665a39291a98d14a861905ecde4755d00e690429c57580dcb6d51bb6186ce72ebb1fa8413892cafb8713e89775013e546fda30aeb8af9f7155c08b25810c80ccaa5e700c124cff59fa32e0293adadbcc7b1a99f67e66b28da614c5a4ccd706afd05388c65ebce07a543d3dc1e5a5d1f307f675728d4c629a04e9e455b4da35236c677f26edc622c1fbf29568d509ea0690af4cb5dbb4e418b6162888e43b458774a31324bfd5ee8d2152e4ad43a3007d7d4af5fda172c2779837ad3a09e135de953ce966727a7183bf77adfc76430666b526692991d3c9db5bb377552a7801c548aa63f6931d3ee91b875cdbcbb7441a4ff81f86762332d7192fbc2f7b69a58db6ccd3558047f1940a1cacd6fa28a000b9795a2860394bf05f0120e6d85f96b1fe9de14e3ed66a31d747924b6ff2620778e0714aeb34b79a5d935a0306e55c36506a292c5dc568403551907e49a43a6263d2915108916f1e27cf3529d1b7bd1544af83a7cbe58547f192a93ce5c5bc6d652405ffcb95345f522b2d34e8ee0960bb85537a46121bd9a408d283a125eaa745bbab04e2231c19ae95e13901c69e5c9c4d70b104478f4a70d64f81269a8", + "sha3_256_hash_of_signature": "85d8bf1209f779cf75c961b0873dd1b1c89ff988097505ffa6427f0533977fcc" + }, + { + "key_generation_seed": "c660b84d558a7e6b4eac47c7b62135668e0ef0fbf74d514eaa3d0d428014282a", + "sha3_256_hash_of_public_key": "29af8ee3ee9f6eb9e47bf3095567edc6f89f9f0769f2b35e41e9affaf890f79e", + "sha3_256_hash_of_secret_key": "174ba27e6e9091b66a817cd073f42161de0e84fcdd697c28d6b5853c29a2de03", + "message": "dbfc582ae98d8fd326fae96a1849efe729a1173339d90c48c3a2b867135f1dff5b497d05fd55130694b5f9c62d136647d767ae682a0f05c670ceecc03475ffd39e0bd4e45b720d9d7e8dd04e69c969627682ad83f48609f6e66d0be99064988e4654e3913b7caf1475622e211bc247b98e5baba1b804e2bf651713197d8a610cc111ba5fd98a053408ad155dcb756d28a283bf3b20e6f3785dd5f105f8d7d9f2956064860b097c675630edee1f17e2eb0b26b6c20e260f9a5915d63f1be2c74fb0b37013244481a2d0c581c4ee12516e0fd4701e9835c8526a490cb39e99fae07c40236808f9605a63a5106c19517c3711ca4b9e8eddc77b242575d904dbe64223cf14a8e39feeda9d6c5f9cd0d0719a7eb5efa71453636f78cab8262636ff1e136c787e38a43faf02699c1f260ec45b068edbeebbb8a0e08ce282bf47d27a33216856f0c59e743deb13397656ff17fc4b3c694b189c35e516be719cda6542260d1301df93a5d93ee118f7cb0ac94d0364c9ea66718a4bc7f3d7acffa60afb7100f7d97e98dffe167d1d8e46c912d41ea057362c13b078cb1d9c443c1a57ac18c4566f5f5388f47a40ca49cdaaf34bd4c9a597ffbf7ab20d7ce88dd76a639e09ada323c588b08140e9350268c1ff76079093a05ccf5e1613a70e6e37cd257875049a767332e5f7420f319f9ac78f97c0c4fa40b1eef8c8b48045c78f73584590fe41f9f274dea838de75dade66d04e9d9308cb0a9948320d28d9ca8f1f51e39ff3de20fd5a2a267d127c317acd51fb779e597a8dc7359d920548b8bcad761c6b8012304e12628a2652d12a8161e538c20d582bf567e9c2b46b4cfe2d2da31120c6df50df45c80513aa9eee9f2613a221aa1d23f861c7f26aac7813b7ed7278eb420a5c44f2a5879a2f1f9f11e14602762e3389b152c014ea9ddc9ddde9ed1d6f74e7526f690ef37e71d448342c012e032c00e480a699ade617434c12da0e69139d0d9036743b9e2b9134b5086fcb96b193330ace8e4f77148ad0f532e72e1792795080b54d7172fb9af1972d00ae24d0b3d86528675b3bc8c7b80598d855b95a77667ad0f671f00039c08cc99f5644bb006ba9356b9c02bc935212c43490c741b0845cd7b4247592374aeaa1b589e670ac62777293870963b5132dcc27088f5da5b831fa570766fa81c2a07b88bbd45b81992edfd2a7fe934219b1f648dd8a414fa03eafcd39e72bdf7d4f6b9c1f31a0a67df03f6709f2be0e7d1b1690c92ce7b8c6b1054270d796b16d6e445d24cb11229cb0f92dd81190a37838951ad28be2aeee6c5f63da60a911ae0a24b1d05ef2f814fb30aae8ca3bd9f01d4fabe5b279142af948b0e6bbccf7560107c161c816a0d8e61dd908445079baafb78c14f68b8b2bb241fb03c237a4cb250911142d0b460acc75e6b0f58bf28546a4779ea7342238826f636a510cc9cffee8bb0292a58a07694c05672b560b26158a8566d01d0eea0773e81f3f84376b29ce375fc56a0689a7ca5ce94b91814b62cbb61ea2efca0ce6712a941d612b0f700c56b46d464c2aaab3f64a89caa8561a1dab2869d79da1720274d031946c4c7715fb9c243dc95cca7aecff55eba4044467eb922e93f57e3e39b93876a03936dffdd2af48d055c6c188f2f229812ec94f3fbdf7d7db62e4274dc91718710eec2ce034aef266207c5ccba21552d6fb8ddbee8e931067010594a9e0cb37250f67281c0a369965367424d454cdd05d3c8f35a15f76b4c8c3fee42f4c9cad68849837ded3be58730b94ae3a5f9146f90e03b4c0836381b3f9ccb5de6bd2455d241be9132eb6d4937ff27663f4cadaa9cda193919f4cb0d0f727f6c7b26e831c3ac8decc234d79d1b3bd28305e3012a3733ad718fdab7dd1a6400bc47f47d20f627d2449dbff10e37a62299e22e408a28a806d403cbee19aff6fa9b1814b35b9573adc86f829a08893cfae4a0212293447d3086e21bba28049f3ed383519917b169e8a1b7dd64cefe0da643a97950a205cbff6bd9334180556e84199f0b60738715cd69aad7c882430578f6fba4579d908f863ca54d0b9862eea6abed31301d183cf465b1a256cbd597a629307a8a890f11c23dbff895b932e9cd2f5f06a4183d6f2d61117126fcd2ce2b86bb44a9a5b402e3eedbe4ed1df11716e91a2302cb72d8f0dae132e16311c80dca041694af1ef63f659959fcaa133d9e5668f94d0489311af3bad379de17793bb3ee8a284529a72cdec474b3a82d92c6cb21c63017f262e0d7dd47aa5c58f5e23f8a37f00d5438717f05bb974f18a5d3e1ca054ea053c30b34fbfaee88bc0195f061ac32f5b71b2a8a3ed4b8bc4edab40a6396c052dce72e10768526c00610e96df38aa70938cf844cf445d8e2bf73c4f32a742812d8c1db53afc6b6c0a4bc67c3cf7579702312d6c89bf14e9585d2c624d07feb4b5b57f8e4c5cfda69a5e922cc1e9", + "sha3_256_hash_of_signature": "c7a34136f782c1c0a1892dac488f24d5cc334c86a1a73b80ff3271ae93871d91" + }, + { + "key_generation_seed": "929f309ab3f90cdd9c21eb77a7ca762ca3afcacbfe3e67b056290835694ba3d8", + "sha3_256_hash_of_public_key": "74409383fee7ae6b8224c6ba6cedcac46cc8ec1a39ea136eaf62fa7c93b6b824", + "sha3_256_hash_of_secret_key": "d0fd3d55960465166c20442ddf504d3d882201192ae18e0c02303987d1634384", + "message": "6103e5b22f934203b5ca87337095c9a19267afb9695d309beb8a557bb7cc90332c4a03e1d416d397b945b607268f545928104cffd71b02864e010b666cfcb68b762fa5ec839b5aefd0407419441b38e6d881bd5218df73c675df101bf2c53d90ff86d4a3c7db19ec9cac044e0467a36337aaeec32217faf86cbd7bc2b663421754cff1200a8a66e18f812868bc8d1c8ca495e6462da4b8b96d4167f040f04927a7c27ad35cf174d42684ed55ac80d14cbe4cc2570642ddec4f44880d967e9af77ee27d0d3dbaec9067fb6fc957ac4a136c1d564e17f59ac4938d43fb9050d810989907125c47fcea6c162c723e79f68339cd1b3bf596988bd6e215271385cd50616868c6bf40fdc34bd30e5a00773e2c039723f2ac3a3fa45f4ce870841762d7435bd6ccc5fd3d58fe059ee455a806fde89155c84797fbb73691a1fc6921859e99066a3239e31f28d1a46100db1917621d9e61473cf1e71f9850b584b459d5690941e676a7dd56796313ed9abdbe03dc75afc1430dba27fe0f8df48ef7c339f462af1a6d30a5f8b480dfbbe860c4c0bc136393c8fa0875af454273c3cfdba7eea44eef1a4060136948cd98b9d2c19aea4934f3455f31dd15be6545134f17a195b6bc409159c0975e592a15e86ca4943ccacf4b46719a072db8c629b67768f1956f8158f179a0b645320489dee404c8d0c4e786cff39b324053f102c118e7d51173cec0fdd017f213b2b07ac6b2c7dec04172dd5396a020edfb74ed86fc31952d241a7c3d139def543d90976aa70599792e73cf73ad0bd4a359bf60dfb2ce96a784d8de5e23a95e831ca6ffba6b187bc5f29a7757185ec06ac882572ec6283a1875b54fe4f295e1970bf311dbabaf9f894d3364d68f529c4ef9030ab934bcb09459d5aac61919946fd28df1ac85876f979e8b8528e9bbe69f03deef136eea6a8fc86f31bd64285c8c9f49adf53a8baa7867ce52e72dc4a63929df3ba2662dc77d71f88d8af42b8d67ad54884ee11f5a6b3b794f7d5610909b0b740937587cf475da903159994a262b6f32a3d1723fdaae65e636b71cb0ef0a744f359bf08ac8231ed2970ce8c451266f703da3b57f85aceed4c1c174c50d9c226f028e972ac124faa6f60518699cb4c499220ea51a538f9ede67d0e98e1bf8fb4b24b1d8ef50a28a93e20076f8fb812cdab04871d331ff434ba66dd4577b18dc3f471b3e96a174b58a7ac2470eb8463a71ffcba2d064470fd2d4e15f9491db09df3e3ba376a3ddcc437312be5848db3b9079f2ae046798473bb970d725e1d7c6fdf405ae387dd7cc1735a7fc27d1a476592a514b87c9017e1e5d37e338f37916f3c72c5f2af75185b88694d4e8e0a93fbf20ce81a7a0c10d55737b6473fbd92bbb39febc6167336beb9c235997796b9c0dc18c353e80305175bb412acc29e647813d0003f727ed0577a7c14bcf67173da569320e887bdc8f5ad27fd8864261e802a6753c6f9bac844b5900ed0d4274c0e6ede42367079188b10bed5999501164fa4c5a818ed6ee229c3e0e0f7804b19eaf5d1132be1d7fc18be834c842b21f8ddb11f8cfaac10d2e124981ed698ee7caca211c5624f09c62e1d451429048b55ed0f8a714bb77a0d4b40f0a446eddfb27602b7bf894805c4aad9252658f6b21a05dc0cf6a3acdc227fa867a4e5b1db63a14de26a79aacf1900a7b7d867c15cfd1daa712f2a1e2a6c7b31b121465539cd0164e3ccf79a978b543ae9602996448c6f68069d044fc958911ef40b0b9afc78ed014d94571f6771ea5e2306a7cac32c135fec0bbf1dca3cb0b57daa239c01671718017c907048e0d19515cbf430d4b3b4ff4fc9a391d15a38b39c4e528fac04ebd3dc69144c98afa75102d21ff961bad2e1f25562af92554814405c4ec08dae4a0cd28be592c9c9bf997cc0fe31502dd541000d4640d59654d26ca2a17ba4cab0518ee097c05b2984ffc56e8182368e216768e0d07e17fb64003e95194d04c6e00e08386084febb6cbc841e8f3fe2a069c45554bc502c27591ca3c1dc9e6b1694ba2c1bc0713c1cf738db22ffeeb7443d72d5bdb975d192976a58ab33db58f5dae497a0b24011e15e3256ff124dd99af6fc300d1fecdcee18dd4fbf25e901125d4e80efa8e2a211701b74fd992e63376996994e054cc00e7e1de7db8e7d2898a735ec4920dbefaaea66b456cf6a12324c5d56762313a627b3523ab1e2c1c82e4fbab136ae4395fcf2672a58011d96bbdcf2a7478305756d66b30a4ac44e48b18a5964aa89f14187ea114084d52b4ba77755ba04c34777409bdb782b7b645e93b4db284525e2f9c9c38d73b475dde2251277a2e6c3183d5dea78414e22cc8fb4b2c7efa797cd4a87ac81d3242ec8d2c2efd6bcfd69c39f14b0b365f3151a96f75454a3a1400c76a4390fe9f2e7a22a0cfa687a5bef1c905d3a893b0dfd35bda184f25e62fddc2a52b6a67e76f550abe4cc8d1d63cc8631e4cc315e46d3015c3b8636b92b8d07075d401c654fb4a", + "sha3_256_hash_of_signature": "77873435c9b1528e167818f935c471835ac20086122384e6aa1fc8223190fa7e" + }, + { + "key_generation_seed": "dae1eba78ad1568590348088aae88c1abeb59626ef65991cd76ab81198e52837", + "sha3_256_hash_of_public_key": "a8553e7ef85797d2b426f1eae2c73591368ca48ee493fc3d042c7ede8e9f9d08", + "sha3_256_hash_of_secret_key": "65cd60a7f9c7cd1a345f51e00db35a9a4902985fce09d557e0f407ffc4a0947e", + "message": "3eac87b3d642ceaa3dc904ac3c4245cb2a260e4b74d0394d33d4b71024144180a727f80b092305f31b2526998edf6f98e46933fdaf0e8709e98d54f13c2701c58bbe35292fd3334c5e03d345a9a2ea1e01b2c4573567ff1ff3ba7406a16f5a5805edd760ac78a3ab8602e415f67c7cea5b36421c79f83cbb14fa775448a832a4b28851ce215c11dcbaee652cdd7342b6b1204727479e6208fb556cf08bf7ee230f32659e829ce4fbce0955d01d36624bbac18c1d25a3e187722f8f74c88b56e518cf0e78b3b0eac56d8f13c4afc4da3613a41ccc2b0b0e2ebbfe5799e479f81335360d483596e9ae926751ec9b956555f271c2ccd85f0f6c1bbb2c326c29b5ddf6b5c4c11f8eed15c0143993feb626543e92ce4d66c0bd28c79ed1ecb793a3091d6b9ab510b0d41aa42d70c2d8f26ea0b826c8c375e1dd89b3e2a48fe5d88a462deac33bac35aa32ebc010af7e47b77ad23653d747760914e0ca12864cd401787efd96f30d82d8907dc68578067703dd19b2377df319eb540e8ae78b2be86bee1c915ff3b2f4b25c0ac22ccf89bd85371961944d8a4e6d20e2d3e9df3a07d3bf6986898786f0667545275fac3eb0f069b457d8ebbe5f60125f94756db04ea203451a0de160cbce2a34650d92f200448b097691a61361ac487fbc3c82b2bd7c1acca02031311971c3cf69ba459a0b640a702db4467973713a6f2466560ffac0592d64ff1d4a935220826eb559cfe0144ea4b8e54eaf67ddf91988dd4b3749c865008c0c1cf98bbf76d929b85c8c426c15fa56706984e0f2e90658fa3cc33ec9fc700976870c94035ecf9a0534b18d07f55923663835416e40235cc2550bd9822f0912cf101f86039830ad9102aa4a3b6777edec5ebe621082fcf81a1c6a528f0324ec9d39fa80b6e87d6366e7edaa0e14337d6708f7c3d2fb1978f4f5cd594fd35b267f9cd09370d3366dce286ccb9647a1944f8d8be63e5ef8f6108cc5e9afe9127da84e1913439ec35a4e17f7782df042dc2f7c5cad8a659db282e61763539b56c2afa0f2b507d549ec8c9e76c7db306380cd7b46c9699b6db8be06cca15e8e83763137b06bff02de2738a46c61b70edf4f394d54d0453dabf689fb6ba41616bc589cb9847224e74f919b6e03672ec6a52584fe81456d6e648dd6f0f9b068eb72241f067bf6b891a498a9a59356c735e10efb37b3ecf47cc5620a35442dd81e25d2c6db0e9e871301add193d628b30e3b4345751bc17e0b5b05af758a653de7bed3763303ffe1af05e407f296c736ca6f4c348b25718c7a814bd0730affc057842af3d9b9adb12fccd740add16218aa57e43835821a2bcd70f1027f3042d4a92f10d0a1fb8323e87869bfa8da24da75f8743fa3038c24fedc0c987065421bf4b300be3ed3f6d6d590968d3ee32a8f5e20ea6168756aa18bb78b6aa48c299c36d0e78b6f84cacab5946c69179e461f4c2dd201d8032a29ec6c52942ac37d9c76ab4a401c9aff96284e1e9e39bff6d912ca33b6118067605ea65d7f611dd963f4f75f97346fffd1df84c79ccba06804b3017775d8c0bf614fcf4d824709557937b22e1805a0a961ecf226f26e3706362bf6d8d1dd30be7eeda481a64961641dc57b9f0211f8ee43578e4c2b6507114dfff3c3f884586bfd1278d117f7c6014fd5980cdf1e2fd1f34ccad170842b9e819c22fab9890ae265c3bb6946fccfe218544d00a6ba5bef5224eae24002b6e83e0b35e98c2322be2eb3d8234be8b048c54e40782c9a24d7a8b461ec05f38a94aaef3da3b46d0d85b0d949cf1089408189ff97c56c7dee50a004aead82c15c7c0d0965f3c65a9a715a65d29cd3614954ebd91eeb4e74f862fbc944c56f2edec4d344f92e8154708ad0f5575880503ef0f107a9a9db99bae82357c16578f3e6cbdf9b427da88dc322d11c6ab2a6ae6f5179c94454e09df5caa6a519a4c1903c8f2925639e12af793695f256bf0e55e0d45b73880358f09719ed89a4a1a07868bfbf16095a20035d5d4f99fda19ddae3e21cb98308f4508b5cee706c27898f03a2bf14f29acbf055e4ab0713a7b6fc1a7853efd36e1290e69587fec15d492a66b9a4fea6e2bcde61e02fe18e06f59a2f4e06f177b14ce4c1cf1a8d1f49c554a8a4c68b9937b4c230320c80753d4b071bab2deda89c9181820336f1e766e447ea1c44e15cbb7c002c1813d2c1726db0e4de289466077da9610e5f3aa313b1b01dd79a4056a8bbe9d843ce5b0439325ffdfe91fdaddec6cb86d5cebb68d8f9c0ed237a4648c412780acff48fd9ce817ea70d950dcb989ea6b11fd87ea4f30347a27488c5c15be7fd6d1280fea3a7c022f8d9881fac93176db2025b4c7914a51099893a791bf5be851f325347484ca6ed51b2ba71548a6046ea7ec85b31a9967e7d119d2ca3a51c1e14d5a3eef0d41bdd615da01d45979007a1997de281bc340c3203d5bc0075b1aa38873a9dbb9d18e6e26971e70b54e41e2c8c91d2e60fbf85435c1ebc4893c45a201b1d2391549f52a1ca3e0440adfb746fbbf0d9933f9fa0220b3e04ebebb29d2a9ac1", + "sha3_256_hash_of_signature": "d96edcec2d93eda8c9534311fc0fcff86eab810d2a301afed11ef4772fc51a47" + }, + { + "key_generation_seed": "15ed428927a7eb0c7c2dc7a98cfbb77bdd773fa8747b8232a6ec4b87cd7dbce1", + "sha3_256_hash_of_public_key": "383cc161008832f7f6851d811fb4c446caac34ddbfa73ca536b94809afc7e91e", + "sha3_256_hash_of_secret_key": "9bcc828d917a28691ec7e778fae72a3ee2e9d9c3ed139f806c02c87c22235761", + "message": "baa4a41e4b68fe333ffa5ee97fd3de18f0eece8eb83e46a8e3505e2ef8aea2c4040ba3809a764b681ec7449f41a2463651a8cc6def0e4a058eb843ef016e5cba8d55f925e66524be55cb98fc3169082e52e0d6cc3600c4e8a560b6d448a72ccc95620101323f98b43e28d6357414185ecb0263c7bb94e7f86146661fc897844cf52873114d39123260893def13516f982783b927864b61b56d3a8e5b4705da3a95f6d12a6637c9ced02f07b4aa0b08b4924103036c2a93b31c91ebb6c5b77de090ebf60a04191eb6ce9cc9b550f5b0c9104b74d15358854181c0c5640fc74caee14fed6577fd75eeca14070b6d02a9a421247a5bb262d6e62b04649e75bbd3ed8e72752289fa7c1a68096dd96a4bac8a2dc27c44881dd2416387d74a005680a3d229d562d3daaf8dc37b4c87cc86a8c991e9327cdd43ba930cdd8d1e44aefb084b51111965c5dfb0ee2f09112b070cbfc545119aba823eb3f65f26bcc025b39f79be42c0396c5fc9fc924ef1b7ee9ddb71b6e69b579c0a64c5b020206cd3515b8d5f4ff29378b9580d282f7e5eceeb5ce9c09a7b334e62151100cd658dfffa66f4091231bea6c9de8129ec4f5fbe8be0ff4bc93367dc69d9e38c177b23afba5c27fee3e2b73c0037dd7c419c854df7c2412349bab43869469e80527c3ad3a7103152f9e0b03353a596002ff54aba8b14ac393ee52eb5564d63bc2738d571fa3c255abd20102bb299441b00eb988f3a5cfb238ef8c49963b4ae8877e6b317e208821510bf446ce6b06c33717c91c460924248382159198f09d0f5a25c1611b2d39cc6d2ed149fdf0e09a0b0b2bb77067182e386f5f6a55b68808dad98e5ceb0fdfae6a0315845acc7b9c172b0e82190a5eb7c58de4f86d883292a883045c62d6a1b3c886c345aa6158276efa6b93ab2188e47abdd25d332146e980e1b1e043cf63ee35a5aa01ab6cc62f77699dca16fa30e3632dc5ccd3253d01e547746c78021ac307f0ef1a0119ad11504803edad933150981c4d9fd181835c507651dc92a86737e3afd0eb4ddef6182872fbd31bfc6d8427c2f4d3a39bcbe6b5120b8cf2af5dc59949c92d10b1c6a96810564dd335e0755f9de25ec26c102355688c38250df8f96e105136855c8de4bdcd86df03f92977da16908caeeb4056f4a5f751a57ba057ac0309f1c107e594cf3c31544e4f1d93fb9ae7e1a2451e7082cf0c850990ee71ade0498f6a3852dc4fc128bfdb8abdda3d759c8d4f83fed8509cde5eed38410fb9f0a5f30ea45c9270ba2395df645aaee03f56158685a0ba65de3d2c5209a7ef4bdd4bbe0cdc966dd1bdf1fe0be06c7115f7ccd80f8012e5d17955ae0c9e4220076882f30dc5e391295994b9f809c09dbed8ccdfc89669f40492944ff20948080a4ed66ad8166b613ab2f4414762ae493ea6661950e8e56b3758a77cdbcfbf24fbbbf20eacd5cbf8815899a1c3fd20b1d04920025885388012d9c58ea842db9530b7ada901ab9ce46a12700687bde07fb99bf66d0c775218b8454c936f03558b899b59361a0c664081ce8a7858ddbc5e7c5480280411c9acf4d1ec45035d97524e9e44f963532ca5067609540c1bcb5627f99d5c61cb9a6d400f0ba0a74e45ddab5a4e8a765dcf2f3684e3a2661a78ac069fa38163ad9f9713eb45c841c6617697cf8a72c54b550dbe9c22b04d579b09aab0ef4ee8b70ca563f81ef9700c07761c944926f9a76a8c3eee1cf7e7524d65908c47c35b0453dc10db5b75123a5b26b9612c0ae18816a71f34638798dfca21f5073ce771500034f9a71feb8b621356c430b4d47cb1b59ad4677b5c679188d8861beaf52558165f691f65a692e8cb8d24abb74b8885edebbe52fb13dac16e3a8ebc4ef192fd10d71898e93547c7a09f8642aa3b4faae23e48bfa809c5989d3462aa50fd4e5c4095542c45e5600926c2decb4d18bb43b7274239a8dfa3d9de1bb9ca099dfe56dedfc9e120867efcda10b48f7e630506aa606d76e4537036127fa05fffb8b8703cdc8de70a78d014872111a431f393345d74e8866d9a9a633923072e93dbf47c54c4b205c60e67d5155b76f51ab49acc7435525605dd43a10c88a03e08e257c68937bf2984be63d40f8a60589d909f8f09688a77da15dc7b4853339f235b1bd60aa845b4db6b699325885c49df9c40781cc56fabea6201e2f8a9352c28ce321b9441422807e9c81c8f1ec85d240c9f1c8ecc4ff06d6e3682dea3e6cf92f2b74c2165af247ce0f5ab84460693254b523498a57e7442977f51f1c2f649bdf756e7f43ae543f5d8e692820f8a06322667a7fa9c1a5b10199a69ccea22c74e172fed43e550c68c337ecc5e6aad9f7eb997a7e619d47df73cb917a705c3cde5ff344f6fbcfaecce6b734e09a385fe54b224a880704d774581074c59eb0a3b42c59b8ba4518e764c5a532f6655dd839862af716903a118433ce0809376a88e88fa847b4d1c63ee393267b15c1e42a91dc6107cde990ec9ecc7c1066e9480e90a22907c51af47da837438a90cc07de8121691bd73802d5d09d18a2d8b38a28948735110891d1b559a73445838f359a6fb90a3cab887486cc9d95cba35b55693c890830d2", + "sha3_256_hash_of_signature": "71b32d45bf0f4ef2c251f9c37b7cc020eb8b1cb7f07e953f542127af723402d2" + }, + { + "key_generation_seed": "ba7e359b1f669783521ad35edabe97141a816c2fabf0ad0e001e21f73ccf7736", + "sha3_256_hash_of_public_key": "df408a245b6753ec5e8b9ae46886c3e0aac87905bcc3867c8645cd30bae5c13b", + "sha3_256_hash_of_secret_key": "041fda61412f2a118151d801300ffeef334bac022b7ec0f2ceb6729a6f8e9502", + "message": "0707ea05515798829f42a4cbddb4a95c5750879e0a584ab503f778015f83bebf6d63c3b48a4f478ef01091403ddc5a9662e39707dbc8502acf50f3e06ed0199cc647ea155feef503be045bea4035c07c4cceda306b8187185bd06c14220f2b7401229969c1cff8c36d499d5a725fa1ce7b44d71e6c0e4e750766183883d838dae4f00b140e0afccb0e72f935018a6314232dc632c5ad3c26919d1a7925bf0f665ca0223439518143486ce92650dd145fdb2e97e0d5bc9d6806f442fe90c9c1f52992e670db2603ad885fa42b3d8bea4e470b7f76a367aaa506e931890b6e4607f59e87a7a5fbf3991eeaee47cfbbfe3cbe028e67bb645d37a7be5e7cba6d7955cd62d1d8db0d9772ea0185c25bc1ad40a09d3e7e9caba72bdc3a6ef3c40c7ed6208854157914a80b5c66a6dec2317fb5a529421c03cca6fc0a3b3d51556e8dee7c1ebfba924fe2ebce8a46be96e761aa6749c0a9a2b2fc49b42ca47663ea3395df22de20947db14fc1fad03805955d67f8473baefe2c1e22bdcc7bb988db0dde4e83e26a16f10b93bd9cfdba77b9302edba0c9afba7369a023ef763c55484f7425f842111cae27e07a511a725f25d422d933f2ec201bffe3291411ac3cd6e91018c95074c18fc780a73945b148154987854cfa1cf1199bcd03519c8f34774453df90b71fea6734dea7191ee2a5735f7a191f527642d53c844b087e9346b07edd0b78c36f83445825e60a13c424f72530e05f75da8d33957faff004deb549985790956a0e7d9b256298d56bc6206f1e4e1e958fe298641a277a2c8b6b9b7660dbf689ad7e1a19cbd965cbeaa4a0d30741586290576996ae668ecbab4f06f2a1d542e32c5d3f042e7e29a41bf86bae29e7029d997876cfb23b10986a45ca029739b2446a29c55561aee8ffb187961e6e7401d726af6d8a5c816b2ceaa9a1c9b780ddcc4f0e4003542b193ae26ec687f8c51451d2d5387d9c3b9eb95981df2de069fe741cd5c15f6d1b12c5b9b94230aba33bf46dce8ac7e26896edcb4f87272c32d19e72c313738855c02c6f46f1162be0a3ed2e76704b16169689bf532ead7ae7f2b26f4d9b22712662beea1f46748fa4c27d1d825d3fe493b5b3b513617c81d21a0912d329c5a4e3a90ef5a29a4e3137d1ce3eee99c42d034e61593a4076ef124bd6bcf8fc911fc9f6077d82c2980c2adb955939441bc9e81bdf9d6996ce578114c01f9ba096d6ea40f4e0fbb18b3e3d25e7f6d6cb670ad26f604368acb6190667b7b7ed3c1a1da04e42ae0087852834b91aa072ad51c0193e5299481221bc9083118f7b5503559f1e2d9e22a8d57932cd0b59509e7d7f459e20ebf4c1d0df71472340e64992c0485d593714d6b469547616dfeafc95089689931e79944204a6d0a47a565dc325f3be19fd44bb6cd4bf2b1d4a78c883154d70705e121b833a4a7e7e80fcdca03f52c1f831ab0d989ac5dbb5cd83babcb3ee74b69681818dc05e33234775123f552cfc7c7bb0b98c937957a2c4e86e3d775468a7cb8d33756ed7489d04dbe52eaa2737efbc4c4d0f55b5a841e1453763e611bac358fad0b5778c6015d97cc42ca9fecc66cf844dfe55587c200da5250b3a419791f57d3a4f672551be885dfe2aa8637d6c890ee8e1063e782fd7e2cb356bf47b6eb93a155d8d64c9f6cca3971c5a7facc3c052a2aa9fb286750f76933261aff5ce408bda8382af8535145f432f78b3b25a768b5da2a211d1d07ab557cabc7a139f66edbb744aa76e0fbf22092e31c92cafc624ee1dc6732f27e8e7632c6eee2d1f5c85b52d712c884b36c91da383f0de9e06e5ef63d7b7a692e5e91ba1a1d9298e26694faad9ef262f117df8115e2e877197a8069a96210ce65d45e6aa7011654acfafda810cccc20c1985d54483dae12b29d7ecf66376968b52fbd727cbae7c9e3dbfee7391d985228aca9eb8ef98fae32bd24552a6b34baa581dbb03676a3a4546e10efcef269b18e1172f560fa0f0344149543551e079c1745bc0425b5233b7d7dc32f751d321638edb1cee56df0359eb6d9863cf3e341a56060c8ef8486014f956c39b751ae239a493a017b2fa5210d374ba83df5d799b7cd92987febb0b2cdb3ee42a61381304c5eae2add4777011c3279bbcd1edd6f91ff72b3c353ac35da8fa843dc5561d3cdb507730e8bef20cf09b0ddc36d47f4c10d82652dc2937d889f83b1ddc30e52b244250d19eea9cf7a3b5d931e2e25b64a0a81b2c4fe933a17beac2e10fd888d07f994e4f2583d204da126533f5e36b62486a00ccc317c4381a8fe11d36c43e71be108e22a98f53729f05a5e0aa38d512423db4bc1d6bfae9117383acf94ae2a737f6b8070858beaf08e365ca84925f8bebaeef5af77eb73a9d3648aaa6493cebddb95149f0dafacf129fc321e558084a44cca4b429d664d90dd90f2a04818b48d135952746ceca76f99b947a33a3bf7c535b187c1971af4fcb1eac841be7e96f429dd38127b52facc2dd6512d8d019e0080cadbf7078fc67e9af170a2a00f70f407b0a7ff469e2f6ea165f8b43eef1779a115089de9abe6b78c93e4b8e3b018686d16ce8ebc88cbc1d571372a3996c9e5967c035f9da6e200e7ecfd1cf7158563f36a3aac3cd8acf52a4eee29dceb03fa3272a671cfc9b", + "sha3_256_hash_of_signature": "6fb227f667b53e0a2c87d19393651573ce928a000919c137c72180271fe5c023" + }, + { + "key_generation_seed": "9daef95c8d5a61d3a3a267fefb9f37d6e677d7ba26a3a5bfdbda8c281be89ccb", + "sha3_256_hash_of_public_key": "b14f8adc152aa07dc7113a2d9a9ea31bb7a8105feeb432ca9f5a3cfeb756de8a", + "sha3_256_hash_of_secret_key": "a3988422ab615ddfdefc772c3ff6b9b748767db782a0f2dc34d60ecf69359ffd", + "message": "f3ea695264936d537d86e545e132131442c2973d19b37f8c911e3ecef4a13a8b1edf5e5968a6198d26205ffe6b76cb14e353b5e2c9de1bd44ab9bd55862ba1a479833335725ef52601810c778da4a32c497ccfa43f91c72a1499e8d295ae7cdb43f1ca05f0d4a31b30d9a69cab8288640f3f9e081e2c98cc8351c7eb9954d428da4bb374b346a83eff5aa3f455f2bb3fc922f901bbe5695e3ab9892a93beef90fc150b3bb47f6965c229f7dcc3100a4101840417a0e2547f9d42ab27216254a2898368bfc60e7d407271c213233b6913c8e48df10967757bfaf5b5e2a284b8f67c70537c97583786b5185b45e2e36bd8b5443e98601f772829176c4d66f44a81aae7c13f539490640bfc40b83e1c75305b06be60e18a0ab568859435b715e15ba1ee4de73e04e1b09dd15350ae423c131706f057255e9fa8fa3f9e3ade7435a6451f7a2aad0c0fe0f444c4a247dcbaa49e7c926dd52a33d3737b4439c1d40f861720e37bd25366eb5f34bf4b552160f3eb80ca8fb19304e1e4143090f8e965daeff17551a3931905b5cd991c6bc5af5be808073893a47fbfeec0940ef5e7d2f2ee199847e1a4bea447bec40f86f6fdaebece6ff0f66e04193355c9576dd4aab2d796cfee5d432b1d32e13b8903a06ffd3aecb00c169a3af8389848cec724f647c6ba8dc3134ca18586db3e4138601a16df8873a490f23c4d27fd9c3d4fabf2bdcba4af3f0793e7b591198100ec97602d9ba572409ea49d7c8edc646335fd4494577720ea7cdf3b4266fc201de4bc204c0d35cfb55010bfac68ca0df3ac936c9fd2a9c532b8e3461d25362efa37da159b64670060cab833eca799fcf1342c7ee1b80bde05abad08b9ee8908d50cd0d433dda0b120d1980f690acad9c072502ab537ef71b691917a76d3098c27fdc6fad1f1b29e307e17c87d9fa6a06cf8cef6568d9e4e005feefcb5f41a46d91e31b41268367d636c4478921e690d5d57e99da3448773d51b673109cfd3a58cc50c127f34f4963fced6c216e60ea0952317fbfe88807bff4223624f6126104cb46c8d39ee228bb4fc0002287e346e5ace43e2caec07a22203fe3c4aa9008a94f7075f6e449fb89905bb955fa0023608c494f7b73d2aa4e2b0a8a7e3caa889b6b6a6640f7222ef969d46ff6794bd97c5363921461bacda17f2781e14419436e37610e52e3b7b7bf9c1a4b1d80876030f9a8981daa4f06a432dba739db988bed5de7f38378ec1f7d8a46b305896ca0caa5d8ad74002863c6ff91ef25ae96450936509efa93f94718e895a82b4616a965af004038e0897a6563dbc91eb5a6172adba052250d06d210bcf5a250246fc3482e57fcd9901104c5ad58eeffac2860a4da9d2c308552efbda2d4275f3f3651e9935a0e42869b9263fc7ea71079e604a4ec6dc61cef6ac6cc06194def432c1f7cd9edfb0c4b448dae3c2a685bc818b2a90e17a4c1caaa5fc2632f720e764e2b8da314224498119a0d94cf5dce24176421c2736575672b361119ec7c766265768cd9ff1957a17779c11244c1cc82d72d4e3c87107885f71c56da2bc41008b0bc1375c12b3b2a80071ec03e377a93bfb227bd560edd5e5d88f46f7ff9831f05bf262f01f62278d3dc13f4f0ceca0509091c25d20666d8d3527975ca3495f6843b46b5d5b6f5c650e981defb3943963e14f00a0f78ce785a21634c46b531b4f2ac5ad0f03d92372c334ce963e514a1891716eb5d5bb1b67834994eda492719032e2a4f961ddd6d2002d8f52798c45a9da8145bfd191e97d1fba1b395858b0fc7d5f5a54e69fb3780635f70a763e44075075580778676e6b9705b40f40210e597b5aa1aa77bcc3be5005159a4b68cbdc6ad8674495e0df65a6decabafb993cc49c082d358db1e5b3a8af2fcb0049a15bf521986ad84148135cdb185fddca6802c2ade9ea2e82047725d73f51e072ccd799d696d7530f61b16e9b4727c58cb0f552b188f9b451be543bd809b63d66bcdbaeb7aa917be6aef05df559b3aeaf65d5ea12e852d1370efd6197f970f52292f27923a10d01aeb652a9a44573c137257b49d130f1da48e532b3e33d4854b995534380b4549511b39a99145af5abe0ccd3a9dbaf673efc115cb75a9a5a806679907bb525a2bd4507977329eb4c985b3575de6533fc5d62358c21af3dbdd20deefd7c417c77d37dc2a098a8fa48f7944b7ec6f929387ba11e3516c9ea681238650416ffb97ea343d5f227badfdd509b94c1451c54f85e4539a8f70dbb5efbb10b2d82a16fd0c997c603b8983ceb840a7c3b61918d8a97766bb8442c3b9ef2d324e28dc19748417d32f642874a8927688c74bf4f6f6724015c4dd50eb83b85f613fa20938f5c895f88830a40c9799c212b2dfb453ba0bc534f75cedaf7a016f6744cb4f5269fbf0284eb90cf1023918078024c3b125cd9c7501224050b4d20b585472b42a0f494513ed131bcd8f75e223317f56b37ca48780750de0bc81c74a3388c94d93a65719122e9d533274811b76965265d7b2f91ebe3c5924ed2d4dd5e327a6e7546aa2605e4c78d0208db7a7f678caadfb32e6bcf8c77fc7810f7d1d5d50e26d1a0da03b8afcf99904b2b3198670462451925381f0bc404c51f2f18fa7e2c1e8b0c6cf97a9a65e575373996c3e9da15a18d15c93548377677dd713c9828dc4e4ee823a241377c65a2948bd29447bfbe", + "sha3_256_hash_of_signature": "12d8693af4e9f5a6768d23edb08516c76c8b8d8d85dba18dd3c502ba4759494b" + }, + { + "key_generation_seed": "0531b4105cb209585f9fbc29caa57e64c2d40f0829931a42caf7701717d9096e", + "sha3_256_hash_of_public_key": "8ba42a5e07d0483f6824d4e551247dda8c0c67d807002156cd94fdba3ce0948d", + "sha3_256_hash_of_secret_key": "ccc96fda746ecf599d031236b64d72a729cf8ff8b343591e8f242d2fb3e0f110", + "message": "437e0f77bd0e14d704be86135119f39a0a65650c762852e2694ad9bf2ea45c7ee59df915f5aac128309847e944127294566ffb193d0361dd7111d32b06dba60a12e053f424ddd70674e902e409bc6f5891cb9a76108322cdec1491d3d89a74cedd855bb0791dd6da371a75ae979593b5159fbe9ddacf88506e6a184547e2a7395a46fbaaaf286eb7780b789fed86f257e5036a3555e777b909243695ce89957df492c80050457afd84aad9f8918099ab00fd7ad3528a3d0afe5b52300053575b839572d4d7ce43c255bbf5f16948d40bcc2e63714487afd3638601adf47a324482ecc99fb88574538809227f8c0a5fa7f20a0b2fefda38e6a665550e44b8d5630290a4815621a5dd74a2108ca946241c48661eb087240788808bf676b145442b2de4c35e1a6b8cb1e97e54cb729202d8827a0d4994c6d7f3f406ed273b00b6590006af069d69173b5ea8237b87705f362288ac3a50bbe7e70eb15df6ed820d66290f57a87e51b2c5777c9c95c2a76ecf2e296a7c295bfe029bbe681b32a6d9f16d11c7ca2750e2f8877af5ddb616d8a820de998b0b2af5b0c2c5641f498c99971932327ec2c73c0ef4058d9f33683f60553ad2962370afc6725743c86e591d7d7c20944479daca5e92d66a33ca0c862dc60dfeb5ec3c6e7de356f6e43f06b1431358285398f8885176d60cba218217dc7afe4ad876d0890648052a56812bc3f8a9e6c49f9d70b0a032924b891a9410bbe2f214c842bbf0511ef9017744a0dbdbd500a4189b471930e25216d2588cf8ba39aae7623966cc62d6c4ecc8b00b0613d912e60adf613c8f55b778efb93a513a776c64e8dc943e6272c0eab4004b4b05ce9bce9ce2f2b86fd8429e9a72cb16ec3ded285339edfcd122150f4e7310f669b1dd4cd7e76d282d10314e8abf61d53bf343f3ebf9968e1be8f3785581f675bfc28c893729cf67345d0f7c11d6e7d6da0bff255bf706c986704a3b9c6fa0602c6dc108a59cca70f624b08e4f5393e597459bea4aaaa463a3b08de147e10de6b75a0d87bb79ba9a71e7f5999c8972ba992228b60912aa2d7a32703ba8bc02f774430a2b590911d48d3866396f1d71f19ca90ebd5277743a984e2156cb57de88ebe91bcc09ccb5c687cbcd4e48e4ee110f4075a21f9a051700b0c2698fcd6a5a73372ca366a230a9abd153e4dcab7a33a8226f8458c5892098bc0a95619880156548f300c40bdef81e8c1d8bd03031c690b7c3c000ce99675adb4b94752ea22bc9e0278d0a53a2a19363a9388bb8d6c24a45b5dedd8f7482e9c29603ff182f25856fbeee2b41b88b352f99db5f33d8eab1a1a1fede60ea6cfb7478db7540d3a286e88117503c4d0a2c13d32afe3f1a31d1af9ee60eab8fe06248cfffc7bb438b77d94b5644805cc276f19268dd1ffefbab3c796923288638da1c15e014723a84f8c2dd9f55f7adc2adc13fa7cdc29baf48ca438c882da5f7caa792b7cd984bb11ec4b681b332edfd4ab4c132b08bfb688f81baa3fec5a079e2182c282a3ebe2ad5e4c59090bbb989e6a07d85d604f5ffde0587add29a5175ce65d29fb9fde3e8b49eda1d88ee8dd64fa1498d33ebaf4a847ee9fedd3376af46c1552a150014c11ddfc5047929e2415d3f9d81186a685a1caf2f004de777760f0567e880866320a7b42e61cc994719ddc81e28525e50195ffe4e0467d9a9182b75ef57dfee926d7744485a55e07d1bcd1c9b9b12a60460bff016e9834848665f132e2ff87805e00154c7d9853dbca43d005bb197eeda3d2d9249a621efc4177415bb103893c82eeb0aeea056b40e98b5fe65527432ff33ce3e09fe1288a6e2641011721279253800abc4b73f65b15b434bd34a573e77a94729a78c92f0e791570a416a0876db39a8fda8696fb12e7fa3bb11e7838054e4195164b9676dd03327810ccff9586217aa3d50e7d3ebdb1ae1bf6889df316047cbb278ce8c9741798452a38e48a7138e1fba286b497fdb8b1e7bf6145c5f29ecf6d5430f8e550314db3cf48f27897f312c6d9d6357a880b721e5148da7f789238ce411f952695f4a878756bde311bb4e62f10c2f9939b8530ef70d3fb431655aeca2ad36bb5df0582a07f53f1df8e0325e635d5a5e795c130106502a081f2fc52a9d97c5daaf174f13d2de1ea0f8860f08f4fd5b571e1ab1e84437f3c82bf19b96e46513c316bdcf994bc26fb8461f90594e08e6d4a032c1da38481a1ad7bfb7d5270255bff23ce035535cf478216e6d2e62e147ad93357d62636b1ae42c4e8433bb94ca91d0f8ec265f2793514543aa86b786d9760be5c77aad5a8449a7dbe92391eaafc305c1267a68e6acf0f044fc144d82c917992748b9232dec4e33ec97534f2bf60b56edbff675f0343c9c78e8a8d0529a78e2eed9f998b360360352009f01905c1a4815a36b111cad8e5b34688b99216171d4f57283cd669dc05995bb8d94ecbd3e7b662c4a603bd85251f2ba35fb6ca492c2b3e996fe66a1eb904ccd61b0900e7dedcf136f50e4c3ad5fc312a2de4b3e51f355d01763692c0722c700a544e681a316a1d261fad727e557398e500f15df33883abe9d1ba645936891f5a91ff6c8a7b9b6fe5062718542df4fc4ba50d7f513945482381adc42d5a9d444ca211232615306d7241fc49f08912bacbafbb056c018ad4d6021d99fd720ed6548a5a29daefdce868d71a1ba72d9f998a3f89fcfe526493582c4c8af5c1be065ea29f6155428dbc955b745df", + "sha3_256_hash_of_signature": "8893c34e5386409df4063d4993d854774a2b13ae640b07153162c0ff75a4ae14" + }, + { + "key_generation_seed": "7f8515aa82dbc9ec8cf1ded5ab58ec0d08cf686e25a8c01fb1109a3c68d19e48", + "sha3_256_hash_of_public_key": "3c0fce6ab846c71634d9a8ff9b2f9831d7859052dec81f59491ee8f3ad150309", + "sha3_256_hash_of_secret_key": "0745a77c89784e74f98e9a01c53b2f73f0ea896295c5f910393c270dbed886f1", + "message": "e4e3edcd70c4bbed033f402ceedc2c265dca10b2de0db00d454c3ae1a0d00c97e1dc8c6804b1777ed21ddf5145b9f9348a931c128a8fb03827f653c37cd95859868dde356ace682f627fb69fcd97757bbe8bd5a260a293d2acf0bfa2c0a3548fe25a2ba1a21f95123d592b40c20a927fdb615e69878e8d7c98d261dc01958a088599d3f9bb5e14002192fc7de417b1074b3f7b52cd2a699091fd9dc3c5929e51cc0259d2255caf0e444ec11257b759978bd4a7c8e2ce8473325b7498681102de6ffe9764334d862e379d9f2ebf9b312fa75d7a50e08b94bd43eef78722d423928fb8e26fda85a345eeed0326a5d694e4729154a9997b269407b7d03818025eeb2ba96580626dfdb3bfbfce100c508170d8150e4980d5d386761f4e8311339b47852acc2a0a01dad90d3978de6536547d4f203ceffaa652e4f2f28639bc3ff83c485c28edc0bbe21d17b8ecaf3794d64c36ffe7f07e8a906cab8e7fc9067ca4bf9b074c7fb01ef99a05d7c0f35d889a63afe5ff18023bf77f8a3da0c3cecea0e538a6dab5c54f3a0d83151595ad3ec4c45132ec2f22f652ea5dd930e692a7c0d7c23de84314caa7c017ad50d430fef42de557073ddba6caa4a787c92e6e28368943cad0974edaeb7addf991cce20bf51c5a898cf0a2104abb810bd4937d23e5d43490a3194b8a109b745e0a365efa59199b43835682e996794f16c5cb874c88d9697b189ac54a1ba1f459623c1563cba7689ebb32dc4fa0bf30e064d119d40c36301a653a4f959c97873003cff7e8e030a137bafe0a60ad08e4f692dc107e68ab40edd0c384875b8525aa0a5ec3aceafe557ec76db5283672f9751afe1166d53542d216186a3def4dfa94e57bffbebd6f4afec3c0f3f40f651a1251a9ab39c262d42313e9f22879645589ea54fe894ac005115a43dd806b2c8be6222dd9f02189d4221a9dde99ecb8c3ef4171776268c12adc37e4ca92eef09d2d1803db1fe917521662ba7ec0c07292c7e2130eca4eeffe53ee0ceaaaff6f4ccfd42186611afee79bc651b1adbad08458592d69fbeec708c7537925658babbe7e9867915c6a728eaf41b0af2effe55207c01652891c373f7a14409d05fe9e26c2e72d688047de9a0954516b85ed6a3230b6b0ea9c5f086720c26efbf8b7f5c5d14651d54c4ea181a707c562239cfc08b2e09a2941d04d587b90134d8f670f734578534138cd9cb7ec04437a768fe65fc5b3fbe818db423a2208e485669082b422ab1257c2529cbf7ba4cb30fa27b7f702418c2ef9c3bf7cde53661df716449c6337c54542eadc5209a0e030ad6577deeacc6be1813db24bec035cee6aee93749d524222535a0277600f8e4f4beb473093c5a00b6666cb319dff131ae4f004eeb1bf71e5d274e3dfbfa246dada9d6f548907091045fccf79b363e695ad54c2f791861ce04874ee8c3375612de820cede04e4472bc3dc19abbb91c42a1c3d7b467837570e7d20a2ca6405deccff1aec03e0558076e988619cb0cda9cc87a12367bd486b676a4f71d40b88ab4e7fa750350dadd1a8f12b70864792d3cc1804be8b7cb9dda532182c32582015c1788b43054b7010229f46bd39000440e7f5d22e4d52eed85b204b344680426aef51f0ce0551feb9672dbf391a9ad363ed090837cac1e721878e65af9ba92a0ee7c7979925fba9f4e452eb4fe3af03b9eff0526ff0a331ac0b8cd27a0c49e5019b7025c3c9870c900a7fb31ff834e04b87db77c4d6dae4c3fee741e923704ee5f294d8f881833e9137158d1ee0fbfcb4637acb814a2a5346607bbcd6bc916235f7875334f2b75a7ea7b8b8ddcdf46c0b8007c9b3a014ec6e634d4173cafb1dd09cb9ed4a123151f4f2631d4bee1520c10c15afeb17198009c2b254c1ff0becafbf69be8c7dbbfc7e8f3f1ef05ff6a7945ff79ed6c317609b9238670dea26d56d481f87ca171ccfd726cc0728c965d9bc38d376d707e6979908b19fdf7e74ecd2d0671ec338fd54ad6cc5f789e96018521882588f888d7d715104d65954dba8907c0b7ce3f2acb802ed49ddf1416c29e8d685c5ad879464819e1d53fdac741f71e31ac0c17b6c8932a4a00e7164cf8bbfec36ebbd30392145b292d355fb304a88a638f991f6f89a398b09f1de4f0b29866029bee75a12d724a52736f2b9f49937f0e51b0f2e1bd2c1bc9325bbd1061e0f7685aca02da735d8fc39646e0b2453bb9690ed1c4853a757ea9dc2f4eb4b5adbcfcbfb0cd2587f61a24b77ca0d6cfcff47a98c7098b986d4fbd0e46ef0d1f9df842f4473c43912ab49f4117c8214a42f3083936c7e8a38b294ba081296a393dcaaddcd0d340ac62511e47da6591836553eedb466da6285359ee831a952e6c7ae3b943636124e43224d527b7d394511cf31c50ec1d3e7a20e49850905d504f1aae477830e3bda50430ebd47fdbb0bf537d8d479cb799b0429c3f6591328299a09f45cf9c6d30d5c1c9203b9521d807875d7fb2c2cfaa688414497122161b1b4f159b66c0834e111da4f82d5252367fd2dbfdc079333fc51ab0d34ecebbe786f984852a596be620ec6cf84ed596425b90316a13b39e5ebfa19b319bf0fd1d6c812f29970fb1ffe948bc0d2e057b1dea15445d71b5f728c72dd0c69e277c58f031f90932994ac5a177926dcc1c570ac1b4b099ed66abf7dde5a5d77d08ef1ad7c6ffe018f56efb07c737f33038846247eeee147e4a5995bdc3352b73f15fce5140410aae3f0af1764e5ad996d01608c5e6c6c96a20274ea7781b41fc532b01b52134fee28f501efd9cf", + "sha3_256_hash_of_signature": "b8cbd8ebd33b7f7520ae6636811d4989b3d0cd19d698e8f485c353c6451f4488" + }, + { + "key_generation_seed": "5af3838060e0f83352a75a0ec4ace2ce8ba119bf89f34cb4d6b8e27007cae7fb", + "sha3_256_hash_of_public_key": "d7eb847bbc14cfd76f785e29ab67a3e24673be6828e239d0435c1a27a8be4ca9", + "sha3_256_hash_of_secret_key": "105f275c7925a7743db4ce7af771590e297a6e7cb07e04a133348bda9c779837", + "message": "84c603d1b5549c46964ff2987a1f533b4ced94e67d576a3b0bf1c8bd87a74ac7db640fc9f7ade44ff79b820846eb83367153f5ddddf9dfb7848a13d59436916efabb82dd61291447491d2ca04166fa8680e8e0e0dc98e79344534ca1cbddb531797a61c291606200107002091adfa927a763cf98cbbd631cfe890b0ed257afd34ac0c5280aa7c70bd0c945d78e6fda284cbb7b3ab636bdf17342f2ba28d707147f14d15173d9bc0b6d65fd1663c86971be1fa59da8325e1f3773bacc5b8d4158ef525fde6e96631c51ad142250252a8e5786cd621210df3e24cc0b4b60ac2f013d76db0c73df40efaa05a65383a8892276b3d69dd511937d55d914c3222a2386d1bec0a268e683716af4ab709d2d225b86229095e87fe70d69e6a34bb214529ca3f082c0f2709e77b86b00b4a04bccd343c862333b7c9163857b77e30551710ccc3a803323f5cd4eb5317cd2e6a24bfb77727e1c64d0ac47beea1cb35e5f2ff6024c06f2f391fee76f2e69537673fc0124e48e4e2242e84d8affee6803ce6edf3a954d2c54562b8b76a4edd91e24a8640afe67255605849053b60f558b43ddb9f8a04e987d15f6292962d10ad8f7b47188d12d1c9090c0fe8710dc3937c6939496884bde0bea979839837c61be4df5662c724610c7fcb4631a0a2083417be6a20f4eed094e2145bc72a83a6e147a655c481dcc906e63adc0244d95b6085fc096fbcce81eeb0497f48bb5ef827c0893e331795e3b301dc9f3a91dba9fbc838e044e2ad9859f1dc67e9bcc375442b4eb59714b5ebba87ac9a79c99ce74f8bc75740ddcce46c4b408b91dd7d4ad26b0fb1a4ab874f5504c40e7363838d22aec45c10d3cc2e233124a5cd8344249edf388e37ba43598f2c2cf56d444bcee04a335b154dfa3ca694db481cbaa59514098ce6e0e4138c0a543efafeda4aecc022c824259a06c3d57a70ea15a5dfc822449a27f58f9ef842dcbb636ce293684e1b331cd821594a12634e5594410b6c5e2306dc8bbe62c8b0f49f2f699a59efb14d3cad399f74ed893e1eb43fd770fd61e0c58e5d8cbc9435f4ad0892681a30df4885927130432186ad4be41f6fb7cfe660e23c5e55f60789b3e97c3b622599938b36bd1c0bcf6fdb7e4ee44c92b6a86ca2470bcdb8bab8df6079382ca314bf3a8b3c4286518c356018fd6f6fcdd9be9ad9c228f29135544e723a898f483e9d9ee843e75acb3feac447973d12461fee3d984f3b4f31645faea56852d356c96cd73a6f185e8cd56731e83fea145a2bf0c15adc634dd9e2ffc799b59a0712eb4d2618680c7493f50a9bbf3f7bde1025cd44afdaf4a8c42c9254b1b34aa8559e1cee9bde7b4da0fb3cb2289418110620e505b793b91f422fcf53adda8f7c96d55e26244e075d9a70004642712eac377ce18f88f2c8581694b8f621707dab6d292179b2a95aec5ad6e409d78253dcc05eccdb45683dfffb9c629afcfb0654725d650e4a283fd98e47f37aa9309e2933cc0393625dd81d4a02f9d5082644de02b6472d5d3aae110747e4f756973fdfce8ea5f997e30b11ebd50b45f6889d227d87d9184cbc6ed40e96def8b9236763c9999e21bfc1a74457ffe5e0dc2b16876fe04c2e0f0f47012a767a7ac18d71a7fd65f8647a7e1ae2d4d255492a18aa81d17d390e381b1722bc3c38bccea9d5e73231d0c6e1a96ccb47079e36c994e94af9a318d67b6408bb602a91d8e9ec6499deed0b51a9ae31d9774a1bef4c1de0e7a324545b2af9870cd733c2195c5ecde386d298c33d492937497ea5f0e05c377a4d755dea9d96c61fe82cf6299eb34b857217a2c6733fed64f5dac5f95a0ef2294eca844b96ceb5163363a31c58c88428152663ab0a2b310b1a9e9027ca8cc0db6dff528f9a421fa826a86acb4fd1d79c1ae6123c9e685ba66f5ff109fdff2497b1a50c2e4e7b4662fa11fbaa305a960ca70ff98e5290a8c3a27b4a3cf1705c6df4290fa64f3259fdede7a81cfde4214230dfb9efb20049e905833b5d48923c8ce2f8a104946fb3356154519d950998677c56c8b2c80471a6117b142e26c0345cdf0634e356d80c3be12f4ab89eb41dddcf98188ead2ff420eed3fd9287322f24c62b21f430d5f9b8592ce1cdc946616111c91c667006e47992fe2d5a2aad82f8dd1af3c1b8ba5326220645885cc94e8b2b76cbff7e161e994c0cb9e489b8a5662e9d420913af34433f5bab10ac72c5eeb9249f3c102e1762e862c13cc882d20be16834e54dcc323ea89a133f451b70087a8dcdc5b518eef087a571b570a7966f1c49bfcdc70ac05034d1dcc56edc2c0f57d1aaf16718c67d162ba330aa61a2875f90e2935752bff1ec28a79ead1ac18e70a833946ca6a15d8765e1a62aef46bed232eae89dbec278297b396cf611448c5fd4b36b95cdc54e3394c63b9b0969d6488ff1c700b390e7226f99a945306c6504958cd43cd3d63910a4324bb662a0e5db1622d90ce00e50ce7112193872aab5cee0b8d6fd42f26c2fb87fdf99062169c0be75c85109d4e209dc8a640fed3ec71ef3de8878b3d1729ff118f50f8a33361c6f707f6011454c5d744989ec1beb644fcf99cb2e7c3cd20e6f1656e07c3566c4de68593bcba0ee9f7bd2e272c3d47a3e03985456f18cafbebbc1de74964becabdf3e9bbb9a10b29bf3b458fd50f19d63a6231cb51cde3df46e4bb6318e81e10ad1674a053c8cfe1e72853fd60e6e642642cb825644d6734afb00329839f22ced734fa1421c4334e20f2ecc8bbc2652004203b3b639fbdcf5fda1423f08c3a1100655e4763b8d8356a151d702124d30fdd87b34ec4d34bbb3639464e44a693690e193329", + "sha3_256_hash_of_signature": "777568fcf147f0152c29a777d699ba286c7ba3d89aba5de5f4c282a55fb69ea0" + }, + { + "key_generation_seed": "b323d48b567f7effffd47a7c9abf0add5f11141737a8af62b56e042ee498ad6e", + "sha3_256_hash_of_public_key": "e2ab4de160d4b7abca0d0f5371cd5934f22b6235b31390b9985f6cef38dae9ff", + "sha3_256_hash_of_secret_key": "bc6550648c2e27106e0ece2469852849e3b93487d8ada3465bf9f0151259e950", + "message": "92d5feef68737ece61c6e0078d77fbae97b0b9235f40b97099c114b1586e107b5ed1308a8a2d20be41af129da2e0b38eaf02faef733c7a1d1a387bc55ef008530abc22697d0465aa3eb71f41ee72add236cea9a25995f3689c5a451e2f03915d96abea10d356d549d68048977587326523ccd71c05fd57bfb3c7a853f535beddeadfb84118f6548860f6ba536277ddd7ab42123e93381a385fa3e6cc023c1458a9f94822d93248f36c48fddc972b5d6494b26658440ffbc23b57363f3d82cce69fee4747a889e85343288d55d30fc54d2d0744744dba9977720e8edd2c0aca1fc51b0c6a3c68bb9bb8da0385db1ca4e9ce660cf7eb2382e5e95d2ae19def904a8651dfae53a4d0dc4d057ab1a506c3bd7e1d1ea3fc4623e7d7b410dcb312f037b7a5fde5e0e604fc33270faf1ffb6ecb3125ddfa5c49f25bbc98238c8ab1b903537cd67238995e81b814280a4ced61513d69a2178086d505f8dd1df7e11ce66ae33d4c982f94231957031a258e0ec745672a57a5ce76d1170111b8882a9eb5388094ebbd53ee9ea1fce4a275f9d7060c8da79018487b452817280c63b01b05efbf897387592e2bb3bb486fae0ab09f46d9f2e176de96c59992c10a14ec16eac36102b1d15541607075e67c842a888c87b268e9809148a323c423220dc31566b62f45cce1e2bc1b3bf43b87c998f00023890bce517271bec16efaa33f11611fde87f197852bc2e7a2b44f8c72a6f79b22f73be0611b81efe09253931545d2453939c46b6797cc5dc5a8f1aa3bd8456eeeb84ee76dbf2ebf32598750ed10670df422c7d7993acc55f657e6e1b3dfa1bd6c1cd55fae97e69d2f8f5af368f7da0a63b4065eb6d8f02b19a34600252fdffdf4ed8de2ea9cd2e74d63a6cef29bf02f92d346ecb9a61081ee5ac811f33aa5792f6a1af570a8b0846f3e6ef38452346dd637b19eca37bd1a6c42b20a5bede9a5de3c9f169d04d8c6cf5376d3404f0c21dead53da6c169f390eed7b5b54dbe47cce0b2ad1179ea8fc80fddc7281bd4fe31b9a26a00444af0b4d40a1b72be37501308906149dc6fc5cf02b6f60aff82b975fc8f146961ebccb4d126add524a9b33bb16f6a83c6f3727a72efa2bac116e493e07b2ca718a63fcac8e9d52a1b61479b4ee52a5ed30fabcea4d01a792a92676721286814f3b0f4e15e23ce0c5d59a0c3eb8573c0a2f66c25f2eb2fcff787324721004979be5eac505dfd39f5538e2c1b2cc12d20c1c5cd87299766361aeddbfff743693081842378744879e6e6371b3ffa9ddf34966fbf8dee91b7edf6eec3e4e2f410cb5351f847646c22ab594046ded63347d04a008fbf6ee9696c638ece73b39a269db239df36443868ad44d26a5c40fc92dffb008e436e5c18907f5b18b5e6c5900b41a9801db070d2db651187a4da7e2647ed3e9b6e9781627eb576bee8334374468760dd3b32985d42945d953d434bfd80d7f7ba537265ffcf27db0da1abdae89bbe94d98bc9ca197e41c0839728f964fe4ce30b8cc43cbdcdd9ccbe06fe99debc6f4024f3f00d43febcd62a1822a6d507337ee79d4517aa486870602d4f1c5368b0eaa1ff6c011a9a953aae58c75bbd3dc78d263a578c75cdb1ab324d71b9a065a9af3dab854189585c68d499ae8db887745e20ad9738705b9d2f5d429f12d6462e5e2ef9ffba53ce2f4e75449d2a7dbc3c818e61dc546175a6e0c10ae631df6b1eae6d134c08466ebf6eb5f8257aa10ef8c6f27f4295f7ebfd450629f3eb4e0f4be247ad7f5e80703b1247a4fc277311d69e5d62e0b0201a805cc4f1f807de99420d563a703493ad35a56b2b2dc237112f5ec21c70bf139a9ead8f7e921f086e001b4c449e42a0e3afcd5bc757040a2865d0e5adaf98e37e6f8a501ff39cef0bc364eecdffd03069b81f5e1978c397862fd56362835c059fcbe4d8e2a957fadd7d05bb195e21ad67b429621e1d6872de2d8bfdc91544f9e6ae8c164a23255ad0e00bcb21456f8fa6ae018f49605736c81a5ac0945e2d965f1493ed5befce512ae93ad91daf6f5a151d6c9856dfddd1f877945d932261ded67ac8231dc3ccd0b04dc1b02079c897601e363ffb9a3bcbbbdb0b0a375e69ee4a7135c094abdc237faa2e5f82d2556290adcf82adba8402c4fc9d0724f15bb87cd7a75a1a7bf826896d8ef63c7a2a3c371756af638706270652c376100ec42fa55196df332820d377760448d3e7adc42e9f5d8a7074bd0fa97433b0e2c501252de6939ab948552663a17dd7ff05430fa76e29f0519d650b86fbb19fbed097143fc242573e3e6fa4bd4a2ef6d9ce6932a066b4f9ff935ba9bc26fc2e5031c20ae30a52970a2df3504576108d5f26517f8577be61e6aa9d192ed62cf36aa641da0d274b1ed5ee864b549154eb4115658e6c60219cc5b2e22c49ce3ba76a85efb549117e1207f6df081d0761421262e352182239f1e34edbea4bcd8fa0027543824dd58a20324fd4cfe943aae5e361c367b22f587e2f9bee841e11875b026f12b9571512f72985f98f6d0c212df36a60975429173e317f6acf72e621f30654a6deaef9e9e455524bf07ffdf44642a1826f734d69f3eef4d52f26c06376c8f71dfb65a24a4c57d74b5976950af3a57b4248909524bec47d858c69041eed34e0ed3b111bbc117ab112bbf947d646ab3b7172f5fb726dbc53ae37956e29f5b6b1e3c90baf4e4fa544ff63815fdf4ac9a2a80ca0e8722383437b9a02f3ac538feda7a6d6c1635d3624a385d846e79e956dce483b89c346c1287a1a7293168d8a885feb6569ebdf3f47f8bbb50aa43941eb20001959af1b9b358aba13fd9bbc596ea42a9774a120af091d544e79c50686c26b4fea396bf1e4c25b8ee4929d75569a5fac521c77b", + "sha3_256_hash_of_signature": "d4bf60ed9516d4d4073ae7f2f780c582dedfb032dc2d21011ef42a2c19faa82e" + }, + { + "key_generation_seed": "c1cf3107ea9b283419e27dc563ecce950bea78c048a3f49fb42128819959e51c", + "sha3_256_hash_of_public_key": "ebcd37aa50b29e111da11b0cc2e6365a90b17e80b97a853adbae1ab868a98416", + "sha3_256_hash_of_secret_key": "47217394d8b7aecfc8d188d2d8af608a5c6260d95b7b86571a4e009bc16cbf8d", + "message": "7f704cef1c510bc2cae9b70fd248c656226bd5686d366528f0d0befc0a8761ec640cd2da7979de5eebdf6127f29abb8607f8a3d3be05be25aace7fef3063df28e22a522fff0b6ff6a0c61f79b02a408e8e1c775ab80be6841e9f8a9d030ae5518e3ea8a4e31e416e087d47919593598fd58122a9e601a57ef02de183d56921811ae2253628125c24f93c84361c5ec99e7b16962bd96ca190c68f3aa9dd60ce3aa7610589813b4fb77a4688308d9bc72cbe918583e298e03ab95fc500209c14abeb3a43baa92dcb11cb523c4d17eb9c6697b56c8b61eda05bf5789166f839291cfe2997b7dd462eda69b0615f2ad82aac0a32f4b30fe8725849c144a9c07799d6ce9d293c25d8302161757b8c8c8d07032d914ea7dac275919a1dfa0d3348ec07fdc70266975722763ef85ec4af9e14288c9659907526566bb3f2dd5dafc0d422568ca3ae52486d3f2c18b667e5622ba7e52c56bf00f82af2108cb4949a09179544f30758b7fb98c49ea160720991b14e2858d648f0585ad1bb1d08294f029bfe936154e9d328df2e054004fc5c29070df9ee50dcd0981d2bfb3aa7d6f637c4ce457c0c66d27e2670107a2b85d1f026bd970ef3fb7e32c60218d5e43a06d9cd26289a937b4fbad2a831425728f3d0d30c6c602af4b14411e9b3c7cf0b4d630614a9e03ac30ba2b024d496da984d08854f1366012c2400a5c8268c2b126dea5aeba0de7c92be0af08ca22e02604a753702bdcd642bbfa0cc91bd8375657a957306a76b6f139621481b6f15cb57bee128954d30f552661f906d8ab42cf260f30f88993bb40c9679385f5c4639888973361216df3c60c57d9b250f64b7634c94dda3fd122713fd2405a7b71f476c263a781dce271e7d0665e45dcb27f7293de57312396c58c40e268f57ed856f536c8feb4b0060488de3c25949d2b7e64207576641b34920d04b46766aa2978d9352c2769d49f8599f3d0439c928532e0ee428a3773fa4d68e6052335c6d93368e321d750d296799faf87b82c640a6e995d18dda002887f141db8ece2584da2fddf848d38357d585cd619b1625a70a5d333561d6de856ed9908d1e377ef7be03b326594808be58f7fb3939e939b73f11dab3e572dba41d43a046b8d2bb521728222d5a77dc886ac6f328d9a531118156d791d64f5df8ff8be8dca32eabc3cb259b0f72b021ceb4db36a6cd2fd149437b251f81f7588ae921456bef1a79fe83447d80caddbf20895667ca0e493a4731eec901e03f66de284400a5558922ad53d4e0ff7bc6c61640ade0274c63d94e96bf6c642b790823109f53c3c27130a1ee38d448239187f5009373be328af866a9b8dd1bb735e8002296043c6ff641a432709148c707b900ecf46555d77644565d5998c096756f79b6f0e20850b8bf0528e78bf5fb4859bd655227873d289cce47feda8414d09ed7e8d380fc4d580c7f44b01521e829e7b0cb2d2f345c517b65e2d476687ec9a4c160a3ac0b01cbaa588644d799b125910812790f06c1ecb1f1e64d5ccf92ae5e8147c98b0cfad5626bab5115844198e8c2ac1df9a208fcd2d2891f4a29009f5b36d8e31383811a9493cf8e143b5ac8a14d48119cc16d2c6bf6826fc47d4b782ffc76b64401b8249777e32c1298606553dacf386a22809b599924a635796a1aec3cd8568064852e54c95ad887d7afe837f6ff676f69ee6288879f6d96193ad94a0418bbba2eed5355876f2c3497448a5f8f3f83b136703d9a38fbb62784cc233df448a5e88eb5f81a0be97a16fd4caba1d87a4bfb08e002eba548f662d496a1478bb7c26c69ca4c100aa6872a4945d703ca812bdba53ac86010aa1d2c53f29e46ad095936ff50db8805df4b08c9580aeece3a6ddd828e7b5d4dabcaf112a6e35ab3c28a6ddc4d98ad1063c2ed72caa50086e6b72090cc1f2afebec6751f27ef51dd8557e53d928535d82a220f62ba0645e3c2618f3424ea1a339a138c9b8e26b14bc32d1736a4193c0c72cc402c3eab58817335c1424bd6f38cfe16338611118b4100e4038d07dca041c72e485c5290f0dde601565dae9cdf657a4c7839d3ade72986af396e767430125786e219bc5736f16fef66b4014e5961cfb4cfec4cb2a32205a92dbf1399e2710395ba1240d48277c120526cd9e2352f7d04d89cc2754379ce80a2cd1ac765718b8ba61ebb8bc6d0d407022e7ac672065fc8503bf5bc4138520cae233ea997463d7c9e00bbd852f12ec17c6f1db1914446aa21e156d210094b699b4117b31eae6386dc0de1f55ccec09aa1eb38cde4602598d452732c5ef8b07c477e3e2dd470737eaa7357e2e8b74c31a117b519bdcef79b6b044148a10468e38b5a6b7b10d74c6130a60a268ed73dc9a25ed68af354758fa3f57ed3558da654caca7150a8e4449d0ef640184a7a33d00ba765b01c442e88d9b4257b93904ace04375679bfd8271a03073e34c4a1c0437c4009a9590cb98d0b5581dc83407f04a22c9b0246de38e1a13f9b1191493818783950548be562f940240cdecd4a50c94e406b1bae04b50a3a19e7923183e3fd356238c45ae6559193e0e846df0fc6878be6c963aa8c3508dc31f766a4b29c78d749c89985ab8f580dbdf7993a2261cc4bbe489c3bbb38c46739bd2516d3c64a93f10cf559db6a0ea3bafee8b43f696a5288c66509a57c642bbeafb40f4cd0649b4ce25b6fb2ef5529b73556051213bb39cc4f1dc8004b1588c8de836699c66ced567998523ad3ac303d9e13617ce6c1d2fc4c35b22a24504c51f64155f24d91d0e8785b40912b3dcedede71a6933b36bb514fdd1d3d843aaacf2c1e79a5216622c20036c9c999dac3a5a2d43fac3b23119927806f497b4048f561a2276fda0302423147d35579dd4411416f0f59273429ac0464ac49b230e29dc124115d18a045663d228bfdac9f57b0c5b4", + "sha3_256_hash_of_signature": "7838ff4432967cc13b9f86ec7f9aef5eef3f3da31e4f91e062e42726738e68d4" + }, + { + "key_generation_seed": "a50fc40f0d9efa5d254943dc599f7dcc2f6d197a4d2666d5d69cfaccda560817", + "sha3_256_hash_of_public_key": "6361b6339754ea605ad3c8c1c6a5ef5b85163d665c0b395ea76809c07dc2d213", + "sha3_256_hash_of_secret_key": "abb7a130654c256c26c296af7fdf32b13af6d0732b635a5563a60139b1c0ad7a", + "message": "2e086fa0c4582e0c6ccb020f86a6107475985160bed201760d6489cb05b8d21452c81bd5d317f8857703daba24e968f3164c82a4a9751dd88742b72141734dc0b4a77cbe2ae1c287a396a2f5804519456cf1eae273a5c6361f52c35edce5ed7388d61d01ac040676522c9fd7b02a7deafdcb4169867efb69792210a7069287c5dc958d0953c36f84d9a26989dd3b726be8b94b41dcba1b5374123f55a6dbd6360698551c27d16baafbb0ecbe116b44f11425da45d7fe8aba91697d83b6896a06a7888c97a91406b81b3a5bc8b68a984750893114b4011b9c8beba6f5c2d7d9f2c7a27030555633a0f90e30753a04b1958141af7c1b95ba208da36f729673d20da0a83f913bec8049f8cd032d9f9dd94b2086c61643ab2cffddb2b9be0af996d642b7a0a31ce0eec8c61b343aba980fcdace9ced7be4c9048b356d41002eee0433428846ba4220efb7f493ff57b0c706282eee448cf7da9b17b32d0eb0016983175469aa5bba53489ec56ba3a92a70fda2390e3a5d8c038f496e7c3180c6971a39491eac10d828d44b3de2be64569b907005783e62710b9ad8eb8c9af4b04993d40d1ebf165efdec748fe9f6b334da6a30c568bcbad095998a47242ca16803fe1720fcab85233ad76ebde102a5d93ab98460494bc886bb04c05ae89e157967747f8c050b33cca52ed5e59050965523ec5c4eaf94cf2f2ee80c35aeedd14e65d937c92855d03fc76abaad57a21a42420819ebb9aeb65f031f9c4ba0ac2ea27289e941db89669a0620797091aea3ebfc2ac354e94d27894f444ff9e604c8bdf7d6c00df0e7fe9827171010445e737d0a5867636e3488eaacccfcbac1030c0dfab639ab45c5ac5435e2c5b8244e58c3a6bac81eea408020bfec66ef55fddc618083ed737f4dd3bb65474487caddf3aa2720a6931fc69533b6491dfc7e6e5fabf8103d05f870bfefddefa20822a68a710b517065bd2478ce080e5dea09effba3a136c1bc9d7d8088f736c363b30e2af2a6f2395ea8161cb64079340fa642c7763e3bf0623c968a16263cdfdf1b8334e427955e20c1ebce8c8cb136da8d002d8a9e5da3b1f56668c1c59e20dc3be026a43f40910d3a2b601d9d3ea2bf6d2c2781f976ba840fc986c8af0df84b8b0fb291d1310039d6914f8f7cc6b26cc33af94150253e8eb410344a64344a5a0c06e0f3aa23c68617c6f4659df79285782c89bea3091083a069ef8f048371cfa054de45e32c19a44db5d435bc8fef5570b68d80d5bf5dc06da13c36e3aea341ca9fe20047ac30683aa9d862306534ec93e79eff79fe22e3ba15e2ba3f59f7b8b9314dce31095d3015710c2927b54ba6f46d3981975229eed16c9b17813801c7d3cb3604de9b7a4f18c2f91b2b50c1f43e87198afbac718935db9cb96d9fe048d969635cb9f4dca659ab1612a698ce45336b8d9ff5468301bf05d04b3558d66e88de88427fe87e65d36d3c29fa3fb126f1f294e9bb391ee427001c34126c6622905514ce153682754d7fb1c985ae4da600aada1593a0a214332b310620b1b4e95bcbfd6eb8a241cbe848bab37462224994e0d2f3f4b521dca4a9a5ab10bee741c5919907afd2552d4aa300addf67cec2862420c8d1d8dfff60fdbe2d4a8d03c92e23bdb3400f5390ee4b141c5843b1e2c07c9afdbc70e3fc08e2840ebf3b0e5296e1ee44d12e68240fdf063c07bebf01c08586e8153068c1adc744a7b54f53b0fec3c752da9f6f989a1afea4adf1ad6ae926cabe4e0cb2cd864412daee377de559a38047f31e834a6ce56d4041ba709945f07e514f96d783f32b0efcc8b889faf2b6d217246ba7c07b687e028f23d2409bbc12d6ec0d94ad9697bab6395b7070b6feb2e907a119209c9b7d86af953ba7d2ea63982bcd794a5bac69407bb7cec5e027833b17420f146ae08f4b753bef6ca0922f3294cd2a670127f9d2a2ca78a30f62056a425cbb7074c9a55135bd06ce677abdf33b420f66cfdbe9461bfdf385a97439b3431cd29decd9b5e59ec3adaae879a4e8d5e28ca13e73fcdba51c828de271207a5deab373b1b6677a29acb87cbb01f10cd2c090ee66d472e8db61615a5ecb84a7ff0988dd0df9831bf43d732a12ec8cd50a86add12a5a2ea765744b05f73725ab8704eccb08bd74517f21054e58903481e7a724f7ff24c43d6cd23de84cd69c9e464e67003903c3858a6724247eb929716e170e2d2739aae10b88bc3fb8ffa849e385b4113e78c24de1673fc7e7285e6e3744f3843ac7be7ec16bf74215694ce467a2e859dd4facab86250fece28e0a6a31dd529d08566a6389b85c310c28a8dabbcca9cd6a631ef0473abfd6846d8326561cc9cb8181c1593d0f15efb8129af9e838af518477ce361640169d9731fc139881d452773f21a3e79e514ddaa513d7b9f3399c0c57d21eaa00d44a7f031b79cac9fc304e936e75a0cf8d204a6cc3c0fa7d037dd8acc3a33cf5718061fcd57ebd06a607fe0bb0204e687b2a17b1ff47da357b51a753076cb89422098d4f880f831842957e648c54adbfcc0e488a95581e709b5a5a129da7ec5b00ac9b18b80533f2dd1bd0f475a61db18fc0c4ea655f602b207b572234230c831b26cecb7bc3284797c4bed5a977c3bfbeafea3dbfc4257d4c2c5bb8689830ee157f3b5aa1eac09cfce0555880a074aeb86062a8ace19acdc1a25f8d0e454f50f119d12e707d103f3c1a502d4e358d563e53554395b5d386ad49363978afbca2f8b673a693acef70d1db4ceaa8fa580160924d4f18119be46c71e09fdee45efb14a74db1c688e99e24cb6025e73a3e7f0f7ea9c485274d2b6cf9784cbe39e388f9ccf1e2e8dbfa6db43355391a369def645f815424253abd0b6de9c0a0af156d9a4eb7474a2e5937f008134debc9fc7e54812967fcf5bce28fb5cd43f1aa240ba2e9cedd6f350d556db1658868091e6034d7e1ee5c6645d0a345d46c42e23c6821c360f5acd13f589", + "sha3_256_hash_of_signature": "9ef4b525720ea8c28fce0f1101c7257b92645cb77137f87afa8798a9f787f3c8" + }, + { + "key_generation_seed": "4c0f0ef1ca8073a562d5414584edf268913d53d5fb39fa639e02e900891ea82c", + "sha3_256_hash_of_public_key": "2d3d5cd255ffc98e2419c3abbaa5675fd7537344475ea559a3f33f921de6fcbf", + "sha3_256_hash_of_secret_key": "c92aa7184d70bfddea0b280b430468eb8a20db1d67b7a715463cee4c7e44134f", + "message": "5180b7de9a84f651da10d334009b3d65582f3912d329fbad4ae39a9eec78943338c29db4f49ef41e3c50dabbb530e99113440383f20d5a3a8ae279a6201a0c84b003f6717c709c21ae893b6e412d87f8e0cee5a89e60a14ce975a4d42e4f43f4710fc9fa29e9b2afa93441ef5570123aa88aff009e2507a3e60a79cda25652e3ac3ac0c10a816bc04739b6fc758ff9ac467879bb67f270e4eab43f10a633e5932b8d6dcf23814de8643407b17b5e2a91b340f7bf6882db694de4dee4c480ce037b9f9a220acdce84b03746f307a6026531d712c0630e7de3add3a8516ba602d2463e3478008b3252b658fea54de41265b5c81e4e913ea0e2a63309497abf961ec40ac374adc0ff3c6fae9bfac5cc2df475885b0bc636702828489183cde1a2934f2d63828ad1f2b8cfaffa53151b0ffae6224df54c2ac47cc8844b76222c2a3b6e132071150049b6e46aa75dea28c13477980315fb64ce500bf0c6f633ae621d65b331ba96cfac162dd7897b8505257e228cb621bba9176a7afb3a2cc20d7804ddb3aae4b87ffafd3c8dc541d05624db02bd62491067ec1cdf73147014febcfa5b561756d5e7a13b88d1e7b2c0375e1d0de71ed20ca9cc4e6dacdc579f1ab024aae2a0bec9004e5dd81c046f00a2a4cb767c4eb240d205278cb863d1a61def16635c6a84c2406288410fa4b73b21077d8f7a4075a1ddca3d0d334725151e434bda80d3e73593338b07958d27337e32cde0010dfe5e58b99eb27a97dbd1c5e6f9a552a02726aad5a4aa63edc336d83e5870dbd514193367af2274804628b4eedfda3b2a155694e89f5a6798c5d6e036159c1f00d8dfb03d41940e775974b11c3fe4456e07b127ccb44e6fd6b2918f57a6523d7f77f32478d9f1bb539846793d4284e2907830e5ea76054802a266c85b122a389eaf4700629036716e2869c0fc9440856d562711e903a1853bc68582a95344b612e5cbc7c5b2aee23cce4161a75829b2048742fbd65abfe2397cc7d66023de34df4f2df8540cce9781ed6482d29ca4e906716c8cc9596b158eb51bab8c2e00253d6589a99b3d20fb494834b42bbffb80e7b0441e356b541f83877736985f6330ea459c007ce8bf18d84e78e36482d581dc7df97528ce15f68e604b4de62422b3aa76f3e7e5b33a49cba9d89fcf50deb65ee45173795393a50fd4c60cf6becba7e733513537d13f89fcf1c4d6437de0eae608fb11d68b9adc0c3a19a3565f6d62ba81a326ec334b239b212b87320c03a75c58dc8f828c4195ed9d7acddce493123e235d098e9dc60f5d3a625e1ff66f245e9977f9630a40d26e3afb6676f5122a88ce5507bd825757d9ccd53fe574fd0e6e728da355403ad664ffdeaaf636256fadc3283d6f15b297f79216833cf2c745c4c5e17d03260a69178f2216168bf8f00c9889e1e35540254f150c587a884cdfc9e5f7d379be474356c06943e416eb0697a1ae989ab4872d0bdf436d9ffaafec1631c9939fcecb84db2846f12ca395f506687b4a5638085bc6ef58fe8e2abe9f8d51f272ee855e2db84a89d348dd66950b8f43939db897c519fa302594fd1fbd6b6e94ca8ff63a7949432dc2d35c60803a570b1dac95ee0a60c62fd18b3319601ad29a156400d392dc9a14ff50af6752c1f6edc2acb7ecca71097b6e82227de429f1a29c5e38abea1c74de06e6788cb1790ae9f0e8ab35afe60b001f45971d42949263aa62519b0d630281a4c5788d5591b1ef5a003c58987e8665701e5b1c6063f93533094e96820f918c354903775ceb6675c4ce9cf940c4beb8845b4f5e1f642bf505821e5a23122e2d1adb82a63ad18cd1e4775a96ca9ef9493d75ff784a2d4a99f54dc3f87828bdff4b3a3d98fa5a29b62a85caaffbace4592a81bfaa5b8bae6606ad25a92a43140690a6003aa2d617fc707a53ec9d868e33596e098773942d798263f58fe5a1b23046cfa136ea35203b90bea2c5f0aaeb5ea8c24b8b8cba14cdee28f45d0278f193228484bcc7e08a75d0064d605d674aca9019a0a9aaecd6ac672cb8410fee4192e6dca7855fbb1c584cf288bacb40707d7e6f8ba2956f6d099f52bc7b0ad72b5a3ffc03c7b47086330244ea5d393c6b9f256fd82d5cb9436a469acc3f8fc237146895be148749f82d39b7ba4ce47715bb393a96ab471665529ab9e9958b12396c1ba7529dbf289184ff0f635c2ba9df301036c869d52d993463222b70ba778e81c8dc668de41c0356eef5c39f1bd42398bff30f959e115c6b386e73f0fe28a2665bd463c781da1c46d6d4ea284b152c8c12426dc9cc467809bfda6fbfbc0bb4793babbf6ad564d57ae9f5e2b7f651d6ed980f8b1174a126cc58b23c32ba73f5031b3fcabfe7bc360aae412d799cc14d8b252d9f9ec9005b7fca04a88cc8ae9f7aefca94137003d5764faa3c7c45670585c84f74c4ebd1f5ad1f97ea093595592fb90e3cab01f98f06e114f13de67cdc36f3ffb01c3d51ea643c25a3f6aa2c57690e42b98583d925ac7b06a349782a1d33c06bd05a82a7aa3dd679326d948d74a1861926b45db78d36070d3087aa9c5f4f42ca57ee9ce7035bd88a85ce1107c8e07e5ba3a62ecf012bc75fbf97c4c72331b55ab9a6effd78869f1cd3f330526f262f7dfcfa2b084b61e90772d5fce8f038c0f72554467192cc8a27f1f53c8714da1864815974b00991f466648478c5f9bf036dc4083d72e8d144ab10fd32408da7677729347febc79e48e7b87388d9b59aefc84b5b3b589fd91863811a6436ed76b43e657f7ee03eb796285a4d93be9aaad1e1a1e81687e42ec83f3dd059b78bb7f8ec70e6c831db5e90c6b3aa511f36507dbc8e7a77df0f5b9ef03bfefe9471de7c7fbe67b9922260d3703d95a5bfcbcb62d830e20c23c6cfddc210e47cb575957d8c3514a2ed4561c738928f210057896eaeb1499d4ddc70f44e30661e780aaf5c0a20c8553f40d7d3ff6d120511c1073510d04f2de544121ab851e98f666906367c21302eefb1aaa723f6a531c454eea0be7d50", + "sha3_256_hash_of_signature": "4fc7bc7d8b9e4e36afe2d5f23c7893293e80df80979ea3756b0049fe483dfae1" + }, + { + "key_generation_seed": "5ba8ad9b66c93cde7e7e616a97fed8aa91bc7235fb4db086cb4021877780c6b4", + "sha3_256_hash_of_public_key": "3d488adf428d82ab566635bc34cea53d23f412af83e3ea7f3cafb702daaf0b85", + "sha3_256_hash_of_secret_key": "62b5b5cac13295b919ae93d25017a68dc49ffbe77fff822732e46debc24643c9", + "message": "99b5b6fecdb52897a1958c5c3d1fc2f20b7d045f551856ea3cb441bad9089c64cb9489db6b63e0655afc4c2fa73c7417ff1b80b9c7a1d659687d2c415b3a909ca30e96849d4bcec6a9a6a4311204936ba972086b2394d86e840770d01550caa6ad85adc0ec851d2b3808e4a0e9830b99a70f6204ed4dbcb6759f6228126039607ad7ed8eafeea28d1c3e25a46bc18af7e01f55fad8244f15de36f890416aa09548554338972c5f88fd9357792819e51a63d0b872b0a4d21ea3597405b52793d50c6cd70b52841d53484bcd3ead004cef0a6bc16ce74cb8ad0848000d8c5158dc16625112d1d85d17a3c1c8bbdaea42c3a43e9930724655592116c4c6d0b8b223337ee4e754541a09d898f7fed71c3785b7f8721653986c525bc00f15590616437d11f9722824dfde7e9615f1fb8488e5327e4d8baf5f79d1ff5e808d154951ad87638910607b03faac3a61fe9916ba65ffd16986deb4169bd24a72b1c8168fe569f3c81f93f3ebdd21d4e806f79fb28550912e9afffb52e97860c4dc0d042c56e1bb71c28b68e416874ec7043306a29bd1f4b9a3e612a6778315e2c2b850d6eab9ff1905030fada250caf308735393c191134f3c493d00b5695775d82adb9f2abdad17fc41fbd7a1defe337c2f8adf69154cc0862fbd43035295b1a9c80b88fa8cf75b36ca08868f881966b41fb3e239eb1db9cb51606a0a9ebcd552b2f4e819e2c30abdeccdde88d2d2f82f3585b5143943c929591d20cef559cd2baf2dc7fe03c9e4e084e8890fce64a4aa9f13d5eb945ad7e3cc53e01fcdc192b97adc1f98d9e773a0177e8d97405808ebf48bf17b689bfc15f4c515e38a855a9266230c9085adc9a6ddaed93d80c3f38bc516695d202b4e89da5b4ebc43788c848f8c4a72f79f37f857edc105f13e4ececfd09302711bc1993f5308b8f32ab96fb8ec3f5ea0531dafd0ab3451f81f47e62c593c8d3e3beee79db06909576bf876145856f5f716caa436c98eab28c5b85bc2e4d7e1653ecbb8bb6b5bd6981dc72d7f63ba06cac8197eccdc72c1481db44724a3c21f7fc60661f11fdde8122da5d0b1d72a29952618b373423a892875e6ad24d0916109ed8e9a9a8d9a68acec4bb5eeb0d00eaea72d8d5a76c2a42f18cbdb3d336b71c70ac73d39d7eb04533453779a1f210bb4fc056b4728afdfcf46675c6ac76f750626d642e3ab117e5d6740154759a46c27d51306587650e1039054b876849882e7dfd807bd03e69021e337dd69d9b097722c6d2aeb517d773d2f7d84d69dabe1a1d6422ea1766c0fe7b8dd4d7283f2985d96d91a132b8ba03ad85f7d56095773222d0afdc5a192d29f3bb0c2539a1c99db4e711b6ace3febd58e45e99c9f5a04cecbb309d50397f28c48bb9cc9f9cf75a52253b634ec47216a1fd6358af26501821864569879be1736b0ad242ab5b8ed16a7ea0989ed4cae3567afe1f8209a028db46db0270b3bc06668a9bf5e1bc1061babba00ec4ec37280379139d19bc6072cc6b7d260a816cb82f9bc90897be3025475af12191690f9f400a914789a860155efd2d606a15895378c827f2a4ff700303962fd96db2dcd2d213eebb2460f0b753bc6902da81d44c983dd027f1171d40a2039997241e09ae5b6165b4d55a8e4c79671a8b8bdefef2c21f81c541a5719deb939f866b61be250af371cea7b7525094c904698d412737f7781bd779365f122ee627d9cd4a68da9d5be1b0431998aacf824cdd864c7365c01cd5a5f480b6ac1e5fead8ffe40d87c1f9fce81867157242285c5e76cf9667919c29a67ca0c0a61d7819d9ee6b792250a358f5691ccd80578f15288f3d5d6d7dd6dfa351fcf8df0223f7d1da1b76711fbe0e7fabd30377660ace7b23acf03abc1d973248cdd0897773fb74e20481ebd3e52657c9296b980905ad29271ec128513284f1b78f38634bf84cb80791a0c5649177791cdab87769d57b626f78a03435c758a207f52bd2a1f31e34b6a122b8701cd9fe478c57cf3535b6d51eb46caf794bd69363d5a56adde6945e9788f1e1dfd045bfbd0a68834b13d6b9ec4ea9c860eea0e9ac19c2de14ffbd6b57e5992b08943ea0283813f3f15e4f928b8d0f13de6863990f5c77f130c97d8be12571edcec7deec4b6ef4835f136da45da70a11f9192478fd8b4846c507410fd11668365b05252e68cb2c972acf50156e369b83bb85e62e4bd4d84c2e9ff41a5844d5d88aaae7ded852daa0ae5c14a5dce64c7e236e9b7b60f5b5ad4d953a2d842a52929491be3555ab8df534cad56dbbb86b28a8a86b7bd9ad1c58c87b8a089324e00fde32f8186b2b74523a22904c18ade02c3e965f94624f8df57e750ea6335e3eba705294b76cd6ada33d90fec1f48de7ba9dc7d8d60a53d2563964188874810c45736c57efbc3a3ceee7238aee5281882a554f2143bdf89ed4bd819c08239c187c12a8b6e763434b92c26fdd658b350f51775c60cbab7a2cb120db8ce8ae9aaf6af559f8cade84c4820209cbd27cc09230b22f013a0e4cf8041e4a789a5d20be9914a624ab957318848addb39c9748c8922c54327048a2e46523bfb22487538363459035ba49858f85a469957df1f4831bb7ffa0564c53233b99b596f5356089949306dedd6b904433d25c4854a80590b964df6b0703b4f9628d6b9a4d3f0a4096e9a0b46d6b32f66d563baf688add18de001da62e33c503a4387ce0920ba5d1e8b69c38e3745b19f8d8b6ca5e1ac6de90edb25fc32df04f0849d769fbed3f8169ea1d2252619a2304e055370b4443cd23e56d4934f9f3fc92f1c1eec626657e6a89c1394e56061af8ece3e2a17fbaaa4d579a99a7998632a6ae2683ddffffd27a27c8815511855f09adff7bc627a7a5c95fe57fa3ef81f494fa7ea6e6ca2d14775a25beaf1b5a3e35ecd4a306545d597e4e44301c3d1648f0a7d841f2f76fe59c6eafa3f5b58907fc4e642ecd28d16a71ee3d295f1de12de1485b9cebeb2cc6c9ac051d3d42b6a1a068533a7680a98d015b09c5b819ffc61688d441c1b7fd71180c4423e64ee940917c7dfaa19f3f51cb5b38d1b2b7c81d10e7c", + "sha3_256_hash_of_signature": "7fcecae01d49463c640450dc5344c3a0e68ed9591c8ab2bdbd2260f20e611e33" + }, + { + "key_generation_seed": "25d957b9bf68326d2efec93da464f43e3df16dd6571ceb1ab68bd58e87734a51", + "sha3_256_hash_of_public_key": "0b9358271e6cfd0d9c5aa87a2b48ead1f3cef57171786b445788372b227d2377", + "sha3_256_hash_of_secret_key": "8d6351b50ff5f569da0a7247c1e55ca1235e11af0d601da1d068750e4c5ed3d3", + "message": "e3b57b208352a820f622a694b7c3f6f297239ef0a069615dc664c02f1822bba48e11e37bd9749c98facefffb0fe1792a386be10ca7b98cc874c68c36f5096d3718dc93e0734d6d6f913e3b958dc1fd1424818c9437b0fd59728ed46a79fb52c737a1d1d26f04ebac279a7ff6a971e2b69576b712d9224ea18fb9bf4e613a8935f3b36a073b01f37bdc0b77981c8f2804e93c395419352b85c8a32dd77d41da9bf3ecb914173e80dd1fc06e8ff5bf0e4f7424849a15eb7faf7de77456ebb64d10dc10fec6254070c7df387397137372ea3a53dfda7da13414af2df16c1e38c5c70a5f5f44f725d622049256bb15dc04a8d846a1a0dae7e765a7f00c498f1d0b2893b8405be4a43fb7e97881069a49134a2a847184b82eb5a690d87baf2f579619ee19a3d7a7c7eea72d6e3fccf0a8092bb8d3c6b551f27e63e762a30b4a4df2dbc4d119139ae1b135d06ff827846901577700935e0011b65461c2ef9a7b71eea33c8ca4519c7bcfb557c5e1d42d9243f2dc34057f5e0ccb9a457fc34dcb10d9b47f6ec3b9550d3ae4fd593dfa3e28c6cca1ff1ebc9d98da8db869f8c80bdbf8ad4684acb6a779ca9d0a106f26da17043773862681c5dd2deb1bca2ca48d4fbb4bb7c1f765dca3a1d991d890b9a8751ceaff543997fae5b128ab2ef22b3be94499dfd9d8e78fb4c82ca8d296b0415e84ca8b5f2024455b5decc8b4ccdc7bc4ee06b4f0c66e6748fbd07e3a3bc5b4b6889c40dc4a97ae3eb43c3914def976efe3bfd84a093bd69102d7b37c89b458a55b98a1974a13a7685d26e9d816c79585bcfc1042c2af88534a9fe8b0a6c8c44355a6d606f902db40d5490264bf0f352c27355633cb095268d5b8bec985a62d84b2323fe814053f05dedc22029d2998bd0bcb255c162c4bc03f60e3580ac3ae86c37850110e9a1bcbd75f64a0dd60b941e2f57da9d72498b3ea8324eea53da3895585ed2942b9140f260895dc6a1131a4c3ad2b64028bb8c0fd67e1be4c07f808b47daef306fd9578025f9c639660075837b2c95473f7f860d6ea2c53f4ba677a2345cf212c7757bb94f1a4f76d4e96625f6fe051b8246d1b7611bf6fe325ffff8514d2f9a3453f0e77ae8b958ab5b567e541f156c6f4d315b4c3c547d59bbd0d7403e2e6a49b9e7d3fdba338ada41875ceb03830a846a1fb266c0f1228aad2b76a2e3404278dbe482907206fa66487ad2c999867f870c8cb7a70b83437e14b9e893bf6b391dad75e84588e882246d161799adea63adf1ad706c0a3b76bae595d84b21ae9da30bbc0856987f2c2c543d977747b8cbd5a613b92804ecc5284ed23650e9dafb4b76d63f069710897334f18ea6b0cbf99cd590a78e3b050e1bb24c86d6323a17106f0cae3f30b01e4eb3db1b5f3a4771a880c8ac06bcd5a82d4103d0452fd7b54834c1cf8595dd77f82d4ad9ebc1cfd0c9a8cc787e10aa4d1688474208b69ff7ad4da6986e5f62a34ac3093e0fb1efe8ae3a96f6aae09b0e8f6e7a2b65c7387999cecca43cc33f026dc19bbfd867c48127cff579d1d71aff0c4a0e20f9fdfd599a6169df1b85f6051e02290df6f5ede4f29bb6f0c8f806d6850c6534ecddccd75bb8e4a097c70445585740f822e5cebb0e19eac82bb78ebde2ca60a810ac6c54119fd6427da8a0155ef48653515a919b299a306fd3c62b505a6911db2b56ca2f296e487ba02c546eca2783ade8e46a8c78eb1f3d7c04bb24548f92383e475ce6e572d8de1bfa9b3e35d9bd6c79547b592c95693750010a3d22cbb31aa5a4abe94897831b1ed9287631f006a735c36bc84a8c87497eea4873801a733f35b328c7d2ccbe4a41c193d22f972571ba7630b33080793498cc85e6eea1c412914459da175a6db8658d0bd7a823fab286edc20c785c40bfd539924a24af4e3d37bd781353677c76d4672098f5bdd17017012571d9afda05a40ab56998e40f5e359c43dfe32ca10a45bf08f67d128c24b1acc03cbac46ba6ca5a532c105e91e0c77ed59fb534aeecd68735a4978177bb5a656b9f83b202bb604d61a24574c16656e512c0a4cc6f597b3268573e10539d1ba775ed83bb680bb9115011c6ad43fbb66fb37c467249060a1586df27b2cefa65265ccb9051e468000ccae24f08ba941a8180a64bb624f146c8ec562363b32c369f62997c4b1375dd7de64725a598529244273caf8398913c6fc01522683cf1f9f965c491abe7a554f0019514ed98d75eb8bb8565f77c195f629f98163494b4aa2674f92a41dcb67edd1d818a5b98993d0b1198bb6bedabbb486bc6fde039433e842bac568a5b4eacc028cc2544b57d8883848dddee2e967ea85a6102bd0abdda41c3d78447bee1d4949449abaa9b3377e8cedcf04a500fd1a6916e26983e64b5e96fef87b32a060444d374409262453cb1376c349a8b5d1767b1e2991a1a6044e0f58831bd11f12159675d215d7eaa74807c995fe22017e30482db8a4b09ca7800822c75c92ff649fc0728f5a1d44efe7d0ff147274152d5f2f60342c8f5f951d8c95f83c1d54613a182d9dca68f54fd55047f1f90cfecc04d733dfa82cff2618f29a4db4f7e1e59dead58ca65d07cc90c25f804a895d6a82f9375451cc55506d276fbf783f7d4d53b9bfb83dbe4a8771afe21ac543983d68034badc980f9434527f9edaa2e228646fdf75b44899e749cf4c9e5b345222385a4424382603ad6efc24c56e769028f4394f2f6220a9b390d395e412498e57a08bad927b8bd5d76e18e8feb457fcbd3248d218236b07783e57fbfa03c292a9f5719e6aef2eea3fab2caeed5442e89bffb236cb13db2cf9c35a38c338c377c475daf45f8ea822f9aaac13425fbd43d3dd9229367f0b3687d7e82ac5ec2fc7cdb69c99a4eb1b8e45465c6a53f16ac0c4e0c970b8c732af515c09eaf25596f64a04ae4621037b8841fd2b1bbcb310ea23e122b0b9ab96d8f7702952d0e96e4cf79c2a30df0091acda91479ee2979b0054997c48f6a0e909bc52a943459af25553969eb31ce7685369a7fb014561b4697b8bce220983136e5eb2303cca4eadd4c6cc74ea2fe69d448ae6ed953a80363dded5591b27a1ea956df081ce99aa59dfc789d9d8fae952b0737099d467d", + "sha3_256_hash_of_signature": "914991cb8d85fe2420d2105d6bc85676ec1c8851bbdb38f7f7d49108aed00e39" + }, + { + "key_generation_seed": "24f0cd3b05d964f82d3702bf0a613139808d49283286294be57e13a983c3c961", + "sha3_256_hash_of_public_key": "cf7e2d595747c961466e5df269412c8185b14643b29125f97f32b4fe44a11d62", + "sha3_256_hash_of_secret_key": "dc8bf54de5623170026d566f5780534292c57a68f411dccee783a9e28fc529aa", + "message": "89d960d04a3df6984276a3d17d59af9e72b25418c8797170fa701a672c5835ceaa22dc35470d038c6acc5082d2ae329f36697c91cbb1f9e42da59a654462bf19e04352192778cb050db6f4a656f6ab0bd9641ca8ce6c1ef8b020a3d9fd9dff772f38926458bda6e6072456e506ae464785399ad7b498afd4c211f09d0c722fbd9e20890cddc8c6eb9ee75390e6d76d0672fa64d8b97c65cca46dd1f542b6d6014f035d2817c4b9430ac8dc318cf8642ab34f4c8d71fc0e3b1fc961e94b6a84622876250fdc21987777360784d9a58f35e1c9b71f30561ed6854ee9b112e7b20ce064272213bd1a46d0d19e5efafaac7addf4d7b7a519d689398eaf1e67e64ace8e5e89756377e1fe458d04e3df7f6680f8b69815680276acdbee6c8e1aa909ec56994f3ef3b65fbefdbc29aeb0ea906274e838cac36a0607716fbc2b8da6150a4ef39e1cd9cca72915007723c5d2442f7133258234d18a257da2c13e53b47dc6abc2d607b98e351fcecee8ba8886821985bb3a7bd02429ecdc5a27eb04d01dadce88a324ae44f567593fbf730c284414056fa33ce90a6d6f146dbb1635bd26b4f883d4948da47216c70d2aa58ceb3979523c6a4f2f7ea455a97c7adb6c43685d63bd4c51d7ddcb81a06b9bac31a7b255b94052d686128d234bcb63ce713028451b18b981b83da1246281fc3bd2b06c741cf71979daefdfa0fd06fba3722ff7bcb2821fba964fbe9f6467fe583c06d3889a40360a7aa03358175ee75eb8fd1d3368c30b5691776c163764db924fba2362cc9572f642cdd2b11b40fa2683a529ec2100dededeaa70a1e639a71d6a96ad31f70a00fb63875d0fd5c21e56ae57b6e74eecd2ef34bb3e20be5a1f9f1f54955a18b4e4e4b9119973deb76a2a603fb6410a350667ece5c1c147dd00b07a88a7d0e86aa2d747a867ad90ba6660c7a0432e20849ef642a20cf5a20af7e34d139b39dd65c65b36750f17f0b9f1db06cc6e16f10eb289f567b647454a581604f381d66371238ab785585a4da2d00810ef6851a6009025fcadfb77ff7996ba6b091fe4130733466b29fed46554febc2ad291dd966bef4d79a9e04014d3003c95696e8bc39892ad32db6d6ad22d33e931bc87f78114bbbd97b334bcea676f9e9db23c0485ec06d8f37f070c143117b1bea49f06e1a2423d98c12883d32d29103f7699646e7091d393b21a260703e17380a1bd85452702c3af7df73ae7856a1c066013014de62c3c817dd74c44aa436a71490e7bdc6b8b74bf61711fdcc541ad7dc49cf4c3ec154879e048ff30df25065b5641367cbd3bba19606a9a27a64055d5d3b538fc88eda66ff9f26e619dcba696866de54a8dc8580b5b28144f952ffc6dc543e98cc9fd7f4538135c0f4deb4bf892266dcc48a4d1ddcf407be4fdf2a5afe4a0105a20ce2b3d9f48d608de2315240875f1fed696c49cd8d4a78ad26f51b3c804949c536ce35c3963dc1d238516b3f2d297f5c9939a946a0170e185c75087f37acf907f9e3f87a2b15cf81c7ecbf2165f0f3962d11e9c6a7845ecef432ce9e1fbe74c77ea1057d79cb595d47a8ddc1d911c6b97af76d91f3515081b95ced16275decdedced9ac790d73739e35973834503133510dbe39201f9b5c618231184b9dbafaa7ed6623e8bc492170812444db62d4f01925dc4f821c0896a746b4453e93ee51844b311b0a0a51601477bff651eb5ee331227a2e9e49f593eb2988e449e750e990a8a89906efab00e0955c81b6aeb160313007b481c40908130597626935389e47afcb0a20146f0c7b29b567e95d59ced7fa8023a2d69c89443a11e7150a03d09ee6b0f74358141d48e9bcaa3ee081c7d8f8c223f4d48efb3df8a4e287fc5b90b4fd251cb616687ed09ab1a06c42eb9d6a578d72e99d499882d216ddb3f35b0a33d9f2d3d4a700161a5c3b5a6729f197479e78009794aa1be3c25e0b9142613ad2ea508acaef5eee33dacf60cb7a16ab38d9f3cafd2150081b63a3a6ca0163a25fe81206a37a0874fd55fa3068b4c1b25e6325fa56646ee5f3431d33d0bc691c134ab306b0bd2d1087f4d898a529dae08b97683fe2eb8abc9095d67b79cff0e77404c1f7ff316c3cecbab77c710fbf961008047af22805d77eff79f815b21d142f517da2199f6627ad9fd85aa24e9b7f40c7796207a82901c7b5a3a42369a9bcebc24ece13a3ed064e4e748bee2890bb21b8e4845362be9aee46e25418f7ca38ed087e46e24f12012a1312bc623aaba6ed227cef116a3c2130b4b837ac77d86f8ca3553ba0cf5ad45e9b4e4e55059f1d4675291581d7cc9e5839212afcfa897e90cb601cb33a4d2241a5ed5925f6416be5a43d4767fa04f701076ad5ed5ece2d09b8daf11b00fedd2aa2e748cbcbe365031394ef823951ebc52b3e4c79d79234c16575910c29a35eb67c624f7504eeca3921f461d7f95eee39638c402481df7b59310c4554450789dfb28ed1e485c0018512eb05f14dc7a3db5c0606f9e28420d76b8f8534d2ae31aa01e90a20e248a7fb3b72ea859031c67f7b2b043d38f7183165a42ab28c6308608c530a9ca98f82c133bbc313fddd2109838e970dc9989ec14df781a518f6cb56dbedfc1e381250c64f95d0be5f37515437673425374d44811f4406ee2b5130334ba555839e61ae623d283c77247d2ef8b22ed138a526f7e41dfd41fc69a2839b77b51c6fd96d97d3ef8359e8725ba1afa80278fb3ba9c697f7e2bbcc5d3f0f2e61bfcf542d3160ede02cd6295fcc55865e7890342572499347df80ec073a91e00193baf804b884e9cf5c43269824d4caf7eef49fabd8bdc5496d190263c96dbcd287681c19b90c34635ffbdfeafe0601bbb7514fd84896a22895e9b21faeea372696e350f13959fc23533f3e8c34b17b595f3c935e37220aaf644f3a565114c34c7b85f1a3e465470166a62b13adb00a2bcd5a9a3ecd59fb772f09dd6a6e2ad12fd54ec62cface0022f2ffe3eb62db0f4d0f0f9d1fd6f3f11d76da868d2c1c4124915de19eacffcdb31f7ca018b6976260ca1bb2c4fcd6b9958f096313b608e208d875ea5a1fa89916d0367edc4f8890e93f1e660aff16ea79d1e583007e693bf06c172105b3dc24117dd921fb60d3ac0d2e5c89fef17087d885a0794e496e3cbea333cf72a507788efe", + "sha3_256_hash_of_signature": "67ab10553759308011f2faa906662c7586564c162344fb6985ad986ca8d3aaf3" + }, + { + "key_generation_seed": "5ef2732b63a1cbd2cc239ea6fed62f7feb3102715a5bafd8c83aac33702faccf", + "sha3_256_hash_of_public_key": "01588669b94d73c01fd1462e9acdf54654b465060a3b1905c6d2d71bfd25e03f", + "sha3_256_hash_of_secret_key": "fd5758c495e9ccf07f6c2dca8ef854c37c80b336d12c919e40957618064585d0", + "message": "8337940ee74590eb25e52e78e8563a09cd2d45f650f48775e3e61f9e3509cc8eb7e983310d0185359f66bd80e0da1e45a6beb53acebb9030e310e81a576d0f80c64fce1d1fd77dca27b7c6e02b0cc26edbf496ad2e3ce8484e988e56bb28153587d7ecb02fd8882545e7bf79cc9966a7fede93f7e9451bc48fdbb481673d1c4135f95d68f40f4b4f847345a320fb4d736bf5f9fd347435462dd3a238e4c799e7cee081107e11682c7b558b19177522427f1d269fad81b565be538e8ff2d7193579aee51e50974bdc0b66331b59bf496c87e4f6e143754076db516c9c538410fb38a930cb5ba1e6610441126d01c8eb5f34e2e58424b8b218d9e68c5d8b4f5258eef07ee0aa5475a72ccf363d47d825fa524c16c7b7587c44864da9e4b267f738b87f7e5701147f550cd38774b17de48e6969a0dedf334fa67470419059c4d1607880cb12fa9c0ed23032c7e0f325169eace7daccdd4c2e5097fbba859970d7eac4522c1fea043c9278c1c89fcce95203033b4cea4f9f24b55ba6b79ef88f275310c6e48189efc1eeedab66b56b6bb028726bc463d93d742492841e85d5c837948978d0fadd1c172f8859c802c6be8394a05dada7546ee1cc5bb909d3189088f4fa6d07c573ed7263c081720e701d5d4b027ae54be175536f3bd5e91993cc040311a7d352aa26414cae30d10408ddb44e8c9513f4619e99edc894f963489876b24bb0b91bdc3ee5b78ac0d4046b2e864789c0c779e5af97f8f84f09a26ff74b8bcde66c007970830b70c2a1122dc9845905c3aa7810b40641e8bbb398a23bbef52bedabec7bb54823e64177a73786992dd67d5c007d770938402efbcb3a60281c5706920a9eee4c26c0b251c32b9e1936fdec2928110959e99255508250fd5ba84b4fb314187124072d30fbf2163d36f1480ecc08f7fb8093bfaa72f1914c63533ebb3a57420dc38dc93dd6ae4d197fab790c1efc1b7a2234522e0b408d0648c7ae782f2f08cb70b96cd76b5089af1ef4ba3a4c2faac363a4dc1c6c421f6ae1e9b67461eb02f36c25e763f1a2b73ceed4dceddce619cb313d124ce6f7ac986d6bc344e630f22cb654c1286fbc0ee01c968dadd1edad744c8bc828cf5f316336a5883166ed000ff98d6ce2ceae7d3e40bbc5714f71ba9e25e1506d644fb2de2fe190d327accca79d9b6d9db505cf1853e98f30e9ba5e568ed83e2567c936a64420c5d8f07ac4f65f38c28e88dd7b5209a600aeb81a6d2afa4faaefdafd9b7fd3ad7f49462cd577204184f9d44a45e2a909373ced24ec0ee56bf2e6675c506eda67b1e6dab75cbf1822e20e7a8a81a7729b42a6d67a1dd457fcd19b62f048ab97b3d694254e5c051fd2daf3d12ad627ec37c22117bdee9eaa290d11d56baff0de1037eba908fa03e2f869fa2b27936669306e8e70a0a4910a123f202797bf1c8fe47178bb1e8e8d7ab1c01f30f5e779b2bc99902df15185fed4c865997ab72254162d00858e0908ea95a9acd0fce72e571c7a381cc33e06a27fe6a5922775ee82c973cc3ca8a05717608f8703946c9a89854d627744da475defc1390dc44fcc3a23c47aa8af17240eb1a1a00a062d258d471f31333d0356243dc1cecfc559378b4395f01a970ea4074d5666b44d49ef291ed15930dada66765b165cb8331cfe549c38cd0672f534be60f4d9b4c125ffe747670513b5744676899b256b992e15106b99b794db3950582816612144649210751f3d0dfd5b25cd393e724f7fdef00756d0c8540e8891e592507599b06edfa6ebfe543084ac81858f5eb02d8f5eb8a72184851e8589a3ac6dfe1cdcf286723fc4c1202765fa4f783ee58c627ed494c7149bca6a4ddb420827cdca82dc42515beaf46ce9d9ed524bd00ebd3094f770b1e1dd09fc431e4c244d2305619dae208e65ef385ea92f5a79f12b99afdaea79c9d8d319944ac6cbbe3f1290ec6b87d97785e059e6871fdf239bc404021cb52064b88eb4cb3fb6a871b0f76c12d7b8c5e8fe0a65024ab5b25f4c67b6d15c22b0005b754cf7cbec898b49f4326f1ae4034e5f5a446a96ce08083d48525a3661e10c996dd22dc34fe570a4c8817d10d750fc5c2ed0c24c7cbcba5cd1b2680dbaa3315fbf2ba7457abeedc96b5d111110d4678ea5c7851d25f258926b0b028365799e940a6e17bb03cb332fbc6d713dea7108fc6268c8d33e7a578c94ff75be808c15ff7884f092c0e309f1af99b1a7314fa0f32c8d8e32b3e9d92c9c8ff6b8fbb99111529c4be3a2a4f62884373d0903180b4deabe613de5cf19415dfba7f9a46297ae2f21d7ea420b41f628fd8deba55207606539d11791623cb325f1e18c98aac27283bfab2408f4fd6cc58ec9e306643ba1c0c77d84b3930263e5a76a1ce94f3d7721f0098d54e6c990c3aff69b6a0d82c853ea2af2d3d2b3e96dad59ff873171b55d16ca9a7c68dad2e918174d264919ddcb4b9d01ce622d56c599bf60711c74315c918a7bb97b9513937afb6a652da68b6b0b34e316d7be9f5c282a5e8773c892782eff220667a6a54069c37b88eb1ce676aaecf2015e59fb7af4d30c4625dd8de4805f505e83c877cd61d2a0ba65b32b0dbdfbacfc88ca43e4ddf7a1a4517dce83b7b8acf8dcaad28284039747935865daf8dcfca29fb676ce2eba2c509cd75588fa5e58cefd0694626c9bb31c3afc372ed313c9bb3adc398e89dbdb108dda63f9380ebf9da17b378451634682f9823e209bf10e39f884ed270413152025cdbf4875c121b1e83e12c044453ffda6d8ca2c240ad522577c6898ab6f2abe1fe77f860939408cd193e605f87ff2248fa163ac2fc0f39bfc38503b23f5441e0e364caaab890073266b3b51217661f5df41c0ba925bb425ab3dd7b6a3675b7d60d0290131ead53a4eab0c66baa83f2fb77e74c3c123aba7731a3f62fab8eab2a96e8bbc911e501cd23a088e7887a469284e0b5c27b5cbc1de2b6938cf1af58a47fe78141306cb76e8f2b73620bc4549db6826d2d72873885f6c5311eb5b9462bb4631d314dfb9c836c6f4d9eec6818940c04689cc4d8d11ed9869355617861340e722b2be78197746e2759aaa8d68d1965888e89b6b0f5bf51f94e586b2cb8708f4cdb520bf31ddccfb7cb69e29a7ae8aab12c11f431de40fb9e82eb5f2b6ba1f9757f1487b63255fa69a755601c2fe17cd1892d5a6799c35d05098dc133bdd71318667d47c4671", + "sha3_256_hash_of_signature": "884434e4b7f062f16f171ce0f8288936b347986ef7df3e9d8c14e17fea456eb1" + }, + { + "key_generation_seed": "6a27b1666ab6fc4483d14cf84ede49fedfe05bb24e008ae8a01c52d83b8d40fe", + "sha3_256_hash_of_public_key": "a0a520237e1cf0eb26584560dece9cdb13346526918eb7fbe88c1b253b41f608", + "sha3_256_hash_of_secret_key": "efb5cc99c627d0b9b49a0b90ded183facba5ce3fe06e71d6831d89abfc0e9fc7", + "message": "62215248e1f3afb19849f758d742f8afab595040c4dc520d603c9a80fa9cf2e97e4f4bd7350551fb667d606bdc31a45d88836cd376785c01f9007d47df95c1f4d1e30a927a13525409d91c9f5145c0b86d3b44e933ca81e4ed9559ac17940c61eb85b2d26d2c47924ab80acbaa3d9b1c8855c13ee45f5c8047c161aaa5321839a01783b21a5ee90cf91b8285c4779465b7a89de3d74d482080f68eb2d8b47429d5475356c50a92b3acbdea5786f4d6c2a304ab500490f84fd1d0f21acbea325d62d2657f3889b6f591a7f63d8633c061cb14b8266a7fe17642dedf1d08d9ffe369126cd780d9f99fc6262b5befcfef35d33498cb2cffe55f2f8d567ea8687dfc6e7d49a61fdbfe768c1d11bf5b3b18ca52225b096490c97cb9a0b3b2ca0762dcc36b60f7d26fcaa4e38b1f3a6279d889323010d9cb0a97fc488e09b06237e6eb0166465c2cbc2b9cd06f155759b6c93ca0cd3178845e0f3a2d20a68757aaf3c4e74545494462ccf28f6f51ec0fdff4f1e6d98fc5b63bff068fa7be1764bcf14497e71e424c9389c5dcf8c5ce1dcd40b82f1d75c3c3970da433a92a04de958766ac5eb3645f4d21882f7071383af8dffd6cdd91b549f143dcf59fed6674441eeb03d5013e90adccbd7e3da115535ac855dbaab7f51d70630dc00009e726a16deadb12047d85906cff315c73ee7d4e24c9067e3b772f3dcc44c25c7cb8622fdd7b8ecf5e9c877838d71d500f864a662619b1478f8ab4db2dd09a111acc99abe737ddbca06e88926c4e73b5f5d21eafc4b11938feeea5f8d5a4c616a342b54c9ce371817aa2409a55a3237be85a50f05b33d35aa86a62e85a01cf34ee7dc840a26fa1b8c6b307817c062d9a2e7163a3b036874d2abf6531a772d4031fdcd59ca79fbf442cb9155f90148dc3b723778e699c6985634185c3ffdb966adb80a3d1308150b12964142498466506bc0742783c27bd3472a5cb45021de066c28143ffbc82b5742be51e93bcfde1a61e661b730d8760e108b80c859e4b3a07d483a6a8967e5f01b03ec8b63a20c6a03755c75f419558878a5eb8bb0b2120f183e4becd4a104eb4db62cacf5f9964583815334a25bdb75724e549211699ac3bc9b2b5f58f1fb33429905df81c9422f8b84e95a7c36dec6ae9b48d4f502d8ab59b69e9d112693578d143a3f111ef00844303950f65ddeea6e30f1286de16546f90c4364a5c09755af3fecb13983c418b2fe4ac17bdda57e4d597e8bdccbfbe4082c446fc920e5145bbafc67fadd9799cd8c7714510da579516ed39b3e22de319977fc77a9ca61ae8252795d11724aaa866c1ffdbcbc1ff91af1b8713248864a4e8b9c59dd12863245f5048110dede7fe31ff9836715886c37e9642dbd6c668ba7ab8c2b706cdd58586eb7227b5768c3509c1f66493468859e275700ea38ba69064179f6036d7b50bd232b61c9b9659492894c0057dbfb80329a76cdc57b2a89bbb910483301ca0bf6aec7d5ddf86644ff52f48ff6c7cd00406cacbc09aa251708baf3276a52be2c7b42fb6a9036c318529ca98940769a67dcd532c0000afb5fc63ad2303e94e09d2cb40ccbe47faa1dd22ecf528179ad40fd4bfd43717864149243d61ca255344c52743200ed8385a7ca6cca24cf967d23d07dc2a3f9ad5f3240f4f022a6c6cd281b6c492e8d144a2f4641957ecc65b32c9f74bb468524ff58f0f3da2f5a56742896cc8f99088574264f857dc67cf04c4b63c6a08fc534229ca8ba616cd504f969ea6e3c98a517355f98a9e884062805b77623239074206e01ad2f3fc9fe9ff8254a5d3525c3b2f0a692803500c967a2e18511ef5b8845dc4b0dee9338c38c4b1b8b84ee63923250eb6f9e9c272617c7895bd538a6f34d3557812bbbfab2b8fa6eb5e95b9bce33ad3185cd90dd536a68639022c079b5ca7748864d37d45fa6780a45aa991f28bc0d3bf371ee2ff0c913cea6db38e4a278a4840ea1f255f8e83b6b6c5e260a49d727aa42095a88cb8120b51dafd764e690102f7fa07cea2eb86ac613e7be2f498f5767b622d04e8a6f272976fb058c3334cf8caad1d180e3456c210763c974e431cbc3e25ead8b9ff9243628d5b08d92cbf1d5df29a85b1a04d2999b3c669227b33610121d543cf4a978f8d9365c0ff8affa92b07fc8c8604a0f357f3c669445685b6a29898301a5afbe10ace8d64a47009c8741d7ce82e9900643900a3b92a26fe5f24886c06ae0918c3f2523c320699c799cbf72f0ddb08a0f1f63d6dc2f021c78a9d44503209190ee4be654663679cfd292292d71fc4ba6233a196ef9e95cb965852773404b2622b565bd91fca6747aaf7f4eaded7bd3bb53645381b687ae04b8d8a9bef1095eeb39a0beb4ea89badb4655a1afc7eecb7da0d670c192297cce0b31bbefebfe94c84603ba8c0b7cc73159ff59c01a037cf2c866dc40d88432cd6c2f1989351a4e41343cacf7bf2c2b395c863709d6ec1dbab2af514cc771df14df095dea8284be2b65097d8e6f72ef3936595384afc0026956e819f1657c901b92644e9d6d32d0d95549729b2cb3d5efac9c42a5f284abc3bf5cca5b08161b09d9a48ffb2996c3d4383d65b8d1f7fc3248cbe84b9c05464f4a76efa005fec342edd56959cd26cb0dae1b61b0493a4b68eb3d6335bbc280508f09d84e0c5f4ef520d92cd34d69e5bab76df5d2b72cb41a298d370ebeefcd6c1904b956458bda581efa6b3654be402ac3a971603f23f2b543c5beeda5f018543b72c146cf04680bcea31b4a238460329e2bc12f14c804fda3494c15452223d2477c9c8a497d04eaae7de09d7d7a879d3a5dba565ae1a38f15e69c18838c487c0fbad44a068c42efb7d3f5ef488f91c42f25ac564751f0efe0ece7d98bb1b3d0fc42c9756f4b8f9daf1fd0d414391155285c8daeaaf380bd07e43570f14e9a47a87bc733f1e676233f17bfb71aae464aed68487392d339ae064ae27bd57f8695f493ae56ca96c0615bda8da37133dd13c2b21da189a7329773fd8d51381bc118645440b28fa4f402ef84c4091d3a0bc4d206bdcf9007f5de9aa1e6cf7f6058ac6b69fbc703e908c4221f9065147766e48f54be4b076406e2f9ed19c1be982e636fd02dc26267c3ed989e6ad1cce62e7b988fa7c1831e5126111a4c3c29c38a1f96ccb3a04132175fa46f73c634ac6ec741b135645abf1dcea18571cf9a539f5cc935bc6d32beb1c7b8b3b5a141146ebc12dbbcc17bb4900cf0b95ebfaa52190afc6d8933cafc9", + "sha3_256_hash_of_signature": "242289c29f215df023b356ac8635828675540b39a016541b4f184f7207482e68" + }, + { + "key_generation_seed": "2a855572e7e2add2888022bdb585b61577a75a31aa8acede59acb27eeb2936ae", + "sha3_256_hash_of_public_key": "24b04221e04edad60093e2dac0c3754fed17f567976de7b5eddc02cb4ff4114a", + "sha3_256_hash_of_secret_key": "f5fc66ce691796fe244a8c9487b0cf08be17c30f1ab80a9c21e97127d3c7fc56", + "message": "954511394b9d10e1ba162861802a717e24ee42a346c9ed280c88e267a41ec09d6d73b6076e7e30257bf265b71a0b6e0cf408f02ba9078811be94d0f38559e9985463fc9671d182286cc4f18cabcaee1a3e5abdbc384fb27911168b54a387171c0524489fdf512e4d8d2f65050cfe7405d8df63a79c6e42a76f4538907eff4dc5870095241523f56fe8e389ebf1a1cc47ddb9f0188513d5259be257bda5be7381f22392cdc2406e0f2448a80f3824f2670f61920c667499de899f0f6b397381a2de66255e061ab92cd864de75c9db7cbab9fe76ac38e0ab3389530b4004055268b289b40d79b32e5ebcc74353510bd1627e2d5dd0be7d3dfd04138f6e3ee7526133dc70490612eaa5024be6fbefab24e1e83d8941a113d8b871f3dbc3011869174888cb7a265d7de9ab99b999c19af9b442ebdc904fedab52cf40b787aab35626417c5291f2eb892f43e698a8c65cbb6442a4832f33920fb2dbfc50b8e996fb227f2ff294c385a330957d2fada9f86839235ea79ecde6d9d94fbe7c79a38d40b9a8f241f53b921107ff1c72624c9600ec04dfa1160f1fa9e5d986a5a363e9ce8627276da73f5db47e4b90328884cfe93194cffa6fa680f77886e4a7a0fdaf13a7ddff6984b8855e1f58235babfd5106338fe2b075d4f10a9fb3d3c5f829b7c61b02b34e9bde6e62cbcc3ac9f467a6ca170eb43e632ebdbf6847f781e2469b4740fdb83da34ce34a286e3b363a72cbb13eb66ce1de35d8fd77dbedbf45c44dcd16e6b58a1699694d9006947c8c20810e85e3ebf8fb2c68b967743642d86556ab6958e545ab83ec24b96f2b4bb99cc8890c3c1e0fecce26ce09b6d99000694f870af9f642374ff0bbf61efc7cd5aaf5667fc3fe5745dfaf7f13fed70fe070ea4c09cb1a92d8b7f0dfd4b4a4b7dcf4ca6a97043bcef6346f1570f37b0eb48db8d15c8a82ed69b0c7833d6c830414c111c987471e84d2ceb5bd973dca34acd3a65d7b1a502368941935435b78b8f2b74c2bef127d96651247bdbe68eb7e466b9ea2a64a13c375103d7c8f7d30a13cbe184bd1ebb19f3274e645f5c7b82efdf09233d8ad146dc0715266963fd3cce6f8cdec20743bf1b7f57c101ac24c64d568923203e1a6af03a700f5a401ec4572bba528e284c151f1d108f7563858011fab32b3776cf2b910d7b21180dbe75742032791018258f4d1407c9a213755c5c91205352df919b6f14be056243df6ac2909e52c9a79f6917440667719185f1c5f1aaf40d873ba22956fa0bbad9c35360853333a10a0841d9d2e758a0b1bc187f6bbd31c41b74f9eeef1f7a28bdb7ac3d52fdc6fcb3ef0383a06a61188548963e552716d2bfbd6c2dcde496d06615e86a5cdb76a03bca2822aba85ec6807ebb6918ad2948d193ccf74f4bdaf7090cd4294c1785dcedb6b55886a848284a6a4a88a496800053e84a9f2dbf6b334aace11a5a540626716302e259a64c6316ed543806b3bbfe37563897e83bbefa570312df908c1786df0fcf55069edc336501a5ae9d4bf212d56a9cee811038656912238ae284575ef8de1285b763ae54adf44f91b6dd9e309b7a7a0ab71ec2e4611831b3ce1c9dc85cf907b52df7406b06367e7a43dece72dccc57d268820ea021c27056e3c6b50e7ba7a59b53539a6b7b06b35051e3151c23f3bd3c889b25d0ece1fd0df1aedf657fbb096ca1c861acb0158501ea1aefbf6dad11bdc325ac1ced3739a40b7a83458ef4f3453c0f6eabc1a48037809a90480df9dc4ff07daddc58df2733d49a4fa53c2a41e55a4a0167c6d33ba6e752aed3a125dfd6a0322cd235254505d7b3ced7a0dee7eb662acfd30f8b79d1a872998cbcf15cd86e26809e0d2da0324ddc90fd12caf9d8e4eda437fe4e658d47d67c95927c4b5dee965b940ce93e6743917296e10820a7101f8f633c93069e8b569f4625afd4ec61bfe4549fdd06c2290a91ac0fb40cb1f55dc8bc1fe695c73af603840ac0351f5256e00555c984e79a09e58c566d1a117b7e569beb5850fb491fd9b982442b55bdf53832aa65180dcddc2f768b1a1361994de8c25f3608ec853d5982e0afd1f9fa70170fc3589ddaf958dd840b4b502f8e2697d01ad7ac2233f6a16d540ef8d232887d2b4fa727ae2f038a69af3dae69eda8ef6bf1e0b67d811160b75231543ec5a4d0778b7b42fc1dd6732385aa4400450b3caeefdffcf147635cfa4aaa53de4ee3035bc40ce8670016384bb877a86a15b59f3df0c5d624d3d2b23ec46913618c745330a96c715c6f0bd096487e89b917384cc30b3d20a332f1b4056462227e98af9874ff1d18df2a6bf84ae822ee737f9e34ee8c69f23eeb9bf38ed056f499545f405759355c104284a6d08a9efad8fe28288b2084336a6479a6d42404f3e6ff3ad1dfc63c8aae971af11f2699f32f57ad29188492ce07bc1a271035b4d13a686efde5572353283a0f3138f6dc05cc35e5e5057c5c8b9e12b0164c0915adedf40a6e23848fa59adc0e65bdd2120486942f232315fc94b4676751a35aaed2828889864c4cb7dd95a662a475733c2ca8f6997a9c822c6c8b9dc95a8b4c367e613e97d3ec6d6ddc2f81022ec21b3a93244e3bc8c2737a7724a3cbd480b26819eeb2676fd383601d79fa266ed3f9bac2a98ff0109ad7e43e33e108d88c09ba82afcccfe98f50f789109d99dcd0a2c61947544f3666edc621b5d5ecb7088b2430a611bea52be7f5edfc6e2649f5e81f6df72fa9a748bff06af766a60d2b751b23a8aa95cbf733359f7c0cd19b1482a6e6572d1570349c688d78cf8b8c7dd37576dc47a193a2c2797d0af7504dee303823a8b77204ae7b6e91d431979798a7edf435056251d0e3f26b2ca16bfe3422cea0398d30f0a0dc06dc8a93d27d13650e5bfb6ba04c93faf0d7d06f99fe4f1f52a059fbe808179515fda48eca714f0947fe9a98f02d66fb0d80952411cdfceaef6aba16d92b8f1b82db151d7dcd7fb7781ec55f4a86c86011fbb9c5570ee76897e7803036e2fe3cdc2d5ea7a613897f3c69a6ea734e3811bfd15e90d7256a0c0c88ceb54ec6aac151b435cd2a870e4a02087c2b847c75b00b44bb3ca6d4404c3052bd308b8d5f595277592d26f6d5a2193cd4d650bf931fefb9deee61032b29ec0412f38e1cbe025b2891c59574c1450d9e3d8ef27940ef712143f06f38ddb86341a7fc781e0fa8971dad13aa7e93f1858c70a71a40164211ea9f6a41ae90d19032c2ea52c23375ce3c4e59599ecd6855213aea83f8dfc5cc70f58a62e4dca17c09705c0c099b29056592986c03cf5d67074735f2bea", + "sha3_256_hash_of_signature": "e0c0361a580e132af6a6369c3dddc0210167968eba4d3570e4dc87706cf351e7" + }, + { + "key_generation_seed": "7967e9de70a7f95e69371f812c2fbf932cec07ab4c235ae9e8a6799f3f537d36", + "sha3_256_hash_of_public_key": "1b4c49db7e9296db3a2bfd26616f80d9e3c09f3b9eb30bbab07b6cb784c86c55", + "sha3_256_hash_of_secret_key": "3dec096470216f101e1640e216550aa73d63829b36f804fc4bbb5ac488a8d9a1", + "message": "326a4fe723be9363acfc000705a10b6cd8a7b25e99a34b4a354cbd6f50550bed30f6c4208490b4194ab79b24b093fbe132c299df924f2ffcc2cdc6c2c9019eedf4b72d7f0817825bd787135927102e1da041e9a78b501b42dce777a79ace604e57df11775d7b87e75e5b00adac90d1add78cc5ad348c7472eec6e6e06f737e77115a9509a6ae6570f738dc2f21314a7ccb9d44add6e1434cdfe3614bc73a6b468f6691b60f4f2db103289a90c4fb2bf5aaf87826d2beb0880fa64e07e9bd30d4eda00d6bda01d1eb22bcf14ee797a859c9a0d9034e8c5316201af91388c47e1ddf061c9f45e067a5f60b355c98f8734559b8f1b82f47bd9cee0224a1d67d40706333523c34f3582b6c8cb47bf7d0e4fbc7d7cf3dbf21077e664fd59998338f4dd4a423c3a145ee1e994aacc1a48f81a7e9fe106008db93a6626b8c8505043ab864d93ae3972675e69c3825304086aa3419216ccae7f7d5117739e99d8f4a0b658148de33fdaaeb9967ef56677d2028c3b584c5cc1c096f4da16799408b2ee2fc3482ad2f49293cf4097a78492470099bdb90bcb4fe3b245ac8b3c53e05d7609e34770adcc147033a8fade81359ff63c3fb90c5a498c98b7a0e5ee9cf4d287759acda4bfa3965ca85e1d1c1019e7fe6d82e5e66a717f94890277e6db1eaa6f3291fe1bcd7d437094749ff5574b8728e0dc21a143a14e382937efb7ec1b0fb3f6f9c0f547f470e3b436dfc7986f923beaa89583d8978c433e0cb0c4e98516af1ac797c778662455a57fef45ba2c7865c1df5c502edb01c8cc729468091bb96be9da9c298528187867eee9a06141daa15f60cf719de2bd15010550b92a41f12d8f38b54692589aff51a9d5e6047a0d9b707369992251df31341a45b01b05ffed8adee5810824f903ea59f14fd500aedae797f8baeb470c0b14c4eda5c687e4848a85b30a8e8f59c45d4c9f0c65fccb15f4d4209a55722c29b6cb09aecb4e53fa3aa602c56ee3ba6900cc12889e7b87d5ef283af1586764519a30cf60833c82f0ed15e39a8bcad5c6aee9999e63d399c5cea10ae1f53b04858ef7896aa29fa541451fdb685734c39470250545193caf26c9891f7f965904ae10e8566bff9b2f465bbe13d6ea4a79586e68844b9fa68b2f992565c8b0ef5ffdeb5878cc12a0571ca3aea50add29dd06e13741a1ab215bf487be7735d1634332f47e037253054a21e0ad8d8f011334cb5951f833d4d344d632bcab7c373cb7dafe8f3d79e7e13bdb1c6cffa474a9fbb46f5736d55f3466534596ebd22b29107a8fa50c1d0e62f0533e343fee038fc0c3040a6df2d318bbc8420019b1b148d6d1dd2fe428c2fd617ca73f224ef9af9bf6f83cf1006616235471b69dd4eaf9f32529ef3e1dfe6765e61e246b519c702351c9cd66c57065ec78993d793b082e3685eb06f2530b07862277d339a52813c99ebe16c06c4c8f547d9705850e770982e8fa0275a52f430ff2422a115ece46a9202caa0195789532b1444f1507aab2e4303464e499989f21c7d881328f18dbc77d4b9b467cae244a93053c0321dfbf815da28b6ebf483eafbe634e9947bb5383fee3a31bc03a63fcdda5e3e46d5d3184718c348a83975728714351df43baf91787caca346dbb819602f18a4c4fe90c4ce307984bcded89cd2e4aeb66318c10d95afa5be53393feb981c21bb1411bb9c58818bcc141223d66ed5f35f90c05fd4848617220dd72f5e892292ce20aa9a0f9ad54022cbe94d2c86daf3fc66949ac35d8e122b02e2d155e73f4ce24d7e85a5c301dcc173ca8ec090af9dc7f443c983280dda27ed4b9bc71f86e84f7aee39e6a7e9bf5e43920aac858f0f49a06216d9d3984cd2e3575c0fa6ce8a5e28b0f481ccbaab450fabce8a1084ef458dbe257cf09d8116136c2cf1edfa6cce31aed0f1f8278c1c8d9c79846886d48e3fd311c015bf2373f7caa71aa26b011d0df5a843ab53d7e7f0466ccf49c5d4de872ca87b8895101ee0147a3dbd391beed75fc16f65814d56cb29273a5f4e5400fcabf85040505c31d001df0023726e9c1f7c29a37039fdda73b9b99acec3a029f7c0dd61ade7d5e835e1cd605aa8e583bf8dc99285e86cf91f4b4827a0e8956efde2b495a86f85e78b954341cf3afebe8db71c26b9b1ba27b47284aa84e55b1c2afee733ac596a10186d9ab504f33e34a06ca931d7633462b04b9b2b0d4751b0343503bcb2a1893d944fbdb4be63de167348a1588e6551fd9cf2101b0b4cb61422655fbeb50d64cb9e87a23007a39821ec3aba391485347624efc3dfda4a133c537d7cd8c3a549bb6bef9a52d2edf0a8892c6fc3eec3efc3c18741c85bf24cd3b36ca04ee77f654ed5595a0e4b9316ccfe4d2aa6b4a66b06f309337e363c9e39829c8838729f19811093dfbe962246473b7a19faedfdb0193f63eb85ef308cd3be5831f35ced36d9448d0ea8306044f78946079210cf89ff78104bcb2964ce2af9954d53885d7914e4ffa4ac7e9b3d103922fd1ad68c0a4592f885c5fee51d52214e17035e8681086203b79b5eb176679eb3263b44ea7287262dd84bb98f6639b9657ac04e397d69c634a0c1181eca485e467d62631ad2d9afd5ac5b86ed4005fdbb7404b65bbb826f1a2334a481b9cd46e0ce9c414a162e84368089f24149d7d05ea6adf40b25a708357aaa5a28801ff100f69252810188cfc6087507bb5bde1cd43bf72b1b3207ce4f7e65a18e5276613d4beddaf21af7b964ff69965c47cb03846f7ceddd2c5133080fc632a4f0b3495b2d2751727cf7681f28675552df2a0994e425a922bbfcf84189b8c9f43058d691db3166c596f6bc480efde06bdae7b9c2985a1f2f6441520620e193d7b94ab46dba2a1ade44e2b006734e6770f34b0e2122dd7f4eaf045164dea8c2fece7758630384c00a6b528a6ecf07045b2dc0281c936a540904733149bc65b0f57acd9a5e41c2adf83fd6a760b169beebf04644db1314270adf86d01cc2cd580c609e78bbcd9d2694a89f9cb6dd36b9aa2aa5581ff561b5417be2b52f3ef2581e461cb0690782f33862c52590643bece0a6141dc805d8f56c4f64c1bbc49a3ecf1e8827926796e5f9335df47da6d3e4c14795b547116fd1f3351fc55c28b543183fead8df7da4dfbcc38e224901ff7bd83b16631064cac4a37fa632f53f004374aa19861fdca515af91e66186ef804366d5a1b3b4faaa60a0c4b36b972a9579548b4cdace7eb85f1f68a4e4255fd994c1786975e7f6f0ba87d0295de72876bce37146a09edebc0164b9c4911ce41ef4d48130a27651bd0dc315fd622cb6d03759d35756806332658b5b33e768860c1946569aa45130486ad49b", + "sha3_256_hash_of_signature": "b0c8fc284145d4a70b7c430a064e4a9b79c68c5b322fd97fcd408967024eb667" + }, + { + "key_generation_seed": "5aba340a8e541568fbef49e77f94cfb4b3a5e9cf14c6755ce6412cf86cf62898", + "sha3_256_hash_of_public_key": "08dece9d41a3819bf8507d0229fa35a770eebbac0137a6235b5ec597f0ed504f", + "sha3_256_hash_of_secret_key": "95cc6339fc53f20c51accd43fc49f6ce96f3b021ee059f6888e7b310284515aa", + "message": "efc63dd588a7230ce08efcfeea534f5a0eb005480ad1d169c386e476715238526e936fea7136e2d8aed60de31cc91dae4e764ce5f93624fa7f72b87562fb6ad8996b5e41fd478af0af8338a7fd9aa250efd2f2d20364e8a88a8642e8e38f38583abf8d3be97f14c3ede66ebf8ebc84385cae646cded8c5ce8f06910ba7fec05d828446d558d6fed766fba347da2e84da247c34266aa31c328804f4e3aaf6acbb0ad50feeccec00d20b3610785b9f1ba06a0badfb42a8f43de3f7bac36057ee0b4d2a15db040a8903f767f7352995c8fc3e06ed1b1322587eee5b31806192e04b09a7b433d08cb2a340942cb75c51e0f8409f907f69c5f8dc316a227942edf7a458974fda76c255ff4f1a85a352cd2cd2a21507e0f37451060d31d0847528b3ed5da3e7168cbd0302f1b03842e63b3dec6fb37357e37fc3cc26721f290726a47ab3d4dd8fd1778fe5133726c240e7b3e398f3d809c6c469680b9efd25dbe890d6936b76a52f97aef3f93872b76506a95685eecdcbce203400d182252471b99b7f4c6ced4cac8faca7682d0df07bc5904aae042479855098cbc41534f0ef17f38f1bc8c272cf72c1ac4a5564dd132130ee676e7d7ec3cabb4e85ac81945c87de08ec60ced3fa0ab3e83c18ae493a851434bfa2c4968b42acccf3609539c62a4e01f8bc159362e15ee91d8aa399d8bd8d67ba1e8fd646eebb4583812293406b05ba5be2b1df9620e6fe3daf8cebd9652bb04494b899f407c7d9ed1c4e77ffade24abe56ad597bd438928e05b0363d6d2685d34d6b51d71012844415c46f13181b146a3af25ae4e8853cc7c7ef6387306c45180a6ef9e97abe1e7d5e10115752c3071b6a213367e8b1a3d1c3703cc1840735315623901d772c61d55ef8c47db10f0eb7582d7a043018dc1363e93f315dd984b8002ea7bf5bed38d3f273276ca577cf99a635cb6ed9d6525520793405be27c86e6effeabb1e5f84a0076bd151cafc59853424de4b3460c673b0820d76e15ee47b6505d2d5c179db92a44042f3631c646d350ea9721b8984660a76018dca5c6bb1223cd03cc844dc9371d32549d9d645f75d2683fdad1df6434bbe43200e506ed2a815fab511172c70f99a85fa3970433e8955b2f9389f23c10141b5779a23b8671eae8b91991b78f635fbe8e627d3e79d91fd1e6e90699640ba3ae8d7e4cf5145f1259cc76ae50b1fa150d8338a9450a5b6b90eec9c94318bc78c9c7715a3eb215aee6443540d211a0556813529023e5a581623cd6d19bef0705a5f69aad4833a57c308144e92899ac5683147cdbd279d5c3a55bbc5e8f8e26a158a3e42f8c5b858909b024b4ba4069e26de66460ff4a7dc92bd54ac244007b6ac6ce07a31a2af3323cb55f07b8f480d279308fe10f2ddb001da6c4aa132b988ad03fb63e0eb06544571f5505cf377a81153d6fbd4fa2b7562074cfaf587ccf28dac84afa58809c0b296e0d2594d3582c28596f5af7500e143be7b49c63d04f49bbfbdf60b024daba5533f945ba90659758e06984921efeef79604059eb808c9fe1bf9bc5351a406fbba7f5d8fc9f891488e537db14b216a0535c9ff7bf8d5c68a2453a8a48e58fa7bf6eb76448d6d0bd05bd4628c4b852a236a11bec0f67118f1267ca42647f6f2303509094c9a7f3a07b2724abd2d9b56b71fa7ac6cdde456ec209be76c419855a5151ec9ebf0e0cf1b86f4e8e81b8173960f8d1c8affed1ac7b818af8e3bc092e2b209d693e80b11ec7da39ca93223e1b47c6127e8ad40a78bdb0ecbfa1f39c84cb9ecdf960abb39884627bc4105c53ee7bca4802b92af60241420cbb36c407f46cc2e953d7e3503cc82287a8d68d0e673e212173d80a12257add5256652188c00590dadcfb7dbb6b35507b853ea5fad4f52e02230cb3d3bbdfc43eb74780583e8dbb851e0257117f4a39a6676586216220c1ca21de16cdfe6e1cc99ea7c989916ad2fed4a8373cfcff02207529bffcb7b7601317450bf430bac9ce111b0fba8d7de6627f863078d8e6286b2d34856426ea90ffd58705444d0dc12d4feead0ffe543811e1ef306f40939922563832d06e6dea7109087ac051a361ea9e755856fd4e51388bc7c40c63e0953c8413ab0cbff70c466e15de5b089d095e8ee8a64e929d26ca3b71ef0b2360aecdfa89284cce08c666f4e0146362f0bb84b87a49fcf2324ebb96dd941f00e2586f7246436eb66b1e04af84482d8ecd2bc8ef9955cbec62afdd754a7f235c7f3c41cd0b36a9024d426b7388d3c33a5a6e858846c0fb0d88ba5798c923f9b43d14a6661c65092d5c5ec0f97d84784fa336ae6ef57c7a5d04804b96d19849ff9074724a5faca538e32c6efaa5209317543159272ce50454fe1e7d068c8f5ff3797a66d5f87758627ab5d40ebe1fb7ce9d69287ae7a5f349a5daabd8a8e7778baa26da0eb237034a3366448280237a165cbb303be6b33c0f11c1e56c50a84384a0f6878f2a99b14cd3b6820abd27d2011e0c37f8439bede65747038a5ff7f00daeda094331523cdb7e10f1063b64a584d3e9f0655268f89dbef3ea3fa4c6e54feebf8f0046c6c811f0767cf6fcc9b3497db05582774047a8dcff6a0c1b5188076e64a9d5693195075f2a05e507a5a523eee4537079f9e5e79210e4af056d6624d45a0eba553ca9bc92171451970102cab57dcd89acebbd7025008325c61145264f42e4d14a76e5c2f1c129d4c054da00501081617d1a27012a6e160750dba73becb5dc05105bfde1f1d0cdc837355844b291b09015fd610628513c1c86ead373730b99fcd4a552fba07163ce9cf6a3d3ac0525593f0648256e8b33fbcf92af58ce26d0f036e11230879dbb789507bceefd2960ea320236a224ea74dd2aaac541664fa3ea9430d4fb09c878169a8af1e7fd4be5e7926cb0b6a352b25f452454474107286edaa145c0a0573361522eacb618dd9c8b32bd1a8a5923f4c698cca0139dc640c1d5d557ce889bb69ce32d85853dfbb0f34da2cf18cc79472906b67f6bacbf287f31de0b9e7a01a356ec9b64653cb922501ea1eda940089ba0f293b667f482e92438805cd6851776cea0920cdefc4062c9b4e51f5aa1d7ff909cc2608b6f28ccf28d574bf67ce80d4ddcce28f2ade0162cb66894b5b2da0eb975cd95ee7fe72fda2736616c8b571fac94bf8c64acd1642d9431118f08a62328d99b2b9d90bbc915db764c4935951a59c369c72060cd9f4273bdca0c295294008c0ac3a149e8ca5e8bf21042f5f21c067147f3bb52b13975026a9df7246afb1d053670982ab316509f2850342913e1322758ed89da02dd79126726b1c5566c1831ccb1d62b3e271875e62cde0df0715d404f95f580b63923f362d416f83fe5ad98eed584717fbc2cb7d1b00101200f4eb4ca5", + "sha3_256_hash_of_signature": "e039341e6303194777d9d1d06c32d23ed34da09cf87e540b1e059446784bf3a9" + }, + { + "key_generation_seed": "df4853f482cc1d0b3a2d71e9eaca064e57c5d100df79bd004ba81b43eacec401", + "sha3_256_hash_of_public_key": "a96cf2277c75686e7637d3cb416a6bc84a5c7deda975389f1a224e2e76afc6c8", + "sha3_256_hash_of_secret_key": "82e3dab820cdb3dedeb39605d2a4cdc713e0d4f82af5ae08fd4cd6f9d858c788", + "message": "acb414eb55ae5e49107bd0ac5975544f83104f7264495ae0bf0a6d9594c422c16b99469eccdfe8b8000875b469309891ea42586a615d146de64fe59277a61631b2c7f7379cd52fab3871bade120ee9558d1479a91925634578cf14d35df3b5672f8b5f9f956fa9f7489d6e37e207fe556017736f6b147a8cf664d0e0521d94737e18188a1b7c30296ccc9067e7b55d6e0f2fbd875f42fefecac49510e324968b07372deb10a31c585457e0c48879ce44bc78898ecefac7bcee90d0f8925df2b52d5ac81692e0160f8fd5808645498428260f592e29bb90fcb07d0424ec79fb081840cb827caa4a9d562183d10ee41d281e26ce3ec0069c83e1e446ef82e2e30debe3f409e0a9e6d1550e224db15dbdda44341e4ed6f8b8984716ca87233197528547d090058607ca141424a13145f1e896555288c5e2877ab3b51c7f9248d2d56a8521975bc4eae3d009988cbd73c66931bada0725fb8a3448d43e0c7364e9494fc4e295a700e79972e1ffd626d1cbe0199917851638b192ef9f5c03223f2bbd67eb59a5e8baec3db40616938274201dea1ae640f6ee7e047cc4c13f80dc65e3fcb5c62386015f4ef1bfec561e121f9bfa9b2075bc1c4730503fdd5debce8a535eca01b9d5b021c290854b5f3d49effb263dda34c4e96aeae9e71a686c009b205994b46cfdf1f76727ca67d415b9d21d54312cdc6a8ed0aeab96b580d0b419e2058e5d843c17c96d156549962f81c266233ed2b795fac40b1992b626457f211f08106ad86f5702b9deb9323a0970ad86125eca836e0a3d6ccbc380d474049bd96ea246b8bd9542793a66e15b319aece6bee17adbba7db337d25f8f642774030a2ff969cb5671f59901cb109e661e55fd5e75eb2a96dc37fec76a82eb89d020b4916271cfb0cb3342494fdb62ea0d253fb8ff2e91357b33d96d41530b8b5e9550fe9b3f9f34fd5a2a1a6a8beb93ccc322622f3b5e8487de19af57cbd1481ace02779ad928b17a9b05cbeb722c783b088b5912c2d67ce5073f1801c23170deb1eb6ddffc4c33dd25f94f4fbe59d704e478fb49dd2142801c37ed8f539ec1782ebd2f3253bbe19c5a048b9ef41824a811119f3a6ad2a0d4b77338e001358c61a9794572b0c46eb1e0e575d4da141a415829ba8712b791b625b1b0ea840ee745d9ffe1e99efd782ba25859351f443654995102cbefad7e59d03c9a502ed7b77144d0566e4bfac086a7dea356cb9e5ac02dbf7e81d6ceed4a33da8d801d61bab5c01f259ee3a99ff7f6d7bf8f2160c4bc3f890736074b000c4c58fa4615880f93fad43d5657c76045d7c414e6b85f63aac91f04a616184e04ff9aad513ba767215fb0331a369d36c0ae9b1ec1268f1d0b43c42b786db23dd66465b3af17ffc68c67964c2fc9e41eabc45db68cd2c3d95b8bec787d994bb8e9cf1dd7d4c563fca5d80b3f1fe8e3c7bfb7d171f5b9023bfbcc0cf4371b63c856edbda154b4313c47983f4027f9e61e86da1e8cd787e3e6b50e1dfc9201b9ab92059f8b6d1bf7856cd55c5b1d6c4e6ebf818d481c56f66c79444f5a6544a64a7d78ead33eb805a6ac4310cd46a2331e707b9b0950ca12092402d68c1cc5c3f269dfdb13ab34b97eab50b0745be72bb0fd2d73bea5dd37802393b635e42a0def8544a96e7f40a8d9d06b64e38dc406bd59ac5c4e218591d20b8dba2125978096517ec5c03f9bc6f96cb255e216ef82d7c7c873029f9e1d98ebc0d8e1312b84b8d02e8d680aa56a506c8668b5b9c56d04cf68e37c7cb1b9377c867240cd42fc7fbde0ac44e3dccfd3f877c9923ae9cece0cbdab00ca530f434a33f1c939fb88adef4d12acbd8b2b5a139a3fb776d8223a9846465c0372b8c3233fb5280e936bbe9fd49058961463a4419d939f4f1fea705eb63114f0a3533638dc4d3efd620147770ad877e2354299cec6e5c18924e78dd661697adf89a77c7365522d3e8fc0855187139f7e43e9a0629ee321b2cbd9f007b05c22eff56fe48045686b36c5bac2267f37a2e3d4e03e19b1e422acea31c2e9f3e7541976d4e2fa03119df9c4cc2d5418f0fc7a467cd98e290695b9530b91d5df8c626c7236a5c0fba73578b9a47491ca0ad26a144b0f23ec23d2c5b2daa03bf40130f14b9a427cdff1f232c9cf02426228c570cf1fa7c00a773bc0d70858588542bbf8f581540870897bfac8387cbba3416a846cf9f4f5d3f9dcedd080cc0de9f71b93828b835430898e82896cd3f30fe2af8349db294fb2a8ffc0848692a0b9e8a66ebbfc0f896f8d03e3c6a0c27e0f2177b85a2f6fe31e8aaf14ea5c1fdc54e80cde47ae27a161264680107023cffa961e913c4e6af96c0be37ad859c334cdb8bbeecb5443662739d027ef1b9535a5a46e2169933e419454025623fd6779f54c622ef81ab9289b50758ea34f868ec85aee589b08962b85cf537bc733f62aafa95fd81a60d5c2e38d6ea0df7d1390bc5050e2463e3e2e3a769de2a94abdedfa0ed67cc0ffafc5a05a3b0fd37bbe6967bed8debf02a42cdc80bdc62158e184fdb6672f7947505e2c0a6c7762b1145c4baf30e3d32434d22707044dc99d2cf2d38f15c43abc8632382bbbc9e0f106565906f7d4948d30fb19edcc3748100397f71e1548e58a5a01876d0a12dcc80000224221c4abd98a5022506d24bf4d9b9108991ad3421d4ab9cc393dcb8d744f97822f95cbb2640e73e401f044fe20253acb8b32a75feda640e190454bab695a23b14ae3ef60b00491ab22f622daa89b6b2e6d18e735672fe0eb2de269e4e386c926e23b865e1ba22dda688293de144102f7030fde6df653e4106c08c2467ad7c54d1df0dc5981004876c6baa8720f70942700a154a376c8d45dae1be74910148ee3f2733e591e1965fe763b58c8b28af25e9b3c633abd83f1c0a4f68da2e0b85083bf97d4e919340c0437a604416c4f629b33039bbf2a1f561548321780411d2e8ac0edae76fc3a19f3c84c3be902a1e84fdf69b11a12dc8b78ef257b5fbb5d923ffd548451a52c6a3af31c70266ae8a957b2bd72a51a034a2921b8e19321108ac303b0d2e269d032c3db13f21d558c82ba4158962f2210e1c5fdd96c98d6639aa844f34e40c1b9c909cc6af1e97a8dc83b78c72b30b7ae400f44ca60af37770b3d9147f7d6f5a327f34df7cb8891e71d41d723cb18e0dd324e5cd22ae0d9f2b1d2bfced0288b7aa73af4fe0a8181ba1aa7eae966d0a240e10fe5735d98326a106d16dc49f3fdb19d3a8449c56a74153655600e4c9e38d302c6d4080017d93c628388df94860329baa289efa4587f079c6f03fa03c54540a0ab4b067ee46a5a346f2fbbff6570ed0166a55c258eabd62ad90f060fade84e8fac799f7928285f58557a72e055b535d00bd9a4880d10c05c07cfe7a6feadfcded880521803e339f6eae3ff28a0a471a003358f952320f41a0aef9d28", + "sha3_256_hash_of_signature": "8069a02d36e4d1b08048b4818945014ef3fc67e01e7ee3af48a5d47ed2eab2e2" + }, + { + "key_generation_seed": "95da16b844baf559c2cd6e68b237614bb9927d90811106347b5849fee2f48640", + "sha3_256_hash_of_public_key": "878febaf59621d5ad5d8f182a9e9b5b87d93dd28d11b3d4bfb601e8a35e192bf", + "sha3_256_hash_of_secret_key": "7c6e160a8c5f9b6980f5d68f4146b14a4d6cdc2511aa459f00214fa49802acb3", + "message": "5f7522ce6bd0ce6321c27b9eaa6f572616201f283c5ec171d0ba47662c2320897805e1551ed438f3fcbdaf9de6f3a19dc16fe9c167a65b6e52bcf512c919561b548496a4a80af7ce25458a62eae92ebf677872482d8647c30c12bb1f080c6b9a56560d64fab73db17487bbb007c66661ea9dda14601ab27a100ef4cf4b7447e51418651c03211f8fb884be91f3980fe13e00ea4ecfe6d54882059a436c90bcad80e4101cc6c0754417545f2d167629f80a3c5ffe45c00ab2baf0494d6c065872b03a987a5ee818b3ef11e47fe1747f49e2db6a14410f0b1f9610a2d6114395ef6ebb231fdf71d595cc1171db9c89d6cf202e42d4fb968ab8105fddb2aacb15fab8014b534cf468d77ecde2072623b7002620b7ac3e78b62ad673feef9f8e97e91acdab171fd415b2d15605dde00d074a770e36f2218f7130f13e91fa4c88deea7e854bcaa01b8458d40625a33e982f0955b83080a926ec240e31f0d9bf477ee3a016e146a3909683410d4d09ecdf32eaef580402f0d416dfc082cf1362e8b79158bd57739aee56dc41a549e534c7ccf3620c7d7d95b92994a747d5efb8ec43cfa8189baa9b75fd54694e512fca388b71a5b9ea591ae9cfa34183de59d284ab16b2effa4b26a24a0e615b38b83088a9827eeb5c29b419bc061b033e0e3fc809afdd3de948412677e0bb5136854532639f3ccb176d54ea1961b5c527ef66f4b3286a583e86208aeeb8ed07d9e6bf1beb33995f76ca480039a6130775895f19e3cd4873abe3bf2fa9de81bf0cb04575dd6ae282720b152cf0ec6a4a04016db0f3543d8272ae56b1152b02eaf22131420cb194021f97060d5ce52eb21b57cc93964dd21344786e3888617152d2abd829799ce47d20158aa93f7da85ca6146c5bb94b512da053c35bfa8840ca43f6509a1477603fd50f5e4f9a7cf8d2369156989ad638d35d345bdc859c52688211bf7ef3f4ad4944657289406bf01dcbb49d560a11840ef35dbc0c7f9c96dbea76300cf61997a87d70f5ff8c51aeca2cf0680b6fe8c4025e1e25b62103d248cdee335f4fcd67597103362003206c507970ea6d78cff4b68b44244019152dbf812675cf667e5e13c8596eb6fea3903bfb25ed08f902722a37f8e460e37a03a2d6adbdf79da20052de658390484b83bbab28d039a303d7376bf555181680b7966c798a1c6cb215257e37739de7b9706cd1cf3ab031f68c82d6ecfa507c104115040744d74a40c49245215639d0cf4a5a7a10098e9ce3564ac3c44f0683ae9d3094784d354db1af439bddf63d5cca668d8180264efeceeac0be1b8e1c6418e45f9ed6c779ecf169143b034cd9f332989d445c83a8786398c507b9171b4d95728575539cbb29c5b804268d88f2b39af1f9572b8daa9feeef69c4a77dc64bf2dbb5e57f8b33ab151769b2d00010d67a2d6f188d6d5b35e5e1873fe2b327e42afb8885a842d26c246f7c18e6bcdd6fa49b300c65a3822121e95004928104017cbce2ab95acadb9802bf4bb049b8e96468353d649654c6f69d774380a5a387d6414dc3000540bab6eccbaa088c1068ccef20036e5c8342fd512f55e6794bf85fe15721d99a1bfeedc218617a940c8c25d4dfafec677d2a719b2cddcd302294b7fa41aeab5606f859cc0d638ac94b99ac3ea48c687d278eebeb396dc5bf2d2e89e880f76b533fa54efd30d8ee38b34dc5f8ae62c637e9a7e85d99e011f62d261ab4d3dceb98a8972d3482cf817eff476b873ac56963bd60183b359713385ba82f6e24be2d6cfea6dbb4ad2e1b5b790ee54d23f64e740502e887629b346fc8fccc3338d0f2921131b84590b32c7cb82cba8bb3b81ef7bc5cb12f0aa0b3c6a5b2878dc4f868057c68460c71d40d4263ac5c8b8317d2d0b63403c7549439a9ef227268372ec3a54cf8ee97714bc4b55007f92b1a32238659ec1ee27d6f2987ab06fee84c3afdfa73240963f076a955bf3c19410e1da6a19b3ea3ae2dd8766082d3295d35436597783dafdadb905465d05fc21fa8ac2737a52fa8aaefbd2ed83f12545c1fa3198ff225d37070694c9392738e89467edb2da3cd1734ce398e32bcb1fea2e4fe1260a2d9f9edc3607a8ac8a51d5da36e99b31903025e0cb157fd2ff5b51c9191cc16a9ccb870b4060cfb0fd900aef62738a58c5726f5164417f084ef14fc0953e3c6036b818c21ca3476b8cc5f8ebaace257a0315031a03e64e7f749b9df99bb56ceebbaa4333bc7270edee90fa2715bddc38d44898a41998b2374b6ee3b8524d3a385c03868ee9479355092c4d20ec32deb51497f4ff34ae7e7ea4828c288f46e5148de28a8c660ee132e5b5489833dc66205ec968b60dab96c2a4452a7019bba9fe3d19d5829129e2a9c75c39416ac8695145f2b62eb9468198cbd48d7670ddc6af2f99f77e7acd01a34ea8e0e974206fbc22656867d09807b980563e06a559b0c3a7e6f43cf8db75b18c0f90c12ff3bd43abce7df75d17e631c08c974322010648fe2e2bc940e6510fb8835df8384eff3fe6a264687256c6bc0a5f9d2ddf208171db55c4446b03cf27796bc77e3c68d8f1252be21877d7c53747404420302ca5ae1ab57e43b158be8b707360a2f59d6a473f98b816fde2ccedd92385202c419278e8b840dba4c05e9bb65f68ae2a635a29110329e8c0c02f6fb5eee41ed225051ee975f92da52f93eb1fd7c0a098f6d1421701537298651313514ad31cb333e9c5da719bba95e73878ba41f9e2512862a80602aa2de1e1d086576531330cc7bb8f0cec38050b3cfae5c8b1d6cb849a579f2294f8ce80fde5405bfa3e6ecb01d5117203a4523591ac4030397de9ff81d5cc91af3002590f5854e852b88667638b2d052f2a7852425c8ec026e48d9ef5e73d1993d7f3fd7f704760562c36d2278c9ce131ec6aa444d7b2eaca3ee888d9b2ae122688dcb35455e7de31562ba618f1183308b30d07a5c34020546218101ad42ac5054d4703587ff60e860a60375fab12734912058d5b0b06430fabbfe0c0b43c22814f56dae9e2713325a31c682c13f008b9a3d4ffa8a454f0f64a9213ff2d557a4cbc64ec6e4eca0a976cd9f27497ba544dbaa3e2eca0f54c2634c719b9c3a2ce37bcc8158a880baa72780f8b1d3494f589e2af3044b4fdd86f4db2df0843ebd9f3518870f55488f41e234ce94e907a69d28bd83347702750db1ae2eb1454cdca37a8b5fc90091f548babf489e57c8919646e977274fc972088a522fff9f9306d2f0ed6c01ff92cae8440d7f3526b8c186d5b96942cb08032886051da2a9fe77e38beb18f4fb25f1152edf9d61347a00a844929976a327be46ffd3e2ee0b6ab1014294ec5d40cf7071c36b11127ff90720596c1b3065e7de8010aea469bb4f4ac5a6efd20591cefb7b94b2006d85ca475fee556f24cc41237c631b75eb594f8342deb4f976d73aa46563c1aa6d0b605a16152315626ba08807daa6025cf62b29176f3a85e4bca483effea7e5939", + "sha3_256_hash_of_signature": "ffa967059d75239e053a38d170c4de062cfc3b5b71eb8110f6e38579e743817a" + }, + { + "key_generation_seed": "f258ff1178cc42a3cebe238c8418b4974812a05f43b8fa95639cc46bc0738bc5", + "sha3_256_hash_of_public_key": "ed78d8960fc7748a69e9f1e0884d2cc32f9b4eb6a9b3b2d8c122838dcc8c97f3", + "sha3_256_hash_of_secret_key": "8d7fb3280a191edeff2eaed6dd6aa5871db7c11d8193870c30d6564ca5ab0bff", + "message": "9ffa507328b2129c9f05a22b81a597fd1b8c27d554b36fd3eb150bc5fa0c6ed967ec5be6f1e52d3bed1508dc3c841360020cfc2ca1b0713076251f2935efa8500573cb4634c78a1d0f87d994e8e2b0bd265a877023b54d9a33282c12397dc74caab07ac2efd140df907651bcd1b37cab2d03f77cc28872291f1cb28fd4bbb5331c2a18e02120bfd2d9ec0c8938a6d43681dc03527fc2bf59703b5160d8e25d08534eb5aa5cc9c10572257d9e4db29235683bfe1776a2d9edacfba1adaf66587bc451d32c524c7934556f94776f91cdda96d2e5caf91a39503d3a742dc5a0efef7c1a13666e200c5e3fd7652d200adef51fc5136281570b7832e0c6e7552972e43291f202e6f916c916dc3fa48858f3d92b1b7efd42de140d43648aedd7c7379d7a4b71751a3348b6bba3b0db71b4c99c41e085e5536a3f0d2bddaa88069249e21e2d9906191bbb5c8b45353de72e00270431847aeb4ff6230cebd1969a0fb68d6e302b78da39adf6c0e681117c8432e24820b9ebf38838545e95cf7aefcf1e9436cf48e87b6c5181cb418132c7bc050b9498720d7d534792e0585f05da2735b7e68fe35dec358da1bf1681f7f62329bedfea3d12bfb26ad9403f3ac1db96d828050f39dce4017b45c5dae4d7de9e9f687a9d7fad1ae0e7197184142f6818a63d5617be9d8d82334a12e68f2eef88a0da3a915de63629550d8a64df591eecdbd1b89eb40ae9f9d65815271693c85f2ca41bf45e4fa16ef8b17d945ec61e757c6c609d8afaee32b3ca628842db255b619f6562e656f6125fb27195ec82fbeb9c14330dab649cdb74f523f5a98244194581503356b5b7ec51e2b35ae889452d3457ead713c0715aa7382dcc510b16e771b3a5a91949faf5e29223c8f1f861bc3b4e77e095bb61aba00eb29c065d6f9da9b4413d61b2202547fb6e34671930ebcdce4c541b3e2dc90073867a47197e08c96f74ed81de5f10c37c062e8d82364d67eb185cd098cac1bc3c522e4fabdf2fbefb66b9ec6e848f732a737fa7b935ef2848c29b1fb94044996eef006e251bceb5be356f286f0fc85e5cba627b67398cbfd6c0f520c6f896353fe75ba323d8ecd9d3ed2997580e7e1e49eecd91982c5da650d6b128068b8d3d72c1ec4bf1fbf121ba96e1cf5f247f9fda7018cb609329b1c95e59e112c393c45ef7138905902227cd21a39ce30397ff017495bc98a968fb497e03de5843e64923683f2e402da63cc25ad0ba13b85e3e379b08deb39542c06a268bbf44990447190a1f8adf0d3ed9ed9917886210864cad84e7c4d1282c4d3bff9dc23e4fa68ef6b0480e76459d1b5e0a7cc0cfc17f59531c4c1cb1d416b7d009ab50173f706289dbb68201c305e39fefad87929ef933006598ce0f0242a2c60955ae487115b4c367a7e49488491a6f044fa8b7afd81f6da09d29d4befe1b3c9eafda4f17d22eaae0b2d1646906d1cee65614640b53479e23831c56ebe12b92997d5fea725d78ca75f4509eebd3df4f741d6b2770521be2ae63ca365fe1518cfdcd5088d58cdfb8d3dba76731f74760a47c9d619a31b7e318e957194ac5acc6867cf8c9c235043d5c09240f346fea840ae0bb16094883fc801da0befac64a021f6f871413249e9c7f5cca92f4eab5713b0f2cd6c950f34ba6fb1cfaad541bd5faea45ea5fb37258301a49d7bc4657e3e986d707213c0f836b030c21593f11518eae3a8a95a2efc8b9839e79cd8cb0e6de59d5a43ff8f81fd35392f0c0659b7679542136782d559897fbcc0129c22f43a30cfb27e899a8ca52453f5459a281d0cc21f902403a596c7f69cbf9a64d97b935ab384fbea5851d831e8420066826d7e11e34047d18cf08283be8f29a8a79b0f477c27bc41b8ea4aa010ecf8ece0d37389ff13e235a4526070f96f415d41af2e053fd4440ddffd69799456e7335cc6d9f4370008803f7babb6c58b6996dc5a52649e25463b5267c188e2dc39b3258636ed8689e5c02e00574988b3af881d30e9eb38ac51c1e00e1c0a411ecf37e314276221d7d8713f7a449e38371854ea26520addb58082287faa1f77fc04095499a3c3a331a38852a287b24040c1ccc054086964fb1ee2b328f3de21a986507cd20b4de4898dfd15045324b93fdf85e5392de0f32c3badd04784012e97cb9ba19472b0c20eb0a71c89149ebb601abaa4a853f2c75dd2622235ac30d97b9d7b1216089b9cc8e879660e40ebcd15203404a8decadc42114715f4d8a6a10511bacc4ddc23520445a95fa3945bc95878bff18728e64de8b7767cfbbaa21f3ef2d92f3d7dfda792bbe4e5b3381077658bfbef8db95b64f9f2a44917b38df6f9391118978544369c882b218e7a7a31afc3eb9a75a28095c4478dc81f9cfa127bb749cc53898409365170823d65a0b46bcfba0e47cc0c5f6ecbee09131f134edd254f4f58b50c486dada13195b1a35739420a45be6558401f64c3b6ac94b73397925c20545621c7ecdc7da9f71a755f84d27f2c6d8415d37f2bf1966a76845216e41764ab96dc2e14c12df3684f7683fdaf5ec771db7050f81a4b3e516c7d5c955201a18f436962476c1284531764a9397e0edbffa8c3699929daeaf968b4524bd98ee62f9a0db9cbf99fda80cc6c57a5ee1099b1eb29799a5b5bf5593cda26ce2c66dea3d40545465c1d21f5b9373556b9ed0ae30e90b836003ca83f78e29bd8d49550286dc2de6407860e9a9cc5eaf3e1b1c73fc2d248b81b1cc8f59dabfb5daade6f2a0b38e76d9e6d0125955d08de7f334a56a8f362cc5d883d56bf7babae6d9e425376d34a05ab863a0d9adf7c6fda574fa8dc60965e021532c25ed4d568412d4143fbf2c4ec2f230d08337a4e546e01f7c1bff4c97f2f27af400caa57bcf398aa5bffe155b0f29a085d5053dfbedc3423818de8fc597eeab2c1663d8c81c71cb876f73ac854286063a2e8bd8614d06b80f3bf56381179342143f4c89b8cefe9168b6a96f416dc617b9f544f9df65ca6f4f7a84a327909666b70cffe889c86aca706a0a1365e248d6b341a004a27d4ee344f03ce6e85d3573e272d48210df7c3178efb7bfbef7765d24754673c9eec14c7513fd8de6386b0829ef0980b826ec9c77c81d1e3b8caa65992db9c2f8dd691c520fa6f233afaaedbf287a57a9a66d2330f4636f02ea3148c4bcd2c8b114d48a1027fb3bd5008d732c427adedec9969aead451e166954fdc207c1a4ec409cac60e42383385187af44f136f91a8461e62eafe6fcadd1e491162e46cfbbadddb72e5b54b7c655cb9489e7f4f7e55c93d3ad50cf84e1f47a706fedf818a5246bc755d6d18ef18702f5a90ce51812a67227c5e5a051133576e9ebc18afa18c1b05c854d343727b25bb10e3b9a3645d789287858fa43734d66ad831e8646fe604286544238dc99acfe3c8285230fc784bb73360f72ed34795b1c46edbe32a346bfa7f534b500c6c9d3ec26ad7ed20d1500e3dedf141df3c2f92e981472f0010a48f25429329ae92cbbb918246f5a53212703c75dfa15d014801a830deb75baa36", + "sha3_256_hash_of_signature": "81fb6098c2808fba5408ebca2041e87c968c09e4a216b80f29b049a96184122e" + }, + { + "key_generation_seed": "5efbbbe99cf5c2b6830fb8e990250be308e662200526889ea973c8d33823ec19", + "sha3_256_hash_of_public_key": "ec2ecd66de827e04db7d435491a77be33a74a63bb7c4e453833128413419c31d", + "sha3_256_hash_of_secret_key": "fe0c2cc89d5625d69bb6273e6ff6ac7a3d83c137045fc520ca53b468e4f17620", + "message": "e7e845902e852b331ef9923416e492c1641236e4e72408d800fd70774ba32b6b4be04b6e82237a247d26f9a33afc4745c16ce0554774c68b33cfc6e67ae34e42038fc6c324972642338daea75982c71720f1ec9542df94b38434da34a2003fabd9daea1950b7751da6c81aff7d03390f5d63455d417f5d12a510337a16197ebaf921b6a7a9a9a58f9696418eced6b27cb8efc8ecbd9b68714f721561af8553a0d84e30e009a8985d011cb994eeaaf88c76f7f3261b47fc174155c138db2eadb09a06073b211fc0d27113e8fea0da56e181cf532ba8207f5d80d6a30d8bacba540d49a81a0763a0467dba7883766ed6358e809261aa3d8b757c839b532f272c5767671a3a8bf3391b14f5e97bf2668a4e98847f1abfa21e2370870ddf24504f89b3db71e210c46d66ea7296d65c926e2c955d899ac830cd9d06808a68e9b3722b86e878cf21a5e5d41d7f3cd95d23a6344c259859735ae1a953ade13ca103692b33af90ed0345c7b038d938f8f494d90cbd3933b2a80fedc2be57960db23ad018bac63017a04fcc510553226cd86c74ab90e13c72a1be12e4d751dc670a98ec4f81e9f8954a693fc7175ba7e50d340ff7f15d568d0abded0bb1fc557b1e55971b4c4ce8cc1b4d9e239c73b1133c9e1672dee36a2d9527f315c21764648643d866b0e2ab6d2dee61d838bc5dac183fc511c4501b6e535ecc54f3edad6e8edbf0de7cb70bee861b2bff0d41bb87ffc0ebcaee9a6dfb98d31d35cfb6dc0442fc285ad0879e7b218b6e66453fe04207fe814c5f72e49406b48fcb1db145753dc2a2d3e9793594f7ef1a1a6339619e1040cde605648234a51b2f6774b31c7f9a77c2ce3b98819132bb725d288c65901f7001e05fe5326b6f701c337d41c8cf8748ff9c276ecd398c725c36c11857605f58c0b154dd9f3c1b4649ae677533eb0338b7475254e273b786c2fe7db4c13468caf0aa2aecd55dc1a5f868c8edffd8be8deec20a9faa621c4680f3eef4dfe4a79794fcbc5f8c56eedcc3e1963569a36525d4f6a5bdbba5d12966fd8a0fcc70783fd9f61613842f80d000c9281cbdf28c01c6f6aeac10df1ddcd0322e00c4e3cc801ef091d9c1b01e84dce725d57c800d38990251aa1d1206ad93a7dda40f27726d6a03d973150f7a88703724e314c0953d56da6eac442a70c2a08bc66bfa2b0ee11e185131e352d10dd714dde502097af0ad155aeeec2a6b93b149b75dbb898b2b3a7c5fef2f48d9b12a580f54c4eef3ff83a4f13f2f194af551d4800ae86aad6efc82ce460d325cbcfee3400ae939431ab4070d7a7cc005f270896051e32b1051e58941530e250f05af19ff416e65ce40655fda31d2e7a6158e07da08fa61afd5319b682de44afae146129a8b769c1708a5d3479b6c910b2ff0fc872a4a41aa8bf3ee16f80011d163b599d18501335a2be10cf117dda094fe01596c404c14580a7075d04ceef68bd8f813d7de6599f478f3de9ce60b294cb7ce5284a61e078939d08f3d4fd998add3b92532aa54e0c31087cf14bf4ec964ebaad53bd15d04e37948e94917dde181ee3bb2346335ffb403b000f5669019c5281d88a0e771176e49dd0ba22e719c0b731ec2aae9c898e74b2967bcbdce0d7d73057e004bd62269f4e7f3823dcc18cd6c551104b9b896b0ad138dde7c3d761138641bd3eff3df1552659fd97bdadfc59a05cbc622a4492a1b22cff72ac197d61a4c5a949aa9ac09d4c1112f4c1b1cae353c70278a21663e11f27e9ec66ecd4ad56f2179a3fcec37ac3a3f4b33c06bbbd4c8ce8e74825bbda3e58a2e2d928c2c6e6d886274bc0e2175ab03d8721c664fbd6455db2960e3aef0bb25afd3cb0bafb71a2bd18a89adaee00aadbc7e4ae70ed4b534aeeab88559194755f9656b43bc83e3952000d9e2295bf3391904218a015c786de0144868ee4aed203b261fe743b7168788a0680f7484792a3f64782b2b1ed9217b09ae9845dd71ed363f18e8aaecd51a4f5913aab33fea3fc5f1e37e0cd6333d2a8347cf45eb7c4ad967fe6fcfff3565743435ef09a646e75c7e968ecf4202a9b2c23aa8118a1683219b1155c2cabc95c696704f5b270c6d213332649363ae13ec811e9a1090d1603eff745e2fa83379dfc6da5efeced556e46a8a5ff1f2a5c0d911b95c20ec2465ad0c96ae7e16fc36143762bbc0734cf4d6134dcb0d739f7822470e0abf66a0ab15ce0d6096d3abba2ca4c81c1c68bdc252a8a4ba609b7c05ccd913ea56126f418fc0b06de8f76ef651f8085604c16e5910f3b8651ab78296b56b78326e41ac15774e442017fe5b291e5227ef5a4b78ccfa96d6921c8542a8a984bc87e2678903869c52c2568fee4e23ef3cc466ce270614e6472244a4294b31f9438f7e43437fc9c9c5f3efb0f4f0af2110a613661dc24a1c7f7a7f8cd14a943821f16f94bd874f1a32e305db4776cdf6633446724ccbb2488b1b06f0177819d53885127e6eb717c0d6718366a8b8a089aa6ab17cb2581a75ec748123b7d0383f3900efcff77d2e022e90aa41491117758221a0b149c8ebc23cc01c17b9fd39118dad413a391cfa0a5c614208060a61646c7cf1dfad4abc3a9cc5cd566db2ac8faf392c9d8e7da0f84b941d792a8493fbebad30d0daa0d683dcc1583f0c9019622eb6c92fbc475babc8b626319be2264ed873ac063f84b7f83688ac99d732a1e3fc12281bfb1e1e63d48bfbfca619bf4b95f899c50ad0f5fe4673347df2bbf2ca21bef49c7f8440d95a83299960f1e42b457addccce236946de80fd4862baf36387e041deaac3c9751ae345512bb1f423a3b4ca8d3a5e3796d289641d3424ff22670a46552ec68d7d095e8636441d777dbe2e9dbf6b5fede5318516c3886b943f6adf17d8b7cd40b20a48233c9fd981145b45a5cb8f6a88eaa36c270e93e1d876d7781bb92a1fd99727d8e0ae34c73398ab8781bb342f5aacf4081459ea5ec20c30cbb6122344c457f92b20448f78e1a2a291202003781ebda1747061c6ce1f8bf882fea4fb50bfe638685cd638eec15bc24252567025fc5c16ed1f5d98dd90c76e720ef7b4e25a20d262e339c5e5bb5a9cf051bf5fd1f63e93452a179277b57956821cdd901f1c01e634ae18485708a6ed8f592ae2ef3a9d54c9734ffbadc6f0b86d0398aece9374f9acafef38d4b97be9b932b9852f97aeec435311a67ae344ac1985738c72f52b3d8b71f64a916240477fddc5faf02f8224eb35d310fea03fd2c5933047355a438676d92eadf70df662d97c2f5e00cb293053699d51d302b78145c77ab03f34eaf170eda5215436faf0238a4b0d41d29f36052a5278c7d8af9a6ffc6e2b6ffc4c5d524f7640a7170957f3de2451ac75589ce328b61ea7179fd990da1698f5c73bb8639a4da2ad67d364db04771ca118c4055c25f1120a0643158c07cd22b375d5c1dfa26ffcda44921f41d4a504b2279dff03421cad19960f87c6b6dd8c29981cb66c9731f931e43b0d97c6ac9862e2cf711df0ded8e4d06f3957fff9085a95d9fcc95610fde22856b229a3121d8b81ee83dee4a6a9fa3fe8c75351574cb000bf7f3746ca1cc5414aeb23a2", + "sha3_256_hash_of_signature": "aa040c2896358599af1b13ae034c2adf339816ab8baa35a3357bce48807531f5" + }, + { + "key_generation_seed": "47a048d8799784f6ec385eb984e70c62ce7c8a107232871b69b99f7bf4c3dbb5", + "sha3_256_hash_of_public_key": "3e6bd60b34d0bce3235d36b4452bcba77f5912594d664dba48711d49f07c1f71", + "sha3_256_hash_of_secret_key": "6084b4248be1a5a95712acd1dddbdae9397ce2ccd25e52f48afdac8df7c7519e", + "message": "34fcf4626248b979a7a8d306cb9ed69c4ccb5cc3729d2692e0ba679d5c2feaac54a4e06d4efcedf78e19357dae263e1b5d107fb09618a9c34f54f19a738a66b95e6f88e20e01f879f53e8f4c371b571e1438ff70e0a8cd00d608976e24501b2ddd323efe6c1302a318cad821c6ffe641672bb80ac62286c69fcffd93422911c46d43dc9a1f00a73e19ebe6cc09a9801f2a1da708f0f1f98e7f1a18529010823230279f487911cef1e784a229d9e311bce5e2d368e6d613f791ddd617d0f37f604b786ca2bab754e8bc4bd3da37e66a54df1d3b268a5a80379a30a52b1532e8cfabe24168d83cbfd61e2346f901c361f771e0be3e03dae8cc30614c10fb8dccdcaa5b9a25ddd8d61e61f60f22308e12adc137d3d8c53cf7b31984cb813758baa19ac178f2f0cd2155ed674a7509a3cfa7ff66d2d9b1e60be50fe7fb79591c500f66bb1d35edb80263f4b696a3dda0b9b2911d01e76e9070d99db93d1d0c3874cffa776ba24424a6b453526f7c44eafabe13c0750f9df33e82105930139e70b5cf1b09dc3913d6bf4a4859f67fe814ff038f0fdab93522a35e7f81002a395989d68b8b7e4235a09837cc6402a5338da08e7c73dc63c43bac42054c694f4931b80140d6b104edec995cebcc5629f85d09ded8257626f9fa4079adef81d044c18bf2277daaa41931b62a6028f89f95f06d8a8fdeb95eb2eb1e90c0d8523e0b476b158e3040f212390ab2503021e8d6fc0733b963cc6188fb2532829925b59c8255d89f10b657053d0fa1d8e76c84826a4609284503d3a101ebfe7af93edc423ef5303cd946c8b570511e38eb04bee0060e678d03e4134f84f279a570aad0332417fb2099e3f1f279ce7d6ddb080c5d83064d107bb560b21183ae165cbb54cc75313de72d40d1cf5173455aa55c5c356d7c40a2a7023dd95d3f89b515d7598f800dcb7bf68b707978ecaf55b794a17559bd1e913f4472b1830783bbbab5f23a760c78c46157fd1b429c445494cdf92fec8bf9fc217d3ce2697bb6c671baa793cd0c1c84f579f0daec400beada799a9f417fe4744145f21c6f8559afa7a514a0e951f03e5e68c17a8e5816f3fcf41774d26be2edc11fc3a42cfcf00f817c3d0fbf474fd7f30c9c3c6be7f74fcc79fa6ab07cab037eea7d83866673a74c087b5f7542804071d53ce348d2e836749e35af0fb884d5d53abb195ae1ee6e9ae35dc91be359bcd510a7801fc243c07dee92373918aa4f8a89eda3895a52456f7244d1ff007cc7b1a52cbef4c1ade1c2c0ac189ab24b3f260475e1d08e7c5bfa30a1cdd71de5ace80d5fbd1d0f17198b79c8eea0365d139f2ae73cab6fbc9a79786896de0ce7fc747d68fa4abab662a09e0e409f7e652153352bb92f5da1836b0e92b0b644c821b2dd2bd0af193ac0f8cf5b8d88432f0248dab09b46fbef2ef1899b5981e9b33de4e9927ae50890fefc35f681e075d8b0169a2e16feda6392ab9858db87ed18acba25575afd1feda9fb3fd01ecac13c245df6972f65087513f505187c4e8ea54b6433fa092b6cd3af13f4718693904435c55d273060fbb5fda76074691269493e86f287922d074e54eff04209b2fdd3417d8436d1395e638d57db75d68f4f819141b6daf4d13a9a18629cf5f84b0cd02e7a397715dde5476bdc467218d11aacd6ce399d9d54645bb27ca43076b7e4e57fb4f7c4f4b8d0aa949719d731c3a927fdef1533d773cf1bb562d5ea43817a5acefe9eb7e51029dea143e8a1d5f76f9bfd74a26c6d38f54194319a1aaabc4daf45efbae770b9e9d834c09fe45c15d4bbc0251d3df2f2f23387dcabce6ca7a59625e18fd997770d164c338d0692af97c749fb746c0d3944ca4b2da6d3ad7b8c3aa922fc029cf9ac5580cfeaff50cb2e9044211ea522bb5769beb7a7bba0743f345feea9aa9da6ec5f0579cf7a5aa4dedc832fe3f65185a31fd49c0d259e3b7f8fa96e110d130f588cdec30d0fd4860ca6673c46d961fc68a4020fb03ae24b1ae12967ec1ed19abec0808a7ef89521152033f70f406a7005819d28dfc556c79de18584088f40be40a555eaefa78e3fa3d9360a7cebd963555cf208dc408a07ccc1369f98bd840f5c940721064e6c7cb241ed0697af0facf36f05632a504870abf90134a01af00d340f7a5d548a8078c2049600ee454d15eb8ce58c26b3c8185cf9dfcdca7d4b6dcdeb82230f993d51e701d8387b06bd45b4b61dc9da6d3b4356f50c1d4ad2b467d36ac092442fa90d1deb014475ac7ce90c974063459dc951decfa30d2de4c70fba39a8b6931217d0924ffa783c8c3daf048908e4aaeaaa3b7c98846278afdd1753252f39caed7d334d8575ce3ecfb2edec31afeb2bbe67fa929a267376293c2b2f295cd8dbd66106e1d9518be1798949f3315e0454d018c2b706fe836fb37ab908d9d698af495bd285a74e4cfc7612d42121f43fdaa7dcf44da82897b820514d66b92983a3ec819d2ce208d688b6f0aacadc0cdd619d815cd231ad8dd9b6dbad9c47e16fac098d0f4279ab52055d2ff765af6e3618c4509fae6ab00fa23980efb19a26e0a6ea4c9a7dc699121388748449c429b28ad2779f5642f05ff58b68ba3e289f90eb27ce06392616c080d659338caf274d46a90d58f2bfed25e8d4a8c62030a5e89f6b1a5f6112a38661e2f2b5a37bcbf050812dcdce9c0a939adf929c921e7da0c30815da318eb2f350f286441cc92060c970077623eee68b8c6fec9fffe780a6fc85fd7af90172951337af57339e98049132a4cf58874a7418fb7aba0628b6192bb2c43102ee6b1d7e824725d9c75d34a8b69df4a6bcb1f96b57767046c99ec6352751e2fe1075bb4092672379b3518ddc884fead5bd062b0336ea88bcbe0d22e066566347feb617a322bec561e9aa9d2177eef0dfeeaf6231ad56d0cd9e300709c9317b3d334d8d2ac97f96cf2f45b8582c4128d95da8ca207ae34d3daaccdb128c11694eee6d3e8e6ab767b6886b1f7235d85a4d9c7c831c5db8ad8323f63927a638e19497cfb308285a03ca2c1fe2ac4d919ad11511ecc6f28e7d0e0a614fe21b57bccdf83535c7e2c40840ba0014247190c580378454751eb3f2361d7193e160b9516f7ee1d683b336b873c8ba22e97480a61f002a73844c78309c0a3b31be30a192a62bdcc3d33a7a5ba1f6ae0404a8558740cae46e5fd15971b41c0bc39665a9b92eeb3328c328b073ed5b3720d37a1c097af8a6fddc3b2b067680e6caa760368b0e1c052e804e9f80f26b52596202ff2e0af7215999eaf7d3ee3e8916744e40aa1154322dd068aa15960dc38671a4f5889fbe709ce1deccfa80b9d33ad2fd963fe0581a2ed7718a27ca62819d05baa3212ec7cc1c5472bcf579ad52d5e1b2bee637d9827851c419a4cb91db57b2a6cb4433c1bd209648f1fe170abb964b272bcf0a263ce28cfa3a9d1449cffdf643e37ad97182f0031cb334a1eead23d63a5c2d0a675d0ed000f37fd2153e1afc4ac01692701014927601203ed2b8a477ccec45c1f43190e4fbaf2295e32a9383fc7915aa76950a301abe47bffaa9c294292126934ccfc173115a6ca96f3945fd5f924a5017125ad5aac705106eb852ef3190a24420196ecd37f7c67b57162cbeb97dfa", + "sha3_256_hash_of_signature": "06c31afe65abdd101f2d0566425719e47e48488857b41d42ed47fe7a35c6897d" + }, + { + "key_generation_seed": "1d9e243a35118bc7c50a50746e1cf19c9fc310c7d54181fb95f44753eab1b94a", + "sha3_256_hash_of_public_key": "849e386afa8c531ca4af66870664a3a846b13d904aab1ae2287e87160f755e85", + "sha3_256_hash_of_secret_key": "b399f2f5aef844e9c5008e3d67c671455f672f0501dcb77381ed328b577fdef7", + "message": "96ad5faef409b8a4c21acb1acb596badf387d26656be3eb17987af59737e324b7bf8412a306b0e706aef73d79af753d9b0064ba9ced8dcea966543fe748e2611709ecd1ce6e4dd8fa812d485e91809a225936675369574b0d104a258e3353ee0e021683615ca5c7c531fb29a5025cc7f7323860443dc19c9858f741eb9d24a9f6f04fc839b67153214116e8b7fa982f338445830f915f7c85c88c23ba2a3ce8e2020a9d8dd7b18efe95563e3924d2a341826af51a8584cd026b1c433ef0221145ba8bdc8f73a467b33a9eb3e8cd2a4d671c17d7c28aaa539d1c5bf2f4138639afb89ce791daf0ef0281d52598f4c13d210974cfa1f099a0fc70b1dc120e5c00c33a2bd360bed57cce069060d6380be2204852d8bcfff4918ba0b70b0bd1e1d55dc1d68db1d20ae713b0093eaefa1e33d40d9bd95cff17568393e9bbf5cc1287325d2668f65dfcf44ace2f6c6cebb62f1433e69cd19e6c6532ea93682b22c4c4a62c6abcfaed08ee64f32723e56205222e4ae0831ab8fca8c265fea0cfc66aab1e367201752aec11f752b963792c071e42a8a1ab80658a0c6960147ed740cd07f307cf6a644a98e1d2e56c625acf458d0bdf6216a4f1b9c78ec3f14850c803a4207c894e61a8aa88840a27f2b439fa7cbaabbc789102a95323e06e2c324859db92c6ceaefdca389f677082180fe3d6202ff60dab9f87e3b84841c0a4eb5974d893333f7f1513e54ea4ae0731ec409f69b77089fafb121300042880ea59b7927e9435eabfdcc1019a96e145d5d157998d620e7bc6945dbd6cd78e94c2d89589f8dc8a01cf1b295a26b091847f034937f764adfd811f52b3aa187f3f49273eae5949ff34b64bc86ff11eefe378825d526509483e7191b33333e5465ffb025b269f898ce1f83ea549f1864b556c729f510118921b69594f67b8c229236ad3aee55bd7082e027b5d342c976a549e01618288944de0b2c77473a25201b61034b334968178afab7f8cd1feb6a25cf8dce3586ffaaa861471e2ee7f0c22538fb3c95d2145965c4673e6489764ae24b4f048ded77fe3487ae175f6d4898f69f9fff276470a93daf986a75f685919d98c9c609c795d4785ae941c782b551ef382f47209aadea19066ae5d3eba7bbd99e91943f1e62754a42ffc8048f7b87f128ccf6c96bd760b45f07f740e94491874b06cc3450aaf55bc664b407c57369cabd2708a9c478dff64d292d96ab71eb997f8b71cdd6ba02f52c5035ec26e8111ebf8268cb00df9ecd63bc0d557e2d2e77a6363b00daf25237e77dad03f929e5e9b39447a70d4e5f4b90958f312c80d594e1b1f3d0d23f2b0d9753bf3544061cf0c0f841c440319e74f9b9d15b91eba1e680ed6aab7d63a97b48c0a4aaf314e8e77e2ea6be9dcfc7b5557fec1b996a37c86cf6941325ec356ee75671726bced7d2157be8d4c62cf4bd0420baf2c4223597c0ef75f7a7c9533d14be0d21c37f06faa53ed5ee0ddb025862417f98d2f188895395cf2fe72185acbea952f55cad7ec2d684a5ab94b1257d7abb565b8c07b88c6335ffb9d2fc6f6779cc24fc3cdf92bb3b12ec54360a7cf3579632a2a65c518e57015df1c616c857f83f5f1aaff693acff210dd1e95ce04cca9a0bf385ed6ea2aed894e79d5133799393469b666209371e708d4d279e1ac5ace28985d0db2765d547c2902b715baed5a4fa3e7aa42645f3bbe1e9f3cdb87b1dd8dbb5aab08626591921cb49e552f8ebafcbcf428470719ae40b9ca847f31848f39e4d42049c5d40b0bff036e5409a6a12e7924148e60b64bb83386079b54486ffc8187302893b8bf826578d9ca03a1291983f21de7f6e65458f8942dc1b135c6c8c1fef4f3863a58db17112419590ae57b9425592ff22e596191e5ba7c513ec315ec3476c95a149f6a5ec1cf24870400fdf46217a23f42e0b61157c3cee23e7916b4475a94b96b917c171b1a34db13ad98833e457343f94a76ee226fa5b9f3066c2fd69f14d3aaed1b31f5114780442ebbc88d0de5f689cd910e7464d73423b9d4e03718c5c51871250d11e27e28df1268166e3af328a80d9d335f2d27d2e91dc61cddc7f733e345d56c11b6130875d93d527f93542fb352407185e7ac07051af7f642e34fa06b1376ba15a35d837c1bfe090ba67a89fc1e307dff3f02a988ecd48fd229733f641f2609ec8db14b1a5ac170b104f03c2509d2ee6844c716766d06a6a25d957530fd68a8de6f1753f83ec19ea2deb1a4f9c7986f20ff60a7508ded6547a85baba70577062e8144ba0496777a5218595e021937febad4bfdecac29e3fff2efe7d598fcb86f93a734e4c573e1496a6282a3b40e817dd3c9d631939aab350adc703899ee3bcb1b5eaf6ea8420dd6eb2d4f64a1818aafa97b73c75610b6005f1edc1ec7d8f8db1e5d3e9666c1292515105037d26f2c8d83fee1f4ef5deeb287cd7c1e11960218c1b8bb50453488bab019435065aedfecd8d218bd1e751fe736442e8d09ce7176a71c06415a30b070693a68bdaa5cdf62351ae665f37fefda9481e62ec181ed24f0d0649ad01c89ac422f1b7e27895e55dcc2fd817346d361fa559094b37894c0b478c68a1d7564d089d9d4417d5c7372a33ba475a81fc129f3259c5407bc7435825b415782cc84d85e69d9b44b32d78fa255a895cfd55319dae677ff89d93a3884ce9401775563ff1788cf3ac11cf96daa199e7f4579a0264378a323fda64fad2349c09465fb23ba09069c7fbc79e7288a82f9165268f6842e0aff0e250c21bbaeefb4347d4ef1cd51161dfd29bfaffbedf71dec93f4157a5c18995379ade8d15db59ec4a8b308c2eade1b7ddab55ce2220f3b3ae8cba7c8211cccb3846a225b438f4b37df54363a987c5c4e6b9d20ec3c0096317d11f982184b75d8effd168b7b41317d40f903a23a2649999db36caae31ba5d91998a684d30aaadbd3b1ec154bb6c92513bfc0c47c673254f42b1fa36b995cb737668cbdc2a0d1ba838e74e0e50b22fc22dd048f48b6d1e89e1ccce5a226f63ac7b8e6e9e8ce27050bf3dcd7d0f35f47bbec1caabd4d619cd77302ab4ff6f56dfbe9f5821aff2d72ee6a628daaae4440edcc070473bdaa54ccd775331ac2812fc5b9884915da582eb36f85c7923f06d961594753802efc5883ca484fc64face42de6c3105e23cb90663a3b381d0c6a7265b740bff0a1a017058f06e39a74bb07b63f883cf914fe675e7e5ad5ad44c9f90ddbe23a125d9be02264edc13972ff22ba48ece8890a223ec13addbe055a8b4e03882677fc0d94c9053da6ced34e132fd83810a793350446d60ae5dd0d174b534a3b6f5bc1b497f9406b5cdd414401b6dd881ceabab12cc51425e88a81bd9e14bda18273583cce0849aa48dba1cfc49cdf29242c73c99c87f063b8b739aa787570459c098405dccef78d6d97c21545f2959df9cd62f9c38ad9a849507c23a51714565642dd76c9103154327985f7dcc701b795a7af8625f06367adc11a7fd7b6abbda5b2ff6a825dd43b64a48ede4eff8603a82159a6011f9e626171e4593c0e963595a6e068ad05feb12378c71ae515a82c293eb7d2b01b333cbc7991b44685aa7513b3a58342ba5d094b773e6a27f8582f3dabf54def59974cb8a2499369b5b64c7ac08d32d75fe37371c578073dc83b82a828dfc325976ff282d3f6", + "sha3_256_hash_of_signature": "19f6511dfcd0b112bf718b1928ace38c00acd38cfcf6a6ba3acd93d5a15d3769" + }, + { + "key_generation_seed": "0a46fda6ba71125f3415e8bb6c2d8c00601107fa563e7f6386486a88f87701fb", + "sha3_256_hash_of_public_key": "95fce77df7984f0aaa7e75d3345517bdef4ccbbf7240ae85520a5ce8e4a4f507", + "sha3_256_hash_of_secret_key": "eecdf51a966d591ff26f3fd91a4499635b54641daf78d1e440f8ec10103f67e4", + "message": "2447d338bf1a375b66b77fb96cbe7742508b57dff4d33a368ebb8451c2c67b980d3576e6588d8678b285ef288a8b5c9c2726c4a550e764e47fffa2a128533a7653e480288447509e10013ae1944fffafbd9e2baca0b3c7069c07a4186c056fd3857caddadd5f891512daeeb26865f5c89ffa63a64c85a08e41ebe7bd8786a8add571a4267d5a9e426840a0b988e197a09f3770b5b0d80d65515cd4d8390af40e6150062dc4b8661a8238f232692c152c97b8cd5bfe7b5ad863dc92d99744d769087b3edd81d2e475f5cf0224b10cde6fae8dfc3519efdbe66805ad4468d84d3dd93430363677360da8f56cb58a6b775ff6417c1f324380b15c9ba668eb0f25fc2a690b483e856f3327b2d79fa6259e30d7f76199cfd21152b7c6ffc3fc113f70d3930c08b3c1eb1bf25c100c5a930eec2c52664f092b89614943d9d85ed86a2ef666a94f9826c3d116a2bbe49443e2c11748c977716381d9463da8d09612b80a6760e5a6fc5f59425eaaad6c8342c1ea4beedd5d73151ce213c0b155286ff22cd28e3bb88e0cee39cb859900d1e0fc19f6a7237bda8e51476f4844a316752fb347492a928eeb07aa39abdcc0164d1921b61352ed4ac94b82c410a56505633bad53a3e649acaf64c43c1acfcd4715fc594af6fb9e85b0b7ddd6e8621bd12a2bee48223a97ec8502c16b550b03087b6e87c1a860d36322064f8febc52f2b7c31dae7430870259bdaa5889852e3ae6f61013f5ad0d38727cf9d90c67bd7bb3b82d303c6c35383ed86fd5b7ddec824ea198ef780be830a1f2679d24ea6e2feefb979563f511d188f409f0cfd0050fd418414d01e46db3d23b3a90b24f4e96edd4f863bfb333d6a826d29eed167738bbe22c516c59fdf81b032bb55473a5ea2a1defe71c95a1eeb5c028435ad0379896cbbc76877501b054cf1fd2f6d7a9deccd70d0c07111147ef568dce514de96eed61600029c8d103b31c8b344a700de630276ba2c5633419c59e66577659538a6381e45584c7e1d6ed978ab0af89067ac83bb70deb6f2c58e339a5a66176a54d985da6e02002948c62be6f12314240fe18b09aacbce82ea462586b8316c3e0aea00f9998922f8d956120e53b4178223f4d2934a20976fd5a72027c8f4cb33e9bbcc0abd15395151266b6cd5b4a9e2fc1725d8e9ab2cbda47b507bb25ac995edd51ebda5fd19caf68fad8eac57cb5ef0c6fc861a73e64648ee3255db4c3394438f49377cc4ac2fce1b6bc812e5d282f122678713c6c6d452a33c632c0aa47686588752d72b0586fe5ec2464a6db40662fd2106a19f67dccc45692fca03685251d512642b0cee436c78d94c6f5f25bbcb41fc7e5b1aecd52b846a0b70eac93579603e9870f942ad4c1cfc9d49b1132777c6f1c184c1537178e5029067257a2da2827a2ec44d323d13dc6e4e1b9edf5949d4324228687fd54f02ccc3c4dda635fa546a5a6783959b1c48aa9d9c9f6381ebccd979253460857d3cb1c70893ee6f04709e35923883ee3c71c7f33b8cc28b9136b3ebe5f52b9a76817f2f74fdc2f12b459dff32d5a295be374b3fe507a0995bcacf1e7b24f4501b29f1e8b4f2a8cb394b3e459a4296f6439ba59ec88305ab045ff40b1dab4f672f878de1f9e46b9326cb3e2f3457b83ead8dec28dd079af0e984a69ed882e1cf21036578485dfc2debc9cfe82fce0383b4039d147c4c7e31e315fb57b9093daa811f4ee4568e32e5625abe76c5a1ae42a03441dbe766d0ef4df607406f7d489275e8c5d4470866f9049a4ad5c428b843dec3702e86e177e4b60181d2b5f099bebcb25f04c93d087c72436e87a9b3afce78fa31e2b892400b5c1071f8ae0f78ef6f7d71859a97c17ec0912d5ea27afeace739fcf66f489ec6355a3318f79649881cd6c7e96a881ecc4ff6934c3d10d99f1dfd00592cb037749b025bd4bc2832e206c1407e600fc2170c0bb57e5c7af0756830c2a6913e2b9c60575cd4a394f2a65c50e40a43cf5ebca6a8a32335707ddf4633bac7375dd53e24df20af30203b514d3793392e38fa8429b050f58b28cad0146f385809cc7faeff8b71b2bc93d2c6f72e31ae2d07cbb3cb7f43540894e01654edc71ccf4f361a847ec5b1d23c2d4680e29f0e1f992eda3ac41ecfe614fc010a2eed1bad87a7d17468d6fa5356edb25e9008a9bb328225f85202246816e1a542e1dd746a5fd3e064faa1248579d31cd3d65f8fff36f782622402db328c7850d82d8d8a52b897353a2f8b95624d2d958fc1c3ae6466eacca2a6a5e6add4a582d27e07633ccf697fa02e243a4fbb3dc727b718b5ac0fa6aab217e241627e69ca46f05ed6b496a739a29edaeef76992a507130715be555c68a7eead6e8ff3a378d8f4b7bafdee3edb9ec094440e31bba717a9c82a117d05edca2370003dfabfb2efb29510466f74e76ceccfc41709fac4cd8eaa998357170a7a293209eb0bb83dfe5e2f6d73c28d5409c55e95068d647bec42db8098f0089ef8a5fc5976bac421c37dda6c4227bc1ae5ae229f067515cea3d794c8d85564af208ae0fcf836b6c0af41477f99c8773d9dd1923c5c07e1fd508c7436ea93383797f372ef3103546a5278a4f59614a5d182344f0431d065c35620d63d4d001d7f626993241362e67d1bf41419858eecc2626537d44e2e23619381e96cfa91b3d8054681d298509d9b99e7aa99cf8742e37637b24136f8e1b487e9571e4c24ae5df307e4c7c62e55c47132ae404b33e5367c6f24d6680be32d20bc58370145486fd5eacbcf98eb7e7fb6293044067af11879e91444025fe52e24617269be192bb71bd9f95356edbed9df352ab56a854f9f531889a88689d3f161fe6155c6c1e8011d60a46f59c7d08c477fa652b559a80567076b4eac29a85d54c66b35d6960dff75a696cdb17ec9a7b74dc6c3652dae866e8758170d055c4bf60fa1238448cc9e29160df50160c4b0dfb36bca40af0bc5f7d490e7dbca49535742eecb90098a0a0fbbbbc7af25c0ca9bc039dfb555dd8431af188f7c1d0ff786d627c058a0b9a15f26b58aa2a5992bc8fc5aa14025ff95f294203b45ea081e28f094d0d4ad671c885e67b2e9e800f10048158698d56648f67bfa8cc73dd5afa15c1e48936b2596dee34459b484336c20cd77e58bf682479f9aef2fcda86e4f3a2fed7046e5a3828a9b3c0dbffc25fe699f25629a2045a51242e310cb369b730a5e81167758d7fe843261a598e4541b02d0db4bf5616ba07a440665f7fea6213114b6b1b38bc033d70e845445dcd18e23d34d3d6f4a52f5f904ac5d8feca5af1123658d09613209ee19954174a1ac7a8c7f9ea288bbe5a0705f3ce38f30ed5ee69cf5208d461efad51c456507c3729eb338ce15c4c253be21e81f082b0847c6871ca0fc8b3e80115fe2bb8cd8afae69a3c1429d21f149b7446888bb4dcb639819efee665b6d6f69e61452b9328b4887a7c04e9949390980a2609a667267035b11bf862c1131533ddafa518221627e0ee7e4009cd48e4aa9d0753a9ae82aa0257b69d569b4c53f05a75a521b327322c60398db0947d205d2a33ae51cf2cea8c9162dd604f8edbe91f5199d19efbf9896a46389e7bcba54b4aa57cba0d4f9da117f288133ad01a9a9b2a824d54f74d4172be2b1e5f0d3de60c13aa5b668ee6a45397c2e39573ebfabaaba48d1ddb2ab6453fbbac8dcc05349404889c7de23a16eafac8d5e541457c32cdce80cbc", + "sha3_256_hash_of_signature": "6bcd669f4abad9a563b3c5a07d67f27b8d92c207a0bdd234f4c4547ceabd30a8" + }, + { + "key_generation_seed": "5229dfe11090effbe94ee161054cd5ff58b31e23f567b282db42eb1fe42e44aa", + "sha3_256_hash_of_public_key": "c37ecfba26dc640b1eb3483c34729287cc44797a082aae778dc8a7c3ea21d397", + "sha3_256_hash_of_secret_key": "2fd5ee4c8f999b8104f11452b5ffc1d8fb252249a495739987f788c6b2c97bc8", + "message": "aafa792bff719a3b794b2f8198ebd1556889c8c61ee6a51470ac9b274cb162af44a26e2ba5ea7663c4c78b4b66b322ecaca8f2ebb6a610b51d7c4399f4a64a870c038797cac80f709ca5c3c9faff7d797963e60983b584130c1b99328aadb2d261217cb95a535b8518a78a6d2f6cb8400c2aaa2daf451391f7b8ab0277a3af88e1ce6f1d3dbc386cbaff15308f073d29838692e645f566d4b3db4186c259bc84606855ea88938cec4f7211bc9b461e39dfbb9e44cbc273e02d4314a037e0a26d60985ef5a35f069d8b51f86e9b6801ca067ab75565d73581ebbbbd98ecb5af47509c8729d82ea0b35f0a376ebe6d90108cd61fbd0cec966c17264f6a87864457f41162ff7210049e6ce2b5354f8f19161e0866d6bc3935815d9267c600dc529521fd092b126ec440d49b8e3a166587657b52ae9e2923644f72876ee94a61d2db0ef4dab33abec0c47a6a725d4cdabd06d4f6a30bd7c90db3778c17b7d8ce82a5123b798d8b47c7f3e968c9e9f82a6eb3c2bdd8fc06d282f5cbf3050f6ff71e2edf7a109f23ab47f427bd75163162c37722bf70a6bbebebe8fd9c39152afeb78c37d718014f739f20baad1597b1f9c4e0b59fd82b834d83daffc935de4a3272d7c2454508c07502943e90fdb56128d6e6009ed09ce80a9b60d51aa2e4e162f7f0c362f6886bbcabe29ef6c7f38b742000b9d152ff709082fafe809c5dc9bcbc6f300b0a7840d0d36f39567d14d8227e7145f7ca670efe917e0f18b0570da3e05dde56883ff12bc0c76c2a1e9feffbb728d991769b7d0b0d34853c76fc0655ae200501c28755f57934bb9f46a3c6ab1dd8e0161c698133f4f2d7caf3392576b4bd2b6f8735d80bcf60656e132442bb7fcfdae160a2dfe3f3fb8209b5c933201785a7e8206096b84a222a68e62501846273f6a9145820f87f450d12c64ff79a843e897c8394ad54aaf4f3b886fb00a6c37b2efd0f6d4dd639c9989e7ca30e4f12eef440946b61d7a28904e1d74009b6d1aedf2fda8b5991cb37795a8ee51bbdaaea34a4c7040944761b9b4b4c12f455c536992a0852f7f07a9aeda8e522591cb4831b0c79fa977ab6bc49c9730186855986035d2c6e5a6d93da43e8825753721978aaeb433ce2f2a7d67c1ffebfea6f6059474d3022817a7329d9dd0e4a292302e4a57174b9c5346e4b6d75d65882ca7339a48c6e7af776a8515014a20e4390f6b4f4a19990fa725f5a69b9c3bd4e8bbaeae49979ac19600a3cec6de154985e236c3d0684269974bfc82301ac7196675f618182d7cf15ee5ce3b7abee0deea5c72f54cafef203d556b31327089a0c0de94f74458cfecb481adfe3cbb5da422bd3626b00c4572b4c2bd7584acd9129a76c616aae51f944becc4682aacafb8e3bb1a42a6a8e5fe7bdeb43305a34a98308ef2d49ede4f41361446a9ae4dfc1ee13d12821be0b01e55b865b563633e5a19dfb6425cb60159c147b18a6419f5085c5d0882656ed533eedf97674d0babb6cf32f696dec0f9921cb3dc9e6021fa198d554b1d83c42a0bf214fe4c0431547384f45aed9190cbcf98ed8278e8a03d551fa284c8a26218f0b0b58d99879db98449cc99b6b399dddad9924e6a7eb20a0f1fdad2f8138bdc7b445bc01503c509066b1603cda76fe41727ab5e027dcb15032e8f66bfa84544d22c501aa6f62b02c0f8764387163ccadbf1ed7238e7f16c80e6c37afec2e10ffb95ab0a39784f9fccd8ae263758abe392727e9ad442a44738d77cb61a6b1540ade751130489015ae5917c927232eed27bbf88481f3ca0c5ed2c31dfa943b2ead4a8c80b4946e3c138a61baf43a72c7a25e16874cbae254d3f14c154f7c60ccf665b566799a01e0f769b60f73c17c840e0018c6fbc10eeda3e35a77586b3a5936b363b2d5cb25c78a3e3aabbb84f1e64df47f97ae1645650fe1751a724ea9bf80744d0f33da6f313a3cc17d8f261585b62a75c167126d899219a26210dc55ab6db2b94e6993849b4986f988efb07478d6621cbf4b8ed772e61b0246a5582242fa20339b2d6cb89ba1b9210a318eb4697fd21efcfd230de9680514a442a13b29d8cb2627a6970bb97bf09c79c6ed7a27247662b25f39c8d675b0747f1a6d9ebbf7cfa7bc51a7ea3a7307ea4fa2a463bf53a645fe701fbf26628731cbc18636567ae633a49e59f6f049447803fa3d4f1f79f38026de9b07d8610c9f01befb7054aa46e523e001c1ec3a4e7084de0cce596dc63d9c1f1dc03f35f9b1918e62acb2640102e1d520e900969d53e83d2dbddc80d1dc54bee99531faa5a8d2dbf8346c7ed123587353dd63823453de350545c176446845bb3522a862f5d675419da901cf7d2d1f7050abfa3237d42753203be251b0364379232d2d9d8642d52a60f6f4cb09ef29fa1e6069f97a1175f8447fe98a813cc182e33ffd8b8cad93bf32a60f1a9e63a79a7f7fb9162783b89bb57f3e73155ced1d0084d5ba967f76c89c61c1a3e944f3b6f78d6cd3d1139a315c5276493481f3fff9b6a6b40c920eeed9efc74108c6bba5a15da736680a23db5672c5a32abda24b49f2011f44fa8ff9c73609ec195025f0456d753c848dc6296920fc32dde2174d37bfbcb86cf618aa0d486ee46c5e1ea14a3bae4952af5d4837f9b8122a19d1e59b909aceba6c849c8b452cd6cef877a65fd83e6d0c6ee35886688f1d877612cb8e671d83216a1f76693d6a4d6a2ec13eb6ca2005328b3c91f51b352a707ef8180f320d6e1685c1ef4d87e3cb77fa549bc12727e59c11bdf8a9631cc272998253028cecee8a2914182b90f586d80e7ece370979bde683f37123090012ab9243a4c145d6349c2791dc44e54956c5e9b59fad017d3ea27d85b48a896671a0ac14a73b5ab9145d8ba6aebf9ea25ac2e8e2c4d16c5009a83d0e84ceb80e95df2cec4cbefc7f5b90a84d408e8c4855f9aa2987d9fc9d8a451f32b367bb1de5271ed35ea153b5d400a6d8050ee82f519bd930245a96c9727fd24d8b94dc53d4b4f00d03172cd6b7f2be163b6d16fd6247b01988a6ee6ce7bfeaff78e983b8ddfba4242730e52b57876e3719d1f9f6cbcc81620f848d23c31e3fff7ebf2afe5011e6466b1889e7ef6281faf8b18a012ceb96796fca9b28e78335dfcb85bbeafaebb0fa75ee2d0d391ca97e05f0fe43475135b13613206a0d88438f17ec8e604b007afdcb9fa1378b7cb96675e0b19dc6fb02508e05a7fdaaf09297a3884aa051b6389a52f921f8ff31970fb082df554226c2613b80cc1adff770024d6bf011c0f028a012597ae56f36eb6b3e864d79639810b8ba7258b18192b5caa80dea4b140d3c6f1d707acd2256d676ae90980ba80e10b44109211aba830ee96e1bbd248315c804d391a86ab7d4b3a4a37fed90d9867da4b93fc32e79403e5d78ae99af1cd2acce65d4f3384d9ceab71b1e93b99704c64caf17b999234361e378b9362d14be3fd9e6c268013cb1fa2ea8361749d635c0429f796eb15a685e31dfe7a76ae870eba120331ac830f8c486f6c0c4f07b658ebb9274a463e0eea101481dd6b58835a303ace802ae79ebef51add98a67b7ff7968815acf4504b9d360f7c0120a00aba1fc558e6cbd8324ec35e0985294563a8d7eccccd9e3d1557a09885770836eccc7aee0f18b81e30f85d695440b5bce29945cbf60ff402b281942d38ea33a4b03e9fcbbbefaac2c455e8a03ff3f35154132c538ea16f0605efb788c3ca8435f6d595f776433585094abc75ba581ec59af701f66dd6091623e4676d167", + "sha3_256_hash_of_signature": "47de89b3bcc88684b3d2ef5df4e9d49ed138e4b573abfb7225d65cd287120e9b" + }, + { + "key_generation_seed": "18aa77795aa6d7ade8b6cdced81a1959a8329677f042283dc8ca71e13eb3adee", + "sha3_256_hash_of_public_key": "b018d92afd77b3b3fbaf55ef6e4f4ae192ea551d4c4384ed19475c075328a54d", + "sha3_256_hash_of_secret_key": "1ab3ce2be17119edf26a071af97f1daf5cb73fd3cb710a88e13ca33003ea3169", + "message": "63ec08b711ddf5c66036a13f574bb7be76445a1d1f83c7732b9f4c25fb9e799d4afa55817bcb39b974af92f3730767ce7d863b6a3406450dcbc5e0145d10b7d532da6e80196157c38d1b6d3c173f74d67ad8df24ecad4d9b59921418863a38270b982c4392225edd1845aed2199e2c38b36c7e0e5d2f3cc7f6803926d977c59ecdac67ca290658e72bad633358fcdde2a4b9c40169a0c7cccfdd93e4da3c3838e9308533bd468a9128c5a141c4842840e45bc8e4610a7c5e7535834c5ec73312a50197c76ae984b3521883f549be04e27d97580e6d85d0ee84cd0b8c65bfb1aa005c607de82da70021f8f90b7912c67dc5657e1882cfa6da3de1ba4ed823789c052649debc9085c74528162243133a6ae5c1c6bca3f730525b167d816485e40c208affa8706e3d74631eb4413032730a7647548b77579323eb03d36c2ec37d2389d4a17305f607c78f3073a2f4b4395bbc94af163acbe3c990306ba3f89af9affe785c3f6d102fb2bd55f0c1044034d6a871293b31a1b38e383cb926baf3ab4b5f79a47e9fa7b77bcd58aa35a7f16ddd11ff642069a8a327dfa800049babaab4afbeec9fa98adb9796fbee925bb70ee9e96540436e1473e3ae4c56d7099d8dbdde755a7e101bcceb596b9415f52374c8a3a73ec66b229dfd8cd7ee7d2cf1c5e7f490c7d9381d9321b15f84f640017851eced1dc80d32da3a0a57adc3ef37e021031866e278c7d51ff5ca8e9ecea1082423b41d772c5adc61a8c71c3d4caaaa3433928d7931ee715875bde2bfacaa0a7f799b45241c21bd2ece4a5944fb6890bf24908de58dd3c76173373254a36b0b2ac7d67926948cc0136dd9a5079d776c297fb6a585c290d5dae1c45e91153299eedb731e527f0f62e83c1e93c75fc74f9c7e63311562b0a55459a0d41e034c3af637eb29bc789e5920daadf265f42f2707dd1ad490b5f8a8d24a9968bff11a0c364a779ec385a9a33edb9cfc7dbc672ba60ce5f421b40634270b982d619f8e7960d32e1b8a76cecd13a3b0214dd34214cb5bb7fd530058d5de1fb9e4e88adca05926ce1f5597100f55dcbf64d47fc177ff87c4bd9f6ed7670fa7b7d339edcce6fc1eae069e0c303138689ddfd23396c145b79afcf68125989c8477bfc318cdbd69d1aa6d3ee41f4b1f9be4be9fa58a072412078cb9196556ee56fb7b2a2761dd04120fcd9ae9736f599c8b96bf8f964b305530a6df1f94874f36f07962f87acc0b285eda64d2e4857e26bed40e9a5dc0327f1d91259292c608d6c6d59804dc23a34d1f9f1b69331d68771e41542fc5d669cbc3cd7f8310f87e8fe8f6201e57b475de2318ea6ef9f7d32a728a44334cc9df28df77038c37cba62ea8cc5ee80e571879ad111f35b6a154fdf8d40fc93360d547d02f0743a37ebc4af178c6ce36c92ce6b80b6350202d2978621684a19afe1474155bb962014587b1f5a477092f42bc446d7811c0eb439a6829e538077abbbf03f515f1e6ac018efb05af79069c2569d2cd7140c4b1b47886064dac695d59fde2d8fddb35318d33edad94ad4fd988095b1156fd59551f0658ee666186369bfa84e30672e4659bfbf7963c377f0039e08de2c2d9803fc12d97b5e67ce9536af12daeb3b9903d8d95f336ff53286284bfe8d7ad13ec21c2a9ba93c9a97bd7f6148de7c8cb41ca75a9ecc8f9cc68d888faf6b3e75376b5b16f41e7e6b76a686eb365365e2074fb1d7efb1b285a2357b020fd3e47b89943fbc1596f3fa8289ad844386a691f33daed4b7a6a6729526160f2d32ba7f68ae6678564fca05bd811f208a8fa62f6731f23d46027008246fd4bf3c454a39ee225245e74da5910e7937b36661548a55a2270a9d27114ddc94dd9b9d4122289df0a5700222a977f15fd8e36afa1c4870bd3ce9b658e2d83882aac5f3db814346240ff8c8fba3f36e52ac9b441c76b6f104a0931bc45e202addcaccfb93a486a7734a6d82b9f6ca911448f988626846d413d987c5ac860fcc0d5f734269aef88d41a055794dce832babb7e306f622e5eaefdbe1cf195e320a1aceb4834b3e70061ec2d624c12eb35b16e5aae73053a3290d4bb1f51ffdf48c1a7218d365db7fec15bf0f710954cdec54917600014bde3a901dab1dec0844d7ff148eded9788cc85c0cff26e5895d91c56ba6950c0ba8fc6c773ab4a6091a5de3ac335ddc2110eb0144fd89b3d815ef4a26f718c1acb5723af1da5515442a03cfb9d90623fb21d78daf441000e285e9e7c235c0f31e258e6b3feac048db652b83e07848d2e9357649372b1a55975b2ec7fcfed19d0b6613bfdbb4b5b01a9aa3128ae137bdc1d8ffc3a38b597578042cf183ba8383c289c3d92f6b70aa9b3364e9fc5d43f3cd3f310d229912e91d5806c2a11e0bdd208a2af438be77b43680e2de67918fd414338a763910e1316965bf96bbf7df639266d075e90ee9c073011f6783750764fbe4906ecdd94ee9fb7e4aedb23ee88ebfb018c44fc8bafc66e6b454a3d0e332c7a6b34c2e8d1d26416ff43d768cc36ca9d3168355f1a281a6b2eaaeac7b64aabbad2156a1d781a78a896248c56f3491a5dda8c22c231aa7ae14bd558f66e6280fa65f20b246d815bff1d3c6cee6df9b4aa7f750307a7bf73850e6bcd22ca0ad74b4afc13cd4aa2fb7e7b588adb3a46a23ec88a34f13214b261a283ae8fbce8007c6ef6be255c33218aebecd3ec27edafd252994b70bd67407620d26e8567f4c7f6d636803b6a27eacc3b853706a8d57adbf7f7e142ff149c35119a6172d5884ede7c71e6c34d1b485a684dd56c9d670576b75cacb870a68ea7ff2bb461d9e2fdbf500b2f200110265a3cf24370a3f480da66f98fb5327b4cd796eaf0e559a5519f3c643b59e3b89d05d2a9f9da6732cdc2996408b7fab5a734310fcd73fa3fa5cacaf31ab04ec0b9734407c6dc575350212239ac9092da5812137bfc40f7735bfdf9827f768fc0363fc8c5739c7df828075ea2bbe6321d5a8ea2eb7e397c3d58a953c7f0baa69a96ac8110b125ee2e9701f43eeb87fdf58a6e6266be1136437599e26e8e6e853dbb6ed9df3931c5f402fd09b7e203ab36eaa6eeae72e908bd2b9cfd379bc9b407f0c882807bbd2e91f920eb24137002a48f1aaa0cbdf89fde5c51079f1d8cf7a014207f1b40773321ad952d77ce18ec7b48f2ca054e65420c1132ab67c832ee22ffd8672803cce3de7e9fd0690e55fa1af5f11611e3e2c71ced55e3e347f4cbeb9c93bec2b98e48495585392471af0ae589257ed8d01792112c798bca5107030f207ce567594b8433490d8ff1811f21b03a42ad0678927183321355e3d6908dc1125cdce038cd0469d72458b6cc5e67eb0d78c20819c6f3c4518b15cc63754ff8679915e329dd46feaefda5249ed7e754e7bd55c75cb764b6cc36bc06267b2479cafbb3f0bae32a93558190b65c85dcdc080cd56d51d4105c5b0717691d4db1893ef8ad550f55855b4123a38d18fd67b588a3a4c2a6604e874d721359352b235c17ab1da2758712af8179ff433211b93078735f909f985f557d0de52cb9203ddc67bf9dc8632acd8d4f90196af6bd2e79834371c5e9fdf5992adb04aea186af36f56271f763acffbf94df4b0512ca6b7ca8ff486504e565bda367e044fcd0f25fbc2a6c720867f95bfd92109780d2e6dd60ce90a4ca8eeb8c4cab289dcf99e687b017b37695c3b99b4fe97d7e5d52bb9813c04d03c9ad71770fe0986c7f3a3ffd3a261ac771de88c7acdef253e5ce2b50bc5c576d132b68ccc694ba883770b80f5ed7d527cee816527f69ca2c101747a0088879c3663037db5b", + "sha3_256_hash_of_signature": "9dda534b4c28662655691de46adb2a7d8c5d047da70106e9d282eecb83329ad9" + }, + { + "key_generation_seed": "4b2d6ec32be9c5d8fa11f3fc0008f4f26b945064d98362ad912f452692ac383d", + "sha3_256_hash_of_public_key": "e03d25cf599c8750076def3e15773b589ef09e622bb99e58d31f0bb92bd4aa90", + "sha3_256_hash_of_secret_key": "1800a19ffd0ba22d69636f18379fa08246bab5a77e7f961ad0c1e85b47938ed3", + "message": "7785a08a3892c97d5ebfe52475298ba444674086d63e17e1faec96f6b10723447fc1b8cc758d1724a33e26518798183a4b3c99a7da54038b86473dfab8e626eb3bf54de5581e04450b2821f5020c466505990b173db9f030cfcfa505aa04b37cf0a063876843a042f17aeb1728787187428f8d1010d532c94c7ab2e1193994bff0cb56415fcd2a96be7f7fc2c57c8313e795367a22b6a17ce3b803083a74fdbcf030d91c957128099d6199686f2bea618cee111aa9d55a6f9e8966c102d849ade596a1b576924de0e92dd91fbb01cd93e24aa71eef219a78430d84965672fe6af091d46dcfa9ab906f6240913c1286ee0a152666ecfe2c154cd3fb14dc0f9c173e30fc9958a75aa6dd74822af7acad243fdfb743e47e48280990c2870904ef1c902261d0bd6bcfda91412bdee9a28c628f218e7648aa0027d918b48ef30a9b18390331805c6739bf6a2cb69a0de8766a7b3a448910d181f6449565a363430ba1c0fa8b11e1a151f6cefa3870c3b1d8cd800983ebd41b48c5624269efb440df23ff9bcb31a4b02f6505dc862b2103f76137fc6560f893577bc3fce92ada27f291305f2345ac82a846854f172131b042735d4b76c6ab2dcfd32bb6258b23ac790af2af7624451172fa7a29e0c5fdb3dc3b719b274b2838ff7a8b25f272ac8ea90fa3c8010ac7f65633eb43ff7a0a95ce99717f35d3c416b0e0da30470b5aa20eb9e2b66315b9407a4753df8bf505b8066c5d57ec4ccdd2236b9c58bd7337925191ed7b75b92c9cee626f13eaddecb07173c8160540fb9f6a4d43a1e9ab263b300c08966c247514647dfab3b420202529e963a51f8d23bd0f689bbc4d67d5a603b876e8cd3ec0770f0d9694dfc30083991cf3989db1812b4ac5452358075534190f012f7c0e47734c3ba748e04910783c0b845484461dcea67a1ec731354b902557486b484f67183fc711d10f906c68cd01f46481d040f084271dd784e5b958ae05b65bf5d207efbb5fdeb25366d6ff4161ca3a1cb71b2b9f90f86a315d800935ac0086d85d907a036c4333ea347000a0755550b68fe3dd7686e416483781b563680146697d6fae8333c24adc8a2436852ddadf6061e2b16fd3829c0b55c2e9c2c89f64cb8da02a6706498cf0330742083e9ac4593a1762d32dc4e6cc2d9f4310014fb15debbea324ebc2ea1e1660782559b9b39fbcf34c85fda9ad350d195ad7587aab621ef7ffb63277ce35ab43b01977c9f8dd6c2ae7b34fa7b35d5fa37d8b3719e736f18734cb3a2468be9ca0832dde0b958925a377fe6751c4eb8ff1ad295355302f0a5ed4e8f8c33fd5162542b8ed7cd985dbe3c84401830f6a7eb9d955ec74c7f98b02388b4e1353317cdb5eadaac9025038cc01f8655c7fb9aee940fc4b282748b39d277a7fef462038833a9a8eb50a8719f68b3e858825911f294a80faede9d4c1815844c2632dd20387950003dab80b1a58e541a5e6658af7d4cdd91fd1c08735b584f5c69c5ca94f6b7f97a4761b127db394ac72e902db9eb4b3e0b884c448ff2763ff9add530753263688cf92bb746181c17294bffc2a0b3969a7bba429a481c425b24745cead66286f5df04f1e4421c56acaa668e87ba58e3b07a062d1da60cc6b411667bde6f466b72c9169965bc7781da78a818f779a9b3d7a577f71a1df49aac865a0d6f2668cfd2c77cfa8d306a14dbbde4d3a3818b07dc89d5f51e117f7bfd007d60f32bb1b6bb01e76862398371fb91e0a3d4b39fd9146c47f627a066618cf83c32e5c82592b418bd2f5dcd8d42234625974f988a6f729c60ba5eaf18c77b611dfb187a581e3a10268a965f650fe242ce2fe08aa71515b59a6edfc9cbdae22df3aeb22e773cc2eb373619e9cda23c236ca3f7845c2136e93849d9f6aa1477f4513358cd8cb4e21444c9e5709818801eadfca23f2c23ddfd5b4ebb6089daedd14a21ebf3f7a8c1c80bbf7d37973bd156ac5c4462d29dccb7eeffa22a8b6ce433b600532f33999adc39196f01230614767285089fb262d8469dc66d24ae0b77fd05c3ec02fbc5ee328319409b8e2d7b0ac6801c1c8ba86f793c2037c71e2a25f114e9ee0edb3b83076eabfdafedefa0548dae91e62cb7c29c03413235b8c6eb9f46be29de8f5d30e8d97db6f45687dc4719b1024e48b7dffd0d2b474b2032b4e69b6382e603d4777f3450e2e467c6d9ab2782c0ae266c320d36bf67bd6b86ea9721b22741684d9c0ccc774335430071a5410c1e34b4bc1a823a93a38f5ab4781cc593b13a593867fb634c0c705107cd278c6ccee6d842748bfbd2ffd205c6bdfb3ac87f693c25c832c86d96b00bba0af88dcfbc8ca4328765de27fbf1389c4ede28317bd0ee447f030990e957d223a5ec66ced9d16400af6da8663c4e4111b4584f8f0066cdf8258d90c5d7b439503e3ab3fcc55fdf933e06d704416187aaf86e6c39695dea8b8189ec1299670be03b6a636889cb7f10f04ccd67278e77886cf3f6e2a05ba8d25ab8664ea817642acf5db4d9b3ef80e169463edb6bfdf67172e88d233609b091bbd085b970db8ae0daa5048ca42d6a54042f42445bab03f9bf1accef341b7349109ba0073d3715a9073ad9bed258268aee9dd5202e0edfa5720a317ea5cb41706c0d235465becdc8e3ff0d628ee5eea6aaf1bbd3e18fe9217516893df115e979c4cffec494988b6f9b86026610898c44ab1547c5f8ed5cbf3c3a837ddb6a444bd3e803e1824e6ab931310fe86b36587f1b34b0b48d358f4b97e9774213de7d92571380be2199e703119c5b9836dadfc826b71d588250ac37de0ec05c5823573c102bce44c9f044507671c4e1723950a3c0e14968cbabbfeeb049eb723db9b23cdf0273525c29cc5165530a1f1cf830d3551dd6bded53954947d5c334dc9c71907cdbfa109ebc52d6305477c14159257af8c51c6f09d76fc0085c3d969ec60fb09145e66a8a7489611db3fdefc35202b8aae82d3cdf666034beff49fe49a45c5ec438f4118f338545532ced916de78e3bf82b4e55907474386b9c172f393efe895334f7323cbb2aa7ce7718bef5e7a23af734bd4963fbc7889aa5c50f3955b904b5e577d71b21a293d766865e3f8c212de5ea084a9d22748a8009a7d1858328a1bdf7ba0f4e3b83be9707629252b3339cef796696855a574b4a4896ca68c3d6a6824e3f593069ec0a571e61282f8a29beb8bd788f7b351a8939cdad9e257587a77804f2704f49db3305514b85b449aee56ee40cb2a75d51690194284aacd0855b02893f8dcd3091629dc548705a1085e5cc33de7726a0f521c149003df380abdae96bcda55c44bf9bfa1103150f049563e848a8750625dcfdd9bfe02e1e57489b5b3aa28beaa80f4daa562deabb4bb6a27125369415885020d237a92ccc3a23593fe2183225bfa2ff39b0bef9cb0425375e256bcd572175483f713bd38f937f2b3d4c1f686c5af60061e0b05cc3ebaab0ae8ba21e47a8318bee4a01516046363d152936a1344e17a65e08030522ec667233145a56001b8d065dc2fed0d2a9f02c981a8962f984916314805dab644a5112caa1564895121d8b1fd046f547be282cf979752883ec79af70cf59a88d960f3336f0ae61357877aaaa34699a876144b65ca5b77a684d850d09b3d42cdbfc4539ea103f8377cfe5f9e5432403fab416662c4c83226191eeb7f82b01e0819c081fc40e7b978669c7856067e8b582832dd0b92588103c2616ba2c7774c46840318ca2b1a3798ff7ed9fec087f01798ea2445b92e67e2446126a7406e82ff8d3711311be16e9171531a95c966e6befea34938e6f5fa660f7c7cb533a119377f1d26ae6ae51d805ab96a64c8b80d6ee137f634b384c2e377", + "sha3_256_hash_of_signature": "d9d7f26e8fa1b031b5c1e7cf310f28f17bbf56cd4227180d664bc8c96d32c0f9" + }, + { + "key_generation_seed": "196b8144dfbfb47ec01e96a6b8443211d6c9c4aa7853a8131b5218349bd6d953", + "sha3_256_hash_of_public_key": "befae20580624a061ba496066e3ae29f729fe357de26a154d7530d6a3a9043e0", + "sha3_256_hash_of_secret_key": "12e355aee0c5d32512d166efc28584c738743aa39846cbff29e1e96ceb7a5af9", + "message": "ae3dde9e33719040345df8ea7e4c0b5e2cbc5cb80b34fddb959e2da1d67d74d2fbe5aab07c6357a9f3e5f6ef5379b4c75008e9077a1eb025f9023fe32fcd9076c8d2b291d0becf2dc624f9e752b1eea2cf0755fc9d4b2e4320dfd042c68577d58e61dad075bc1c3931aba78b473c0726ed495150d6a11a81dbbd1c840f5f1faacd54e3470e0d994deaca7e6e324a9fb4e581ab447a4ea026da3dc3c7e6ad55e88cb841e069eca63404cace0e3d4c8b9cec33bff6aa6341aa1eb69ad799c6cce358ca94555287d01b0192b1b49eb6f705e54fbc86465c4ba70134afc9a53c1c3a732e21b010002b49b7cc6f5237b794bc1d1f1e30a7f1eb95d195d5f26b46a704f77f80b092117ede1c340622ff32302dca7e7e43c2a4d8852cb508403b1aa8aca27a86936350264811550dfef05d72542c74d6243ab9d259202295a63f54c836cbf610e40eb85e9704041a51bf68578b10f7985c752dc35788e7b7754358082afec9e4b271d36974eb90a46f7d703b0cce941c3cd072a88f931a4ffd098634be0921d089e46637f88f9625b7df900a276b4bb75fc75921c8a8b6668df9946290e11fce4565a76d39d8fa55f324253ffbbf81536581621dee664a9e9e4f4fcd3a9765706b8ea833125a825b1cb30314b7c6c78b301638ead4311932fd4611d78572180ee441648f8bfab869874611c153feeff88a45f7a98206d0b2d97cb7ec2144f045225af5a9925ae7fd3db017e37259b7a2ff6c66820ddaac5651b2ec2e5767ddbbe18256b1d0d0f96cf5ee04266b8adb29b0ac5d55b73e1eca8fe724ee174b76ea1c0a54896e2bb565075f1669d3cca171657b66f343a634f4250287f853b52182b9be50df29021673db1841aca45e7263dce653f0dd84338e49ff5c6e3bb42f1a3c7164704a2a000149114d36bb9231606eda06c712a904c1e323c4aa3eee0bce6062a9cb956e004407014adb58eeabf486b38570955c30f2b5c28179f86cd5ffd603cd441a1fb06519368886bff9c2c127abd079346d762e51c311f196d5f825b45eddd4a48c7c2123e10a3d369d772750987edb96968c59441fb2f47f8e33fa4ced3006766c06bb6b339ed94b8fe57b20d96f1a27a61966289d8ff5072fd11d7ee53defe0014a11667d0a6c988bd16629fb53f269130b22a13aaba2e9f70dcc93d3bf6e611efb006ba585fb8e8720357e25df69c6df388fac792f87cce801fa49a8cbead1698c11b82c4f85fdb4d52a2a808483dca7334295bb3b2658aac18857878730831622124f5a254a464de459f3528c5194220e5bb1779c8f5e3866b0d60931a1a47502d99e2b186785658def57aba676626f9ccaaaf449609b07af7b57c78fa5bd06b2ad2927ab491ee461a94ac37a079d9bfa02203b09f7ef180c1c1c430518ff2d3f2a3582eaeb6668060a2b544e973e8a2b88733a902a0a80f8e4f30ac5d0223c1076482eb2ca5ae67039597514a4866061d5fbdd99694a060d0d0ee43a1b7290ffd7d796a9f1a2142db6e0f154aba8720396b6de939e668447c81cc828ff9d2a014fe001ca718c1d6acf4c08bc7796d344a29fd8913e4ce71e986c46bb66c2610fa797c9e1639df423c338d7192638f621d83a6802e72e38bee3aab064fb606962329997fe908597e7407cef098d4591e5e6011caca701994e4acf572f7c91057d3da06058a7dffd3248ee3333208bff27473e6f1ea3914c5b2056aecd7aee07f8dd26b3c2b8b9656ea4260d38e8d5f23c925a4476754240d0702c5859aec2329e1cc3e426bd7665b2a4ee2e75b41b561fce79690f64d1068dd35a294a8e8cb43a6aaa901109f0e09d985b6e323c30a017e75bf01d0aaa739102c1a6667ed48e60dd4499eab862851558dfd17229878f5bef0cc29fd19f59835579f3cdd4f85684e0d46d9618a205de3b29b0bfa5fbb36745b989211e2ba711527d32cbb5e35830df4549fea652377ebbac6d52787f9ebc3cb687ebb641bf51d3e22e98fca48f99584fb1f3bed3f97f33ebf656c5795055268f49985cea00819a07b8f4b0ecd7beda95eaf11e3498fa7aa414c54c38a08a841b012ae91763be911daef803e2ca385c9d4cdc642a0b343db6534c10d9e1755b7b2de543afe1d3c90981a7bd907e9cb14367243d9fdcaa8776aee5f65ed6dc02f633bcf9f57dae39e8e8261dc10029df7b7124beb67dd753b36892481ea7cc54ddc3a60ef8d4dcec4d5796dde0e7453bbf0fd93fcace97ce5048d75ed1f34b69a392e1734e262b2b2a1e246331a373b5cf1fee7bb46096c76349b0f19be63fe539dcd33a8450be894c2dc21beff0de6a841a533f4c9949289037d161bb97dce31cdff4c1e0ae36b4192594dec3b021e8f3d5b500c244cb122974f8cadf125de0cf832a920dec3a6f7150585d0209651b0faae0f74a36fc8779115b96136805ddd4f6f3a69c06af472f369f481359ff834a0fd2f9ae899ea36b9b061b63d07c1d4ed7a373acc40ead808564b05fb0c6e656a80fa3865aabe483848d14d1dfd66d7ab1f353642ee3417869da21622f6af551659d07e6c827c18ea36e2c5e806a9571a7b05bbc1ba283a8984bfabc555aacaeab2453573f782a4087f0f903af34596e83282a2e54773ac33543bd353a3f855bc46810930c3635a9b70ba7ffbeea95a129ccf9e9538eb11e119a072f806130d831af7e57d332ac889d7d9e6bbd1c65d64e089722f6954f126e64ea939d98084d434ee74b55c549bed21d11264f8b5e023277db52b03d7b8a8e75b12b11d62052e474e435707272d72d00d92288ceddcd1abf8e63a8a9963a48b54f492487b309f69cd90c9ff54b9c5a55cd2bad4a2e0a6b00b188fd6c527a8184bb63670bf626a995815810cc0f280131f5f652ec20609c7d3b910e4168fe273626bf0e2cbf05bc9ccd178ad91bc25cdf178b387dff0b6b40a46fdb6c975349b6cd8ad103cdc5dab8d09d9a5b55622e74564c1e789c5c185cac04fa0ed6065b9ccadb1d5dc80e90ab244ce1aac516b346adaebaf7a030d66fb90fd070ed062a41e0b70bee3b07f1c03887de5f79d70f9955b25b8c8201602784ef8a60147260d1bde8e152e8d3f992cb8255adace9d5dd2e9c856c47537742094190aa867459d20989db11841ae44824979c0a2093d7edcaa13c9de25e6eecbc5124055f17466467e123e39034502ba966cea873997ee25e52de2dbba874dc9ac222b49967b7bedb5c81be09827cab782f458795b2903d72ab16f4423964f82dc69c138eefa3273bc10376939e544964150d9df09e14be08cfca06c10bb2c315b1b676c40762f8209c0ef13cfe5fad76cfc17fe462d8330f78bab072c5465f7a26d047fec4bd3b918c9c761b91b02d820ed7ef345e79a66fba61ae13d3050a27488cbdbe693b800f1e76c188ebd8118c9432eb9e7124d35a1a038d237918f1db83304d10ab5dedf58c6951a92aab1a1a40e180254e730eb43b566a83cc71fb6b9749bfcd3a90b964966cae90fad7406a8a89b1e48c885bfe2db41c1996f20dc9a8dfcba1a6f2f307ef8fba5eeae9631c2d6328d90f17679dd9e8e9660d6bd4c8a1d79c47a5fd46bd2accaca2d5c6407b0f7f31d093ceef0342c67dde3f1ba5067ed1500dc45161b8636255924bf007c4c870990c5dce098c5a26386ad84d0f0ce4860349a147a4e7ab80151fa63882590b91c6ad3e70a68e6fec1a2cf65881a6dc38048fc14de71c702c934c5d3c4cf4c474f906c3400364bc400a7da087f94f1accb68439a9a6ffa8c6439b2cc5c0b17a7d649033798429f211d9de12b24d117583e1c425c2c0348c625cc44e9b976d319e72d4e09d5d6f36ee243f5fbcb190e84de56eb680dec8566f5a2c7d5f595116c628ca09401d561bd78356c634419225fb01cb637c46a627f6026d39ec1c62e9a3e85fae", + "sha3_256_hash_of_signature": "060a5953300e5262b6c5fdf8915db3cb80637ab45fe8c4573867cdfc1c284cce" + }, + { + "key_generation_seed": "c171793029d0cbaf8d2661a823243ad50d67f2619533180f25b50c94b1310389", + "sha3_256_hash_of_public_key": "aa6aa6eff831d53af1634d4325f19bd3ad720e4c9af4ad36108008efe14520ce", + "sha3_256_hash_of_secret_key": "a9f04bc007753c9c37bfb73702bf088ba68ed68e9f4b78b7676a9c7010dea123", + "message": "a7e941d3c14e2ddb4f971c9955868aca753a73e8ec6845ed6e9d3b444c826480f03ac771f92e94380bca7e50303fb79cba608e351a1a67bf217b9816e2af9f89be8a79f661470ca16bfb2c99efde97859ad1d217848289eaf543005f5c231599ff74299ec2a7c737ff94b7465de11f80e17d4fda264de568d8767ce822b3ab9642d95bc89533ce05fb331b86e3c5a296e4ea4c637ea458bced1f89355c0270d083d4920e72112ca1ed486191748b4f730ed52f9803d05a0f2f065be03b2603d6cdb154dd7765847d656b919b08969e41b23f9d376135bd5d924529410392aceb004849550e6cf2903181c9a395fd469b7de2c5060ed22922aa4d7c782a33330714a0af206b29b4fcbe0f12c18948f6634ffd7f2710138020e273cb0dfa735bdcde9bd6cec898c5e564ec71aa7880d97cc711412f28603de293cd5e904e9156d4f6bfe2be15347b9ff7848eb51cd0785d6a649ea3514e02695c7e3c4f021a9992d67bea1d68e5b17db2e0dc061ccb5ababa49d110055467f9dee61aba8f3e5c713e94a8a96c3a8afb698887c1fa4abc5157ced33a834dbf0f5af9eecbb5f2ad7b63b4c2ca94a117c2b92f3d51900926e26b101fbe6207ab0884cbfcb15f9f98f95b0d08e29390977f4d3dc710eea3ae7433d5ea87a5f710f1fceab26d516fc19fd272f6b0f01ee167f06e6c33273481f280ca64fda0549c8db884fdd467b93998360766d4cac4c8de783752fb6c6d7b1e47df23ceeca572f2ad3e2b628e31984b9054448ed1d90658bc658a9caec0485512ce084a535e7c8196b8bbca5d26c105c41e083f8d56f1530a8c1b36a7f3e41fccbac7f342b2d026064b304444192d4873fc57978e44151896ea6c0f13d017f683b203ba1de677ed00f2b737c4c69e53ecf16ab918939e120e9fe14b2243eff0116b24c6654be09c582f1e62e75efd8593e62e45ac36f717815b854b47a4ddcfc91fc533fa85bcecb6e560cf11e46d2f334b396d68b275e7404a70f2a805a64cd458a8e5f114a89124ba1866f917749ff32e59ee71948bd97f2d4128beab8bb0b6b06d84c6d466bfa30fd8100e48d951d0b3e787ef9611a56ffd64d970dbacfb1b4df064b1cb5da9918f5c58a10f0903b64286b1c1ae5cbd00eb8b363bdd7a7aaf2111c0c6e86e15abf6c1e761fbf027425968cdc19522b44ff3f56335c59760fae6d9028e76b284330f7510f2b55b6f46adf90311cc785d35c2bb49272be514cfbbd7a2b7b2e8c0b6dc28cb683d3d581f547f83bbd3b8c7b76925e44e6da89d5eef17ab0bf4213ef9c05b7b473901d483c647f416b98478c7100919c28515b617a27321841baa174c1a2d3494395294cebd48eea14bc3106ca9c69d9f6485d6abf1c2b1111a8bc602454685ca61ab4ee4db9f413caf8f0f204f04d40cd36fa5dab629cb53876db3e16372e626b6bc892c63c6b6c503c9d22efe113927395206bdaa4b83d4fef4feb42fa7a71f7ce2197fe282a02d0fe50f96b1f917a67e50eb79cd3ffef064542f7beb51ab05b56afd7aea5f4164cc9ba37d8fdb35a3deacf0cfb555161e7e41eb798160798be9d01e3de0c4288e0bab19ae398e94353adbe9a43524ace35830b82fcfd4b1dc2800ca4c38a56b7cd28bc3e2f69a0ac4655cd79b5789a2b72eaf93b018d4d6f4c983d08932b22c85af6fb07df0a786d98820e1b06bc17f62d6e39739790a13049252f1b9102dc692ceb20c270ffe9b902ab7ec5a4eaaf47f7e2d31b2195f5f48ad18d099c33384141da14e151ba57f6b1bb97901457202cdb83b5c713bd8a13f6e3e276c7d6c130ae287ca8931d9eece06ab7cca124d6d02d497d55ea9151a95e8a4dccda72d3f51a7db3f2879918753683b01ba1b154da83e6d84ddc9492f2dd8c128a30c75174ed1a6b8d93d08645270bde247782e882418ea158b2a2153b2d8f75c09932f324ec199d26e9f3c4c4cecd807367e3981e137858b98bd1268d2c894541ec99bbbad19a6856ea16a1e56b7b193baf79ab89d4e76327405658c4ecb5a8626302b3a4618aeac7e11a1199c4bb08c60ad78fea4827b59cc883b2ca7038d7845106de9174b2b8c17267273d23418af560265000543ed9886884912b4160fbd372fcdf706ef642cf1829493884b6cfe946ecf6140106dcbe11b3746e33fbd4b5852b732230b9047004f4fafa0d4bd7043c7d6595accd1b2771aaa76fe05a0c80b7b221dbef79950fc69147816cad0e52c05e72ceccf55fb4dabd81ecdb476417dbfdaf3b555cc90573cbed9474266c89fc55ff0bcc55602a51a1b5f91e425a1a58dcd4abd09bbc63933fb4279b9e21298f9fe0cf1a93c4a19695240e8978d604047abc7239f5053ea650d781307c50dec4d5e2360adeb9aa02c0f6fec5784784a271169ce456e1c32bf984c3323656ccc588c97e0ece5a40fc7b4ddbdddb764edc512de63270f07891bd160f78b8ecd3a4d11ec4c68ea0a0fbd0f23af9ab261a110f431f926c4995b05462e0dabf29d9660abbc660c9a675628270cea7ec5ae9b6f298b17b2392263700b8ead9c845ad29ccf109a2ed66ed5baf9c935754aaa1b84be2b5339f9bf3cf5e80af16967863fa8dca64f5fe873da4a6d33e39a592749b721fec203c0cac527ca96de7a96ce9a540f5da1902c97f960a05ebf0c32934f9b81244c945a60fd3f176dd8c261690d8ec98d19607129a50edd51135ffbaebc04a0961acc5a32fd058ffdf2c6866bf90a3e177787e7061bd2011ec08ec118ef0451cad010b53c68d0bddc701d10920d697ea3439b1a0f96e6256b7712f59c746d1c74c20b17d461c3df635eec83e3b8e098034f119b9d9a79ada735158eac3f434e805444d5ea2ec85cc8ed8f5bccab7dbb6ecfc2e385781579af1263d9fd32bee32e01db94703b5c756b894def19783b12bce2a1a8d29d96f329cb0791d697be7e0f05dd5c9dada52e1b8c1e5f75a0fc90ed8c05bdff86644b1ee61989caaa271061d4222818c894ae9eca2da7326e5c24ca1eeebe3720d2127ba997b0c572ae30615f8bc4278057f4762d46a39b934ddb2a0903fe1568c1bcc6c37e1f7c145eb7cb20a6a4b3466a7aba58b48be94f7e14cd20c87b2768358d06e3f607fe5e9dd1aaa8477975660f1e379b9ea26cc00cea8cfd6420f2fdc7ee6393aa17cef88645b821f8f42fc7dd97b0e16c04631f86ecf1cb76a6502fd1c13917ceb26a83596b117d5336387ddbea56162e8a5bf2fa35e697245bc7210cec13bfa694ae884582924168bf8ee2f61a734e37876f363225e5ae19b7c65ca6afc31c8b37bccb308a9c27f3e9902de365e288e6cc46e329e78be914b85eb980c0bad932c164671ed395d5d8317c133e2e000a10e0d20d0f408019b33d9a87ed7725ea4c5abad67e0cafbff31dd236e59defab7ff2cb40f479b56b261a32656f016deca5302a336ca15d10e0afcd168a4b922b79c11cb21881220374492d64df21453b41346a85174a0a4a3c1e973845c856ca70d6d25bb854d0c6bd3c75cd73998c7f64e35a58dcf593c85c2440a6aba4e470f87e6f9b4abe127b30f8992d8aad0be38f008d9d937582eb3aafc68f516d5aaf2503acc96e59a151d2d4b072ab6b38c54928d6656441c709f1c1b770ce6efcece11f8b3602eab63e0c629bbd8a79a96be4cdb072780f3d287b091fc94ff2c0d347fe280bbac308644bdb15a3c653863edd945af0ae725507507b82c283dc9909ccacbcf357d7a19703401b6e4474b94a6cbae575b942501a281b8166fdc70e6b4b60c2f57a4d66fe1197d301d0e0c7bec12cedf9496bca2183d04632711a79c8374b6de35c2eecb0239391c2019c720894bc7a635df18fceeb9aae16b3ce92717e2c56903d20d0712ef80131b8c48635163e97efb1fabd1500d061c93ad935be9a65a45a92e4a4e885268e712efbe5337214701baad4c73e81e73bff19af131f0aba105baabe849f", + "sha3_256_hash_of_signature": "95ccebede3605e92ec60ffad6c51afc65d7fb706edaab6ba7cab76ccf0a3eb69" + }, + { + "key_generation_seed": "615fa91f3d206b908649399f216950ec7b2420eb04aec6abfcb7b4528e8e33e6", + "sha3_256_hash_of_public_key": "0ea85e662b38ff599828204d899547891cf9d43a9b34ae548ebc0f268f345da2", + "sha3_256_hash_of_secret_key": "bc5fc49858f41e251a5c86872c1b76667fe1307a1bfd69ae483372bb257aee74", + "message": "e43eebe157e43d9f54130c668a153907d65bb19856a1b7c2fd5e2c770fd6bacb13baef951eb758485c128ece4f3e9377a58a45eba1c3a9ca5c94b50714088700d6fda933ece3a6989ee77a824a9e99674748a90b7f227b589250c9e156a8e50b74a7f49de036fced86ca0d4c02e217eefcaef7234f651ce4380b86389d7331c7657ac283f58c781f904405acbb68661310ec6921c1fb7483e74116378086d4a0c9a52af9847bb3ce0fe97f5a7c2cf588db3b6fd725ca83391656cb38fcb6d79531e56f5d42fc0cc20d04ad7bbf57001bf2f8e6b335cc57ca2db23c247ef9b75bbba3159030975d65b9aa7c10e0fa4f615f77126d5271129d8839a3f8da30c79174373c4ba643e4c4f0cb26bd5b8b9f7ea56de459eda15037d8772478fd9f7f7e06f3b422df0b425dbf1e91d3893ce20f78cdf1910c5d4674efadf122f41d6c7d6290df59fa029bd82e792e758ad4388f9d352e9d2fbe3e58810c380d1cc5768865d24bdd92145dbd1ee0d4724c769ef5cee12db2ae2708b4c8c7865e70ca31386388d991d46c4dc4dafc5ce66cb24d455bee01488a7c764a308c7054572fca0cc74a01a2b1f191c54146fb1aaf55b834f998b50909f3d003271e6504985dc836b5c44655b938769639799f2575bcfa92f13d32b283a5bda11177ce1f66d6b30788415bef598773e87b4c8c41f0ce6633b6c945a3b4c46b74f30945efd99cf3709fdafaeb4bd4c6bf605f89c7a9b4eea1a6599f0a32ce3f2c58587ea8bb3fe6495d92f2feec52bea3de2047f5eea7ea1453c762201ff1291afa87923107f7ff586e00d07824ee021649abd2d6e9ef11a1d31726ea9277134341ec57d790949590a963d25d6fadfa9ca21e43acb7e5ed4cb6e8bb36377c2618997943cd100a927d395376871acb9619bde9b1ffd5e48e271952613875fa3acd3e1f2e872f1d672aae6e2a575a4fdc4fae2dc6a7196e7eba94ae5b49be41e7295433adf49a6d2d945f43699d444a726423cd9164b9e28b0aa4485b0c767a9398df5dc5f23d27889c14b1abe98880e7bd5df9ab3d1321d5493a0a8b91ea4827627a9b59308cb0104cd8da7d9def2d47b27074ba007401415e900df03f251c8aa425f0fa59d74c41ba7a9288c8e280141caaf6c6932ddc4184f81f5c33f0fda005bf3fb6a0a9169a709875ae475302d57ce96d3db332188202597ff29d1f9ebad2b0ffa27c14ce9cca58c923283ba10e9fa1689d6c2b8804225d706e09ff97ae9cedc27d256e8736daa54382040648f2f6bfbecd6c3a9bfaf5d1ed23ead00eab351f1e0bb4c719ae6a1f5d12e7f09ecea62a2f554b18397fe1400da1eb6694635d7c9c626e0fc82cf8df6aa4ca88b69f78cd065c53f929baa58507fd3e3d8124c4bf287d452af47af9f4d926dfdb529a8abb8bb57c5c7611a97053a0cb0b01c754cb479c6cd3a3e867bac33e45ea0bb6bf77e0b2ec2f136dac0e259fa309fb5f6d8e7005e1696ce203c5d054e5927a87a1b4e81e73f22fafe61d7d64cbfbe519d39e716bdcbb37657e71b9390ff04b3c01c6f6842684115cd7f5aac208eea48906890248e58d1615634cc1263cd3adc14b67f1a1a8ed2626e7237af5488f5d269973f11458e3e4fc2ee35a4bf49c2f5f2361939fa243fa8f33b54eeeba9b0453701e367a7bf4d698c62da64732652c68c20a956522826f8e29a764ba93dbc98fcc87e59a1423886694057e131333c5dcdff3be7a1f0d344a2debb90051721e0226178deed353a136f69481f83651be3281c562d6127914cd24c38ffb327786086b08ebe89d03a33bf7b5dccf90de9c4d907d308e08a616c5343c116a098786383009dc70787aafb4529cd27cf85f946b8b238ad2f00df109fc84cdb48bb52b73e1de066636176e8c6c76216105486c553511df1f0664ec1e04ee0b0bd74a08070207486b7f326c3ee73188ab5bb7f8f5643093916491d62f0db18675ba4ce90b2ab310bba4705b65a581fbc5e76842a99d4926ae5bf7b8eabce5fa30cb98c1bcf0e0708da970096234d47bfe23a4f9ade29be5a8b6bbb748ea1c13d00388ac90b65ee10be6a9ac422ebddaf5482422aece19e702f6d26ed954d4e489cc48b2e39a6f168e98e11c1dfcb4a843354f1afd447962e5090ccf51ddf6643ce0afafcf3e4363187e69c31ab796132eeb04f2d4976a576b9bc8d9b1d491b74613c1af32e3d2def408abebcc27e4a915c983e10b6090fb2de6ff9e60c96cf4f940b09aec048e7a174711798fd76db15dcae0e570be3ac147e2f8777a522555b0898bcd7b04abbf060fa72b04604c9a583fefd02b2af9fa035f97de4daa4ee777f9d6985149db6c2f0a33ee1a1436b38dfdff87f831e83399c6a884273e612433ee3958f37c99a748df151e3ea011f4df5f0050597685e0230da1b1c7095e1203ea7099ba5c43e58ab0eda60af65291c3cc9a07257d71ca6c9eab93cef41294853a67a5b11f9192c96a36c701f142dc36b046218bebad9904fb765550598f8e2f49f5f0ad2608117196751e7e4c5cc4c3ef425a921c1ee15f37a1f80df1e24163ca145edb0fc4d988b8c7167acf9cd94f919ac96e5469859fdaec54e1970007eb9699342a9aa044a8ee478a3ecf8b59b0109ea7640c218ecc1e8cbc5e2fb61a1748b7c038efdadc2d096bc29d95b1be770d097afd8b0fe02173a1b3d7110f80d6c849f1afd1b01a60894b16140f9b34d96071a753545159c4ffa4dbaa938bdec287c6b83751c5e699724ab355d1fa0e081db286ec83343877c520e856c4adc65322aeb39cd87b7d8e4ff9222e085ed84c58b7ff513ad77f8a9eff2760a03f69ae5dd14dd92dd3f2d3d98e97b1987086b3eef2f2e822c851b7add83903786c050f30c4a4f4ba9361e49acad503e2a07ea119752e12d4fa09dc83f7a48ee3dcc1f09475960b6839ca736e498a128f78e58279063d839aba88ac9e5bc24bc07bbd2de1cf2e1ccc5987e63f83780d0ecf07eae21c8c752529735b37c980eb320dc949468c69b17da8ad612825a84d0529eb97ff8c4cd225fdfd1563bb6c5360abdcb3339434a298ddcf5f36188f3ab501e505828e8d2fd6dda062ad415c56414fd7557170f0f57bc5a401fa648699f3c7f7fd8f1f058849b817fadddc24726df851d3644414f55cade30a5764914675d574ead4d4db8725866a6c51bf0eb23b12fba1e101a6f3bdb98a2884d0f2b8deb3f279e9c38ebd0209dd05c0fcc6ea715257355d0d6be2c8bc7835187cdaea43a8ef9c59e88af6aa667a697a3df8bde250eaf4341a835b5ef93cff97656133b49e13213949a3f368d985e0d6c793319f4284dfada383137dc5b000b7fdd85f27865dc633562949bbe4fbff75417ab109f03015bd0f67728969435efae791ac72c6aef99a385a3e8b4c35f58380149c653fd78391a7c3b26a3550d37f9639164979288beee99e36ac6f44d0fcbaf0d210839d563a6249059a30ce6f047f5d541fc8a90a18610a8befb9493c5ac804d34d40881ca82e673788870705bcd585044b11f1d9bbd6b17d8b82b7ccc0554d1e3aa7f2762fe01385571c9fa7a103d07c1a209504876189de4b3c5910c26c5f33ea725a7d57cc30a6ec8f3eecf2409f1234a094556c0f7941cfb30fe86f208feb73c8e8ea8623640afbdb1cc589768a714cf945731debf4519b70870fb3a50f1fb368ada3fb217704a5d46d879ceff9bb72667acc673cb196afaa0db1160cc2cd7b260deb791a94d0988ed54b7e45f33e7cdba0fa105f3af3cb1521ea382b1266df304c900bf53e195ced03871a22c50da166bb9441cec83607083195d6cfa17297b678abb5e03950160130b47e25713b0829f64d2552efcf404f65798a86d5899b72150a91ba00f7dfbffe82531497b60c31c28992377a2dfd5fac8a9c16c835ce4dc24d0389277e6355c655c8a33c89bd48f55c13ede24b9bb348dec89612f0905719743c95c0e8b5653855676ce171f812eca405b6f96f2212d1a5369a11379282ac0c5ac41d", + "sha3_256_hash_of_signature": "5a39eb303af6e9775db49d3c58e519d92768787a41d707f4fb3670dde24d2e8a" + }, + { + "key_generation_seed": "626c19b8553b2d9e5a47a758615d80b15be11fd016d3a1962d8de58ed5ca2219", + "sha3_256_hash_of_public_key": "bd8fc8675c3f8be9054be9f845f9253abb8b697fe289f9ac764ad57f3488cee2", + "sha3_256_hash_of_secret_key": "187b14af0632cd12de1d15f7ec1ae5344c1668d3f16457dd9f5f5511335404cf", + "message": "c07185e0343df2a4201649ad5de4cffa20baf5dd43f5e4a6c81cd5143fe72865a7c036a2dfd617d96626995c12efad019ff44e0edd7028f29e3657ee3c0d02e9ce83ef0a648fd7cf183a7bf7c15095e0f9278b14fdf6c983cdcf2987dd0cc085400906dcd0d14aba60124f4b7494adbbae3a8d6052122575f99792f7240eb17864dc6d231721140e43f1110e73eb2e3c05049783b33aac4e4ca0a248775baf81fdb03d114508928bec3169a810296b5a4dac27e7c7f8d01cf5943cf4d8cf6ee6f9042bb300e50eea3224d35c9628e38c368ec3b42393fc820371db6557216a2c2d5a230fe3a7c6bcbdd89a2be5cdbe7f783ba379b6a4237db051e6256dce14dcf641190a956e8e85eb2638736b899ed045636ddb7a351f5a4f4108d9d6e0413f92b9d392495299128a5f4acce8c7747c675efe05ed7182db51c515b345029440ab61a904d2a390122680c951ed4575515144c5ca80d6f14d1cfdbb5373b78e09d04d0544151cfa1240790cd31165048d1484dc4d11d05057071db3433df071b367e00fd38c386dab689e4dff6fb421b2a95ff54dc29375c9d1c18a76c79acae3d3f35d4cfc385199a4ccaf6c9f0421bcf58d296ec7e0d1b95a6c4bcbac1271f94e438360a71a6440275591e41389b30caf2626a865b9e59552cb198a1d4453eba6d0f6fc491a8a7783b4a8baeb81e54f9189ce493efc1c5d830a4f637f2bf43cd86b91637611415c95685fe79966174312fdfbf33a646625f97521b5cb1f008135b824f1d6d8373006c7158e62b1f794ae34548a0c6dac8b60c559d81580ac0d84034a501516ee36cb4082732918365a5ab787face591ab02be6957ae4bb96b58e2b173da019d3e0cabebeba0af775779f14bfba8f595697731522df3c80cbdec16f6acc32659cf5daf193178307887ef1be1b48b5806d0fa9868a7fb853708b26873857786b974709c687d6597bcf6c7e476c1e47cafdbf30b6311ed434c0f998c4065399c59073c1f2bab1d46104e74ea6c976d416e58bdfd24ccd957cb431870de5da8763992ef68bb18075926b0e4e826095eb3b8cae086fb1759c94b873a1f4df477e0ee9eed8dfd7c77508b3f0c67f69be04355aba9344960639f6dd6b3a956dcd66370338617a365579c5993986b4f748cb7c990344b209785e22a40fdcf8f83061d37c9f1351b4473d6c74abe6b3eb2a7d62ca0f0c88a0aa8a46973f781df0126e8d55d3e9c41c2e3884f84fb0a06c484cfa0c9a0dfb8cfd573749c711c7c236b0f2f144e1ba4db2525c093deed29434fe43cb3040c5a374cfef33214fdd2d660398e91bf070a4f5f9746c2f08c41256fd5e955891146ffd38b155987e6a0fc47ac2a5950509b9e2c86b9dd9929378f43ef3935f1562672498c5640a22315be15b001d4b01418df8eb41dfe5c570e850582d8916c2e7fc2b728048e24bb9d1e8283615e039c16a2fc61011631bbd8f2beb24adf9552cf5797ce05d9d1a7e7f3f5455017b127d9bacd32bad0cdbd3991bbcaea5fc988ee7aec0b1003732f25489edb0a1f9897247cbc40e60f1dd276259ce19deccb90067f7293a68b683fb5232acd2217b8929859109d6852a43892098630a67d72b1cf4bd5d58e20c5c18b85d69df74ee8cc69baac7da48eb71a160f03b68c6be87a4919736f14363f004ea3f41dd37fd8e621bf433bca71e17565e060f3c0f889515d0a8c17fe0d6d734ff756256b0a62058b95422257780de000557df289f47910cc272a14bec737c0715f204c49f03150082dc904a5d170f7383f04f1e355f50f80d5461cba53490bb2e9484806d369d61fd00ed1ee5be518d04a24503b1c4c08c7ca084902a3942c04143807203287a985eb3fcae3c5309410cd9b9a548f54ded44321ce8c2a04679841daef7fbb6aa11091d240afbb467d9969c31c1cbf6b24f8cbfa20cb4cfa404b1310400271664763e9c1cd1b6fe5ff2a0fae22ab14efc016ccbb19c5dd5d047750db4addea3e7a193128a5f4d7bb6358f21b39a44259695904de3440bb28cf9466b562065c387189eac2f7522c9385dc2a607f6f9335ff8add47c7ba932659aff69b1f26ec8655bee4f97fbc846e48111cbe25524873d1db2f2282d0472a2aaa3cf491c26ddc5e1be77866a3b692e417e6717a4f4454c56f97f063b9e598865b6f71136d65ddb0f3cdec57decd5a57366ba96e4315a88b4ea3479321468ffff508d23b0701a62ce0cbc0fa37c91cff5c5a0433fd61ae11a922575f5baa714de46a58d6efc79bdb10c9af7e9950a61d44b3e17e3b5298501146485b562b1570ff5798b47641d67091cdf90902b2d762e3efe94c540de4a28269cc416edbddd4d43ac2fa82d638dd9bf11f3bf22fd81cc4bd4759d7d864eea0e8e8ab71796254b278cf9b650d1fef38b8437362b2d69ed84c54498331c6899e20c596fee7cad9ed8d83d86774afa6e56a4ed34b0b0842b21ccb67035406dedff0cecb0cd089929ed5ffa0ce210822444808bad99af603082bfe5c98ee4653349f8a43db64cf90190c96b0446cc9cd23e0d75b47f54a731e8bcb0a4c67401dee87876011033d2a526067fb73786fbc1ce696130fce5d5379cdac6788875d27c04783b1e2ef41063d57e3d6560d1ff48882c39131c95bae5a9c9392dab6cd17eefbcf61c464a4dbc08447443cbbf3fa80481f3bc1a5806042c07f7a7ad435875ddb1001565eb6b7b872cc6c853f771c1dd5d9c16bc27aceb3c7690125c1907c7ce904852108cafe76351269a3d3ea8812fae4fae35f0daec8e8b186f760005524998bb5de475e4df85209da915bdc972218ae7db7e2efa05a7d752ae61cf2f3dc26ca2d282c8e32b4838524be460971e077348290fa0043fb7616d821a71dda3a5fb76bfce0dc84aaea432df32b05133a26b46165297ebc45024777a868b8b1b0dd6f97658be799bd366cfdf99861e916f7cf06c034e4f79594f1bb6ecd9b7347911488928e1e473c4b8c73297f7ed845b9ec59020373eda57a436c1c9d1459c6114bb6258543d8f4f97b10aaef5a2e082ea173ee69702d83711fee6aee8f6b260d03ab74c3b5d8fddb81b208e16458511270dd1da295f25cde7e44a8349b60bf0c59d4b425c1fba60d2bcba47b906d2830d8d5c091dba756e61620d78b2dff28407fdc9da9113cbe82219bb2cc05e11c70d040bde821aa17b3e981558961ca571e5d5041f7de047a1727d9c904deebe561dc6dbd8876bc77c27322f512d6171bc03871eb0fdece70f119bacb41d1852220cff26110eb0eb78e39aa1b2a4c2e78679f53683520c5a57fea71a8e96e0aed33118dc4bdd035fd88f535b011d9c7deb6f406a072ae6c091016ed10a5a4ee9827882ee27c535262d1d745aa5231736f2deec8a6017bf0da36b416c98ab71c6824a6eeff3564665007c9e850fd02a1f5e201b534627b92d21a493df293db9f24de70c7b49a6e07acf2db6c90b448681666dcda318c08aad08d3e257af7e774c75debe3b3c07af683735e87f205b0fde07351849c5afd07d5722c6aa17b6ac2cc3551c305e6ac31e3601a236961f6618cd3a0f7dcf6f65b8ec82e27e44c8518cdc16ecf79374f796a3daabe2d5005b25576b35b021497c5a8f9b98da68d80e56a1cc1044c04dfb11d36cb147eabfdaafba0a93fced8675d7d6a9f999785c0e7346f4c68eb17c0a2409e2f5bd4ac5551ff66a9857c66f642f2a385131377b6372884c417e01bfbbe1ca748ac8969bf2c0bd8944767746d1d57d862795e8ecf9e8a5ca122d0259ffba822588c5eccd14cc6ff4b7354cb572f5bd695ed9d85de131fdd97dd5d6ce7844ddf9f3d112028b5125ae7a77a4aeb2ebb554682a26f457c43fe96d67c90be7e49ff443478e82d3a48680d737d1260b8210bbe962efae6505e496b1b6d4f1042a7b971605e2dc50be3bdfecc3010b9f5618d3a1b2c1f48888b859e4d6b63ca9d29990b6d502fc22b738b203a83d597b48d73c41860e4e99c57181f5b02f108ca193451025f3b368cf2741244f42b27cb9e57260d2e127ca166b32e0b9c927b247b31619b1d4", + "sha3_256_hash_of_signature": "109f3a7568a75b90ffae7105233f0a62689a0dd47d9d3d68dac9d7d6ff015691" + }, + { + "key_generation_seed": "b0d4ba39adb4e8712b3a3e6495aba2f04a29e45c68671a960bc0d8d89900c97e", + "sha3_256_hash_of_public_key": "490c4f92885a78a0b9a664e69351e59d3b320b878cb503bc540945d47bd52abf", + "sha3_256_hash_of_secret_key": "619fa96e9df86bd53c21393e5304b6f4e030c69a87cfcf774e20e68ccdc20de2", + "message": "836254422c7d13f1120012fb9cc7cdaa1d8b72f6fa3943aa7de75263d3df814bbf2e80c3a204bc0f9ae33e4fa82ce893d35c57e41c7147602be12455b00b7949a3195264a3281cecc3fde34802b28c6e1f2b505ab6087d453bd6aa067b2370124840bcac4605ee4f14edfc4b4ff19a4d7a828e60156b49b4027ac18dccd20294f89ccf03d0cf47bb2f22d3749eee69ee17ab5d8e4dfccf36824d23e3f95e959d0494ffbc712ce3975e3a661b3f9e149a0234f691c2d820000de97cc016c43efe958da469f740610fd22b64d4bd2e30075e22bcfd4ab41d952d2394fc629f016ee1cd61aab4581f62a7b8648f8f8cf02462c81023cbe2755c91195a5917fe5a8b5058ecb8daff91dd3f73fe38665666dbf79cf6f203faf94a5ca3f3affaa2c2bd5f5dbc011daf46fd7ceb74b5875e4b5d80b6edb9817106b91865267e78731662218c8ede73e588256fb1ad57232aa5533d25bfc54452612f0c2aecae6de19355e1d508b888d18ff9f6d7d68199755cf5c210172f65342269ed96c77d80af8a244b43a99deb49b97a6f358aadfcff6aff72ab39540d375165185f31e0f1a6f97722ee365620bc5d642f8cdc59f7e84fd8615f4a336ed340be6ed8451997d87b7904c1b9a3a0bd1f8a01afd6a2d9f5b995e3fd0d44df8fbc8389b6cbb5537816c91f0efc3d2349f15eee747b254c5bbf9418bb979294423dd6de4d13484408362582a86d082350cc79ebcdcc05b70110a038736034ce4f3dc1d17e5d11c9c7620d40730b61437906933193d1272f7c89c701d495ed682f1335b7e1c42c994e090a67d932a8e825f4b9eda8f2a94b9a1f11f10e91396908a9d436dd01bae1d1de2c6acf458c0880e3f81adc2240a99e6083c9c188982713db243028ab07df407218ca6b3c4c93989ac96d92375834b915b724f2a105d6240e52b9d7003c67ff76f7a325d84abbc229266bb40d1dc8784ce1a4a6bd17972cdb26c274b06337d525f61b5bf952d23fa13757460b7b8a3b99eb023831f4fbef72d62931348622041ffd12634947579bc6e16bd1eaa8e8b2dfd54d74efced79ef4ff31ad42036debd0fda3b7f3f8e7a3f45955f82936a67122cd42e38af646cf565e294f422fac1e7d274185896f58e9d0fa1fcd3f4d379ecf5b566586246216556939bdf86d6a417c3bf77c64f95d7de8197ee25b44eef00209d33159710df001372c3e3d09f24b9b08b8938c522690674a7588933e1ca37d2c14df50777806ef6fd2285771a44f6de90475c6cc314df140c3962dd9d70c54e58cc5fa3302d69c80c6511d9d42a51b7cb7fd7fea8d8bd65a66fdb2ac80d945fb7ec72e138f5566ceb570968d84b60068df20c6cda2ad48372dc97424793fea8d2136923070c25f47c3d10839d1747b613b93530968d5e97a3fc0f563bffcde7b42c839efe66c3a8655d0ceb5af7a37d23dbbb52d05cf6fcbffa7c7491703349819ad94ce218912557d6c87937b2e7b0473856ec78713c29a02cf7b2b38e0dfe16804af6c2ba8607026892138011e06b4af179d63dbd97cb917b6507b798e58d74f485d3f063c044211e428fbffd5af2d7941900299602d3b15d5d600b435d9a21948b8d87a35205a3af9aa9ba491d56573a93c35af6683655e04a7a17f1b9709ed83e70d82a3df59a2fb7c051abe508601f322ffec089c49dc666ba04366c038ad59d397022f0f6344255f4d98bbb17120441cc75107005a74db35459c63770547a4afe59f2703894deb67612448ba7c4f6feadc1717f6ace410c6be62ac319cd33af285d17d55f500e364a0abe71d357ae0802af464b6d2732f3fb94bdb3baa497f2e44727bdcca5a4b65ae9df189ff1ac640940ff4d479a8072d34ecc523dc8fc7c87fc89a540485ae7bb3f29b041446ca427c0b48ca7515a1e31788e8b53e1122d372b6557f8d2a97cde893b20e60283954e2934af340a358a4376dd0cfcbfe305a2ce7b72dcfe2de105cf44833f548d1bce88d34b60bd29b69309dd87f4b91de10ebdd7d7f87d6231307d0ac784e0496db725ab97656c34e60b34b230f37e30fe326296c4e1bb88c0bac261df0e5f45e6e126103eed6b1ca146d58140a8893d847e92d9f3a0a883e8bf830147cedbdc7dd42c1a58a826a8a827f9ab26eccf64f68e9ca6b68261260b659b47e0dedbf5b077982b24ed9b36e8466dcb21ee69b5e2bccc49a163b4860ec2ccbd65032776dae601e18ecdab8e35c2760d5758592f6cc074298a97fc5e82e7da84036fd10e0725a0e4e58cc4db30499abec0c7d95d88bac2c58eb093312779bc1b8619ff2762fd1ff009273456d829394664c31ff6d7848b27174b36e59fb65d6bef6d974d5038a28f49ad465b28857cc12baaffabf3652c2e22b46b040e579fb040a0fb4b1daf0c157d35407c0b78e305ceeb232e7b7426c95639b1cf7b079e80521faa538e51e69255576650c3a16e143d0f815d2cc89eb00aa13af20394aa23cc6aa99a9f297d886ab9af2655d53816e066a02cf21c277daddef3d7d0825d094fd8fbd5386139757efd0b7f8501829725a4b70ff1dabf2958e07ed21db76266a88483ee7c51a7d215e1b41d2464911abbb1dc71f9613ed5446e4b0c97bdd47f22b372fb7662956fdcf3b108e0107f74301a054fb004925b041af354c04c20fd370ce1a014ebebd8311f3265a2f78b48124521a4aae240d3ba9f94fd33ca4a92d24a029e0754831869b58f670435a44dcdd7bf75ed9ff06dba52980dce49c1c26ba0965de3623f459e36127ac6afad4d5598fc45a95173d039cbbe2cdc7dab2865fb6bc0fa8dfd33c4a826cfc77bb7f45cb5aa73377a27271ae41630dd3d4e2722581537fcfb233e5af8f04ca824012b5c429ea498f4ad44afc249de2229fd7266fe84173a5ce44632b3650d6e1f278625d564b374c10c1afa3f17432cbe4b65327c6b6e0cd2f99b68ab043c5c6c99d7fe7fcf940f4887d309d7bc0ffaa5dc4b90c79266514f46ca2d5477f2b84b04e30dcafd0224170fa6d4ba9ad2a6dfa8ed73dff9d5d40d43f02610032719a7c5646ccd453cef409b4325f3fb6d9b9201fb115e4dfaa0b4d29959a44518774e94b2d4d6d06c7f065973becd203f5cf6cb59f869340ec6baf0121049db3e1146234cee4657c1b821af817da27bd4c9b1103c81f5b5161e6a9329d83d6e4dae1f3299858cd201222d34a85e2991bdcf32e9771f3e701897f647d62729c9805cbf118c9fa727b056a7271a23181b92f033de1ef113a856a884ad527b8deb92085af3db509fdb0265fba3376b31bf753dfa477dd5e247d939109f31cd430a692bcec4d9fc7c5b4630cab90c64b75496bc7ca54d5621fe3315ad03ebf1afd6d436bd2dbcbe707b35f916cfc147bbb5b8ad2e80abd692834e42e0724c8b901f5924212c4129f7451b9dd860a85855d1ac59f0b6b87a66b6a395dd81990aa3debf64c91cea6862b5793bafff81677fa2928e950d94a6333b0e77a15ae461e710be70afcb9fe6e0c21c5ad188e439a6e5138a2c5ad17126e759d48491e3f3f93f81eeb77b7b3a6add96917cf0beea202eea5adb3d5593a3dc9ff1f8f05dbf5a2707edbb6640eff5b65a0003cced2eb480942a13c1f1ccdf9994f1d11dbef0d3ba7c3801aa508c17bcf287a928b635f475195d88adf9f4c1ca7d3d1462dfd0f6939b89e5ed95f177bbb12253391876492bc01aff1c1daaf0a1c7821c2a4e33f52badf51987e010b391fc984328e020206ee98e9c8e6763120055f99725e48356fd800e11ce973d00c800c353a5df8b028e1e42f817c7433084c440e47532fc639172533df35f0ff43257841c3e4ec7dd7f601eaa81e9886fa3253844c195a62f89fa5d292536be8cacd80c94bbcd1a83c985936353c9233e512431a8863d7d8340e89307547bd10b16bf2c7e0bb01ab8093c70e4f4c8fd30608fa14ff072d81048391c07ddd82475a280d4edf81f739ad1a13bc6483c3c37bf52ed52ce8d568aa81864acabe225bc6467c79fbf43781f29b0c508e6825d4e56d25e45a8c0c6298765069fdcc66b2c5492fddfff69d6f5975fcd81041f30ffd7813ba3219b3139583eb588ddc57851e581fbd5e20127ebd", + "sha3_256_hash_of_signature": "04de23732562b973f25b66c4ff82ac4e81aa07815519cd953bc5555b5bd94f0e" + }, + { + "key_generation_seed": "e04328a783c10dacd96702d2e726bb11ce4ecc571564ce7cb10722d1c98c2842", + "sha3_256_hash_of_public_key": "f745a2793659268e7c9d08fa04864b24a7dc6480a2b2cc6c5baced4f15024467", + "sha3_256_hash_of_secret_key": "377941bc77ee1f4bdf779f1e8a1735e9def689d67aedf170c36f0101c752c89c", + "message": "bd2b4058218a15c008a4bbba29592079583f684fead3e6b3f09abff0dbca23670ae4496077d47945e5f1ac3cd4add5763581285d80dfb43bba9c0730858293ff6a15915ab203fbe65c118b87ea37dfa1e06cbc0f24eba3f43a8be17ff1daf4277cda2cae8aa924e852c9d60524b98306927746c4eb26dc9475e8a0d0f920f33e1aff9d07ea5561e70865b2d8161b86fdd7638e7a72345dd72ee95bae1ebd2c24d2a5510abe3fc2ced397a067d215f6088d63fa63f2247427917e5c4fba14f0a22a04fd0ac1d948507751f3523be2b0a0cf2f96dc61f8187adf646d6914667759d49a6df9a327830effc9470cec6c82ea127a8b0c6510203879faac4323145931e146d962846bb1a6e84cb2c31bc686e388c853413ea7d3ebf7c752c6aec774637ee01f2817a5af133928af35f23fc3541fe7fa749a863a048efed2f8cc2ba86520b97fde0324c68d1ddde1e430c30ded0b25664ea676aac6b1f22925a40b319caa37dd5dedb99de4d963630a6fb0e8b00ad8f2a2b9bcc497a00099a70a9dc190a2ab2a058930e63fd6df342a625e9a095ee79137caeb8885117c7a9fb8df7a35d5a300d6f7eee40578a7507edc38a0d6522474e672f156fede7e1690c3bbdff40342f1f3ad3c34325bcdbff0a68249858c777551683a9f3af225163c9323a4ad5e666e0a9f44c6496269038aac5dc2767966c1560c5a09207406f3c47157d2fe5909346d8acbfddf3e3d19fe48b7c60e1c8cfb2eaab19e736b2595d33a0aa034726cb6146a01ebf5cc72eb1182b9a4bcef90a1aaf74079862cd775f8f773bcc490f6015b4d5469ee0bd95c1a32a1fbf283fce1fbf6f8cdcfc1884f4d2a899f3e7a95414de419d56462f502ee703cdba007c3bb78f20243c35b882c90cb7de3cae3f0468079c546645977347bc183fb0a6cd24481391cbdf9372e2d6765b6caf8eb0145bb269a47a1b4e2cdf9901d6aa284d919ba57163ab9929e715341bacd81f35bdbff36d59a1edabff3cad2c122386a6335348a3170337b94e4336b2b74e791981656cb5234a6f84db4142d3f323000fa98be61527f7548dab6e83928e9dd2e461f08a5bb52f241bb42254e5746fcce0f3620abc69a6e275b5e06a333360f9b809562ed116aa6cc2334694aaa4169310ed6af695678de22d3e551daf61c0a6c5f6c0f36fd3469a3b977f6d295e75abb804a43e1e7ac4708208a94e8368dca40856f1d43c9865d98f69f1c0ba9c8b33ac9ccd18d400d2559b1cdd82a0c875b5e136b97c02126c81a81eb5d1e421221564100450531dbd97bda77c1b0186527ecf526ce6bcd0add5668382d984af9277a21d40c06eb4bbbb0ccd6f64e90272fd632d47a388d301377ee745fbc9cb4c02e1f096ddf303bca4e1fb4b6df867676080cdfa6a29cedd15003ee636db8c74e7e293a087b1a5f62334585369d12d9876ed0f334c6711146643fd598f0d69bb3475d219d1f89066644897a9cc5630bc84c0cb5844087216038c8fb6750d0968d3d3e2d29d93639486c76dc045900ae1a13529e74beceb3338684402bbc3eb36870e0b37584e9f309bfb0dd9b966f0be1298dfe55d1a94a6767cae5eb3120133b7d7b71c9f2a538a97f8548fb176b0e8923b14af28ae26306214f1d392ae63c3736b9f9374ca10ebe93370c11bebeb45d066477f374866c8a7208ce6dcec404194bb1f833de0aa4700ca29681fa0f72d98679dc3e1e142852347b01daa08e5cbbfd242f7223600804e066fb5c98c8358370f5d390898fa44023a30f824f1c6a95b8e23308b4be474d03e34cf72be65f90d698dfe0d2828a797bbf8397ec87ab9ee00c76a1c7b3ced0100d3a1030136cab9a69f05cbe58a4a56a9c700bc591b87783de59369f2e62d5b885da09f25835a6dc06f954c19b347724244fda69e3356a4ef60f6a41cff3bb7cb22ecb128415cd1b89a9aec12b66f1ec23b14e7d7fd601ef7b000a0c96f386216f75710eb2c12817daba1d1295e7535331cb90a9b0d8f7542e73de2d93fe554063f57274df27bfb39bc4b78b72a88473408086d8df531e53b5be018e076032d1f8ef86d7afb8e8867b9d7728a25acfb6856d83592cada4494977678a9f4d134f49a8598a8e0f23d3b7a09b5308243410ca6f47e0bf8c43871600817460bdeb74e7d32c2ff7c40ea4bf924e795516ff7c7bc8e5fd5d64cc489f1894c6bcf0e9c312b1ee7e2bc68739372e7402e6aa2ecdca39c18d7441f0ff373946559c475e37d4ada64b98283e5a64be7bc2d1a1c148d2cdb4eda35f591d3a7e7ce15162f50ff1b025f87cbb82289fbe7f9c32db8f23012cccb87aca7d758d42019b9a8c15f508cac9284928f46f0dc1c1b6c6b4da030db9286ff8d3762ea4a83d096ae04f98e9416d3dac59e04f9e4e4359ad76926bbd9570a3d5811f69a1c4345b646bd946d0168ed62a7a431d920d707d8cc7e840bb9cf13d8abae8196d9177e8c28ce0dd9ef647eaaf0d3c97e52cb31b560ea7067b45aefb5ec2b7c7bdfa3996d1c7e467636bfa1bbe11d1ccf86b64ade9faf9287a23502e9ff711ca97d6cc09de814a67ba6123a8e4e67cf6e8cb6f7b36621bc6192ecee94d61860703ac8411b16e19644a6ab01813402629af52301c9d76a94cee22b1dca49f13b130028991c8ab383c8461433383da92ab34f1ebb4124b24c6c391ea44ee6e736bbc7a2d4660a878a600ae39b7dccaa51adbe90bd705ea51ad13c05e611749d43de336d396352cb0673abce7473decb0fc708ef28dcbe18c85ee0068fef64685acc3a7d0da9a21dd0afb10b95d81f6ae437022218b6094ce35d01248ea85a9ec6fb56a7a2a8453eb03e6ccbea0f2eadb015d8be3d09739eac07ad9e3f17d13e5f71cadfa220ecae90ea50bea87b19ca6fc5df31874d51723becc80c8845c9ea718454d2817ef8afd99b63090cba6c8089afa78770222fadee3b3b829cf36a8153efaf2cf28dc4651ff37a8921e402ef81a0f457fc1802ab06a759bf4071f082bfdc100ab612a4584b5ae19354854101ab0173d7d6a5a0637ccb58ae58978a8befd5a2c51d3d53150c336c0c0c2a27b442e2bce120c4ccf8d97ea4584434a6f48c0245b63b2255bc52adad4eda9279412d70be457f7dcac492fe53c06edeed766b46ebc3419e6da2a2847251f75c62a5fe7ae74f0dd5af50a447da6356dcc828c5f1a2c0c873e57041eb1158296c038b91f2e13d3d4b2887b284384a9ecb8bb378bb311f4abb19e1b90eb3a399c03bfb4ccb29aad80c55c1636559fc79a6c894b5bad8d529bf680631541a45eb0e57ba5b458a05f456c60fbb593dae90ae549416af96642a486f10843482afc3989bbd1e8e4ddf0791204f4b720abd2d8995c87c8a388ecb14860cf83b7a4406fb6c8c9393475082d24e516c5f1af91ceba444d8e460d0695746be057ea8d76f8c0c80358f3db2ae5b996272737516ef5e4ef5a1fe5967304cb6d00090c9623d29f0d4bce8ca3cbd54a30f9597e01e5845c1cdd8777e18c5d5d86492fdd0606f623d11a28dd9f02032e3a378c71b757b52021dce6ceec63792cea24d6dd7150ac8fcfca6554f7b08a5529d59628d0f35122504dd1542f6291bedbee09f81aa744a0f6c6dfca6207fbfab6b9e17e8a4040741f6508471e72d227d0fdc50c13f444310245ad17bf819ffbbc4e0485fa68cf1f0a4423f251538f25da989abcd008c803d368f626438432569f12d1612370e4c6c971079371081b37d8df7ee709198aaa2fcbd443b96732aaa4e6924a461b60ca4f4cb13e88d539aad709a3db84d2d6d26671a9f3877125b7a358389bbeea846a32e949db9a7853dbc7d5add92729ce1b5c00680974f3ddc6a8235c7319b6cd1ce5e0b66fe7c2f1115206c42b4c02990d79efa8be94927543c19ee93d0ec8811f9330693696c878cfadaa2d56e877d42a3680ab2f6a576fda7bf7957f781655cc664a0a4a0d16ce34d04d7c98a9e0c93d2e6d42870fe66864660b564ed4f881693d466bd68b6470af03a5a6e703dbb40515af5dca7142c4c8d79f5be4bb01a1b56be9d0936396a7eed9a84da86a4f00dcf676b4942d5df6e1378ea26d9118a54e17fc623b83aadb417ec82f9afcaceabbdcfe2f0b6ad4bc1601b4e24f547d61d1c1737adbcb46d98287372c", + "sha3_256_hash_of_signature": "ff8c4c8b54d8cb41ecfbc59c36c686e1f93ade6888aa5e8d41edda6041b29742" + }, + { + "key_generation_seed": "cee2e53099d8cb576f8f76c5c155470f87a6ec5f7d73256a0a2aee62cbc53597", + "sha3_256_hash_of_public_key": "6a985efb0490d85efb3570caec5d75ccdba3c699b324deb8ee22c680c0c8f618", + "sha3_256_hash_of_secret_key": "652be76778209d9729d678a16812a3233320d2432f8043e970970492c0d092cf", + "message": "4d83349dd620dc2cc0e9ada524b9be9b195973a839a042f4342d69e6b38918507a9747fcdd8b751d7c75abce2b482b3313d4c74ea4e7a4a91f2e08a059536b651508307b7f4c3aff5cf1579f90f32ba1e847778673e3956713c14661afa2d11ccf61fd8f9bc914d4b6e6d09c52aff7fefae325c180147153c9ae1924c9a2b8de4900bfbbc6797558b000c5adb9a8dc4cafb458ad328f19a2c55d5434bbfa7be5057e56511529709992bd6527e913b46abe38dbff90d4ab3c024a66fc0f8fb34afb96e22535a0ea8f313a087aa65355d7d5989c486e103fd526a7a6d812c0e4d8c081bcce4dcfbc64b68436739451be0c4b67bfca71be955ba9f9a23c223c7d0ffb1b2196c9c9845b6af341a363951e2008bdc4f3296dd0e1e3f480f2e4b0ec77a002eccfdabcc58d24cb0baa26eace96decaa0f6bf1cde0175afa65ad5c23c5e71b50df778208edbe426aa6e876c12440d7c4fccb42d039a14509092784baad37d9b8edf186cd4fcb3d9f8b0397e951777d602b8af613060fdab6b358302b3fd28437a06694f36ce12a035f09d677e48d077cefd1676d8fe51541bc19e3a6d6a5d879c4f9eb4713b7c0f3a652f3a05d74dabff79a302fdaf147531fdd57924f49e52b298219b03d6df166b481f232fc85c7cf52838969ced2dcfc18dd8c95891c498fb49289d1a982922a0fc02c849ac3bb7fa92cf43a64464d5bd919f75ada287fe657bf61dc07b3808c0fd0d71ea24de5353268b2c17c989c29465ba49111cc479f51a8cc623cfb6ff68149e52c77a7d85b5ecce66c05900ab9957bc7ed39e03649a103b5b6bfeeb168b7c1f30dca84aea509fec2b215dd95558a2708839396552f517a8fda28c3ed61f84e1b2e0dcdfa708de50d44bfc65bd4e70260c437c8b5b7158ec7e2301d9c7aaa68e0adef89fdb601711ad2998379145b29ce3681b513dc3ba9b2eb668c1b53697833670466e21e767361c0a4362e5b8ddc38ee6a9c4dc5205eb808b93c72ffafb635b4254e4f4496bacc753c8ed0bcaa88db683ce77c8165e8ddde665392cccd57bc07573d83cb3aa10648281efb08f92aacd8ab6f9b5d7fc66d29526bd57e421220ffe375b26c61a0ddbd9807022eb3b4b681a43e7719f5ec255c1e19ae6c542d6deef3b94b6960c18d0d7c8110b88f995826073b874042faf97f1ff034b8257418ca269f5ca588223393b0179f9817e08e7212d0d410ea259ea66bc4a00e7fb1190a732bfdbf7adea0e4550be90c3e37bf33baf436955742a2632aede259235702ea2e079d99a22c9755ed34c1e3ccbe746e728a932b1852f692b103112b303033ad3ce1172aa066860df570d21ebba51fab72d5afc4ae8995f532ae384cccc3c4a295af76a803fe076ccc920a80d82a9b614760ec43208579ef5dee164356d62ea33953e55195eee9b2e2018e6fd9d19a9f49258702dbaf6edbfd093919917b1b6734f012e2beb4f758dd481fb8a8d7796e755c6647501e28862b9f5b16ffa1c5d80dcb07141806fc348881a5a8891bb632a4ae4292a102d71504d0fc12c79d15bcd0799d30c7b9e72625a7df7dbc7ecf9eacc627ca9ae5d71e264f2f2a9d5db8593f3a90f3915ce480adf800c99fc2c8692f2b57b492bf9d84171f8c29af8d5549f82d3730927096ca18ff0b0c0c0b8b800508c44d5749b92d7d48f7fbd5c86e408ece0eae639af475073df5ca2cd5083bc4ff8852ddf5c399946a6b21b0841d137f583e0dda3a6046f082872b783eca3e14b21a2af61bb150847026f2371812b1a2be72024226f4613da860ac2ffc578dcb171dc27b896eefe49f885f9be4cc8766f37038e01cf20dbb661f507b2ecf2b023203a6259b0a018fc00b2ca9b3107b605f04388d5493ae7cc4bdd093ce761a92847c2a167739e0750b427b2aceb3abc5ff751a5f32d36b589787d4da509c85ead751353ab2c68a9c14b8b2c8166aeb6f27c7f101221c306aac74aab6b4e795525fe12038725d7af3d2a6d60e1ea85f2b94ea24f1b72fed9ddad4c8e5da484e80a2150de22e6adef41153d7b4331e8f011a3cd48dab02876b067312d0dc736e465f99ac3c9c56321507e79accf652e3857c749ad92dad15350a6b4b67229a3905db18ab2053e2d4f92f156a1d76d0aa891364002c991e632b53fa217aac1709f37f3402f43b0753361eb2f595f9fae3d7d96ff050dca0b9657f4c3ab49ebdbfe8816051c4e0aff32c5137749d53b062cb61f7201171b5dd716e9ccb38d00e50955596845dff602200b30d375a854ca4e9a7276ca1a1d9ee92a04bcd78854be251f7080aba6d8325d40b37054596ad80211a50afcc1dbc177600a70e648d8beb4fcb8919214894cddaa6d63b6f6c445469a6866721d4bf1117f25dff9d65fc8fbe5b0acc8b9039c7f94b2a5cc6068a0489e2e13a731dbe1094fa8558a601addb9e4dab04fa744cd5b95a9d57c52c8124ad950a5944dee2c55e5c8540dbee5823daa624f57fd5be994bab3ad4e74ea9443f8b6024bd6b49adf3972442d88e61e04fe8478ff28916584ccb65fb15686991d5781cb7eda067745258ea671e0a2665f94fea1b5490669d1ee8711518bb911094957586c8075e3bbedc47be059053a7658adfa0aceabdd46e0dd9647b34eba32e56b6305653ed386c50e79e15084f00f003b1d12504fdd8e47d03d9f7572276047bd22b82b8e81f87c86e6f20d2a756b16f291179a97b010f993c0f839c9a1238cfc9bde8074405cf1b35df423c7566ce965681f21c969e4f3f8fdca72a18d5daa80287f53b5f8429fea81612cf63ccf1b7a13512db4d1dd2678fe1189398032eaeb4368332972c728ad726b7290302c3c5acab6e73432e825b9046f846adca9d93780a36095aa5c51e354cc6e9a910cabbe59130e98f4acb3cb6d4efda9e2f78748ed58465937fc81c548ad038fdc32aec46b078cc5a7207658a9706f1c9653359de6c4457dbfa71d300f98f9bc5daa14dbdd5ef20dcede7e9d3f7da5c932ac3338ba40e46b17d89fe38f725129991983d4a81321b394f2d7b20d66e3deaaeb6fefc8cff0b68a766e27ccfba66deddb1f541deb3c1892ed2ad5d073162f0dd06b82e8878477bc96e03101c9b5d9d0ada10ec060b45e144b31e6b4de283fd43538b47178398fdd15b01ed421ee2c65847f7a4e9aece2f1d13971ffc0157040782ad4b591dea0906370820dde1000490ab1c27c03d02a0f4b4bfab0e56d7257288441cea63175cd6bd11382e6c873154332e627ce82e37c63889efbd8537ac35c21ad7a09c986cfebf13b19d5677c1104b373f3b55198d075aac608145ff9d0c4c12c83bb41036ab32227629eeb4922f172281a66c23c35b8a3e92de0a10d5e8c18b9a54d6c30230f3a8263986ac535b6bf63eddaf6a02c9100b712ec4bd49851a22af0e647f259c2e19b9acaeb6147c476c90745a353f6252ade8212a9f7c215c0b3053bf2b4e0ad225e8b344ec14c1b839877349c3743e8337d9c1eb128b06939c5a08f60a46fa700723eb6652fc26440d9bda3c99c10ad0742c2f039be6b66749b77e14f8223509365053e87ed870fe3906a16da6c62945dd2112c96a23942b1e14431aeca7dfce3fd4d6633e0b661fb34b0bf05c4d21e689cac9b6abd9f507f08e4aab94bbef1c629c0e1cf344e66d3a3e100b615bf762dff0cefc5e4cce0dd908f46c94e7411a151e713fe0c18ed33c4c03e55e12c0ac366da5c757c7090e0f94e2c34d93ea3b226adb2979d23e071f18c2eff33bcf41baaf52f4b44e38675dddec89c7bfe858bfd1ae70d96d0487972d70f8d8681982656ff734bb6323aa91ea14c6330c71783d235d9f094cb111abc4990319bbf163891535aa5f870164da65fff395db68b390084d4f2448b98cd56103e49caaeb6cd040c3aba8290284e9b2bc423117f4104d89b1b1607c6d34ac30aa9e79d8753b97cae90ecada6cafc6100d3d6d91e20393e0dc95b981fe0edbcf88e046f74184a96705ac226fd26089468e432d525643293bda781b64bacbdfd6c7301ac42aed7dbbce7abb9d67af315bcc3509cf03523fc887e27edcbd7c74dadfd0f126cdb49e28ecad38080f18a775e6d824c18359935d921744ea72fe293f299b530d9dc9285ef174ee60e2ddffccffe89960baba90d955cd2c96672513c758142d29a1ad79ca9291bc6782b64717f11a71e6d65a1a71d", + "sha3_256_hash_of_signature": "e5ce454fd9a94c530b98505a1cad79f2ac35b618bcb71a5cda23f488272ca2b4" + }, + { + "key_generation_seed": "02d9755c369932e7f99a2e1614b03e2c86d713563785965e008ba987a6c89f49", + "sha3_256_hash_of_public_key": "5c3e7e2886dd97b712545b1ccb6cc81d454ea311214be9c0dc83df7c68ca744f", + "sha3_256_hash_of_secret_key": "d96b330031dbce321f14a97903cadbb35116528c381e08bc0070b1c131e866b2", + "message": "e0f434dfa04ec225ff6b6db802a047e221bc064e5be89a5fc13937ae9d3f22b4439bb1c1bba01547a64ab3e810bbb09706d01959e2e906a69ffddf0c56726bdb58fb039d66ac5d77c7f0e9a8617b0c69176770da328d38171f39b5220279186250139922c0dd0f7c3f96d48615fc66db7568810931d257b230258ffe9cb35f87859e08139ebf7432e948ee3f962bb9015cacb8499bc69597abae4b841b606657e2e3c51ff5a8961ad42177a9e73950e3fa150439e2063b6555624a6d8e3af4fd5710fbe722b8c6267ba5df56846a085c56444573d692d5412cb70e443761751e58c41953bb9faa3ce1f4564c825a02f0e1339cd659ab1480804dd2e90e3086aaa292db39c6e2aaf1b001b47a21cc721c0c502c46ef0479bb7d8cbdf8e9c136397febc2d83c0fdbb3ed4fa6868068477206a26d2b7e0d20507aecb2756b888fcf5b446217de14ee6a20cf7e7b732fab22ca3abbe81b2be18463acaa3132773acd7476460536111cdcac98b1cc9b2c36aeb3fb318340f7397b4b4ad6aa87eac94ab7d98cc12ea5606162877465fa2cad276cbb5d36c40a0b014c53d2d3a96825e237342dfefaa6b9456b5ff1dca859c5976f77c3d3cbc9df355237ee9b4b4c90a9dd941294431db76dbb539dc48669e7aad21808332c8a4fe98b8f043fb756b526890452fa3c3527fcd584cd33e38ff9ff783538d39a184b7b3eb649e1c04c289fb65998f6cf5d5bbb0609fc3403d85c6df269017032cd24ac540e1b294bdd3c3a0c7117cab02b1a0063a174ff26fcda687433a667322320c0dec1ea3963f3b14375882b3478aed43c2c74debfe3a734f8b1a5cf92007f8fb627cc3aad5c6ae4c31846b72e7573041270ff40e762c0f8dbceb7512d44dc260a97d5ca7d60699981ed8476d8651c35c8ed498fc2961d1e38af46f3653630773209a63838a9222b813c23db0cf4196d6654126ba2b1840a7180e653b3d6e10c4c7ac3cee93b0399d918a52e59f0215b09a119e634e6e8a9886c877f157bf7b7dd827adedbaf03c718ae037c0b262588171839e952721de72180f8eed00b01f53e098b82165199c53129576036fc753a3d33aec92060dd19aa078a496a2b214b1bfbb747a1ec64071b0a078d74d0212e6203c9698c7449326a42bcbbe8d9501db916c64307d5f1083bcc36c0ffa18c0e4410b0b17d443481c3673d17bbd7a366a5fd1c3c5b3391a02eda7596b4f869a91a32b5a02a05611371231be035edc716f534724b5225e1a72a2b2cd357f4c326f1dee963fab680721d40dd70b750a019e70885515f43946a0dd3dd042969139f61eca0e9ee3107d3d28ac606ad53f236303e1fe986c38825318b7c4597b14e1a83b81295fef49fd0f2c1e14a0b146540d853db9706cd224b376343317bf7330b0c2721a409b856304fffe60c24c441d5e2797d4696c0fe046d305aee93cc6a2d89a81eb19643636a8b424b310034612105df16516ce9607cc0a2bac5835642c6ff9572191bc45e44d9b40da36b607f570ae8c39d490342786f31ce6764f3f7a764665b6cb93e54922c6d89db566f494e0ee069811ac82e8132f2f388d68490cb1c2172d2979fce3659d7076b4f457232eb839172963f8c342e2cd18969f086f451d33bb774f3d00e6fa2be02292f2e5cad3adf5dec28932bd784801e69364962bf39e25455303e1f289052d2f0cd4964e0ffcde29e7c074e5d57e43739dfa42aad636c352d363e3a23bdd134baabc7cd1621ca638ded7db7051f0456641ca872ecdb4d3c2603ddbbce16637010e782c4bd5230992e2ee7dd904f8a83ebaa7b4c3cee15b10794ace894118304bcda9e9b1376331d2248b802557aabcf913e95f783715bb5e90a4436e4bde7d651397a70a24257c39e0516bb1f548da36c1f1f92a416dc1114107cd863f3bfcb360286e774b21296259756ea6040cb61738eefe29a67895ac69797c640e03f0e9e731647c2da93373920341fdfbd50eb6b737bb0d9fda8ec8784920407d4f41486d8fc616430768d6431ccd789deff332b239ffd1900800cedd9661a55d6d96089007e9089a117f03d7858eb4c3fe2d07e91d8cab88d2ba5421846069fa6d4e5c9161a140cc3a288100bfbe61c3b0f0e820ab12d8fc54b054a0f4c777052495b45a7d1a883e67663dcf50c2230ca5319ab31cd76435dae41ce1ee25ecd3fa0c7e83b0168852b2cab674127cd7bc9ddf9dd4b57eb40128988c7c8994dc6a5fc939ff957f06c70a4056e63331f9aad254ebf2b8fccd580285bea486d91a0c2dbd5823ac8f6846ddabcde25a2252f8da1aeb32e6969276bd2a7f94cd7dd3143f3181489272b1589fd385ba844f90e35982b53141daeaed413054cdb935f3412e31d99c1147079cb487feee85e3906daed18106b8c407bbcb7716ef9d4d34e2ff04709c7457997ad6fadc55a8fa70bc907815805578a11a012c521a1325754cae2e3f7c9e1fffdbd4be31dc534961c318d1a894838e0c33806735dd11e408e500995b86b6ecd20d325347f792a3381d2a45587d9b6ae0aa27533732a6c421ca621aac42335848d9c0dd89f14eadf2f92ec532756cd5697ad752b6260c598ec9f0e9976a950b22daea8b74fcc87f28b5e9ed83c0339e566259ecf06e5ce209065de87feee5d1e9c466004b34583d6ae89b590ead6a96cd2951705ac764f329e28c996ad6db05f6c69ad2a39d3ee230f6501f1760aa41ffd936c9dbf20de3996917322d32b946062a3c27d8bf35ecda22403ab684cdc680dd166562d018d943369caefb9133a4bc4515cd5f9c08e7c22d153f0a7733eb4eb2cd8a74a4c85e40dadef6858c5927b6eeb2b01e9b7ab02f7048c8869991068b00fc19b9545ab42181dd5cb5488222a402e827f60a8d87b09ecc88350032f998e3c10a88d4733227334812ec97c5e5fa85faee1a1e28a58641531b139aa58bef49780dceaa408986cf3c40e226c60531945a20f91e5dc31ec86c9f9a0545e5fcb79a13b9afe9b133867ba7a38152abc6d9f8ee10090bb71e6adc6a6c2513b066f2565138bada60b0bd339f9be1aaddfc90dd272b4146d0f5830c6a53e295c849c15d001176e7774fcd7619d6ef1a30ba93cfe278ab4806bbf25ce4a4e94163f614e81dff7efcb015997f5138e22b80b2b00ad7579cd84db5d1c7fb16e9e8c5d9a5ba0ad0e0a7de79c18839d673632f3d2c7da2062eae844faccaf23590b2fbf1861405ac347eb9d723ecbde54cc96bc4d8ee2178f353310e5d69230c5db2841d2a06a3a4e03e054d99defc6004a6e405fa89b198a901ea1ae9f3112a29f3aec5698a42794e04d74d761e4aa5ad23de271969baf124450f4796da1eb1c01480436ab0f5d0b1b2e6717dd87eebf137420961f978896077e40b2d2ebb5664fd8ad89bb9333fdf46c33ef3bed21bcb5b4697451bdacf364f85462f5cb9f546657b4744edf757daaa4d3a9a2a6f281184c3576b1db0b540f3b36310020bc6ac0c6454a7cc8ec1182422b17bda202729c270194cd6044210d2b98731565812339edfe5a0dad79ba826d8c566c7d25dea9bff0badf1e4e5da2b884966e03fadc51c6d9bcfe877511157201dab48aed1ab038999e5cc3fe58ccd37d40050dee92e0bd5332413a7f0118724084ee5545fb51942df1ef399f734fb9592555b5f32290c53d7e5017efa2b61e29fdce90cc3e7c1b0e545425b1d3e1acb9089daa786cb0122db3ff27ea0367751a5462230f0f248147ebccba2e16d214e9a0baebe989bba020f95b623cb14acaf2be6f157dfdb1e32627133f0d26c7b65a189f39955ee31d9b507b43126b06b9e4524732c8621d2274438db7ecaf736ab7257ced950eb68bb868581649232793ec83379a16f40781e76f5cc57c48c3f5c2989bea803e1b63768436d39ad19bb77db46aae6e8473ed5dfec983f49e4b8e7ca6bf476ab2f0272c0c2dbef1bcb064d7400bfe1b9ecce13578a20b1d5b48133a74c5c59cae0115bc3b50574580bfa99d58bcad336ee2cca5b7994c784bb90cc8f1b9a0e21b39d5eba464de34d46ac0bbe436c2f419d60d8ab13786f9a841b52710d1b49bec290de317b66b6855abe156c07619a4b998cc582e3f54a7f457f1d2839bc3ebac937ad3ebc6a9e6e845379cf1d66d7c59000e3f6cf6823b005728a95bfb0acd044eb35d5adbe8933a3637887cf91ee74bb910fdcbe797b0c6b1b056500542bd39781bdf13ebfbfe949d7ba0b7f31102e63bfc6e22693f97", + "sha3_256_hash_of_signature": "72de3969041139cf13580ebdf353767719f0fd621511c4fb3405b8c800d914bd" + }, + { + "key_generation_seed": "2b2bf7cbb0957a86bbec97001b60c7c6ad98a56e94542ff561f78fed211da755", + "sha3_256_hash_of_public_key": "8d8fdccfcedc69f222f93b908ec006b45cc16d4f8719ebb4494888d9c10f6c31", + "sha3_256_hash_of_secret_key": "fc21ddc819cb51da39f6091e15adcdaa5d7877913bf8a9026166ec61b1a3f05f", + "message": "2601a39b6d7d91de539ef11c3b67ae3eb1607716f587bad5f60d311a9f4fe7f04350ca085eda6d41c4bb6c6e13e376bf8a314ddf791ae18be2ec0544afd3cc27bdf270c4550e9e78d497b92349ac07755bf9167b2958bde919123439d6f49c3408e8d88021e668a0a5fb6799330188e35ec5939b77097e3737c4f664d01d85faad0f583b3e95ede125587e2a79991750d5cf804325c72dc8ddf3471ee8fde02519d2d0ca7edd651eee30b3be335ccf7fb02059bc3a47ee3c056d4929ead4fcd82c8cf49625d5da460daa299718556bf0f77cc5cbadb99b64c8ead4474601fd5c79309d4e63aac392853072619efd7b958f0ebde5cbd40acd57df269a8810776d6dff2e637ea57adbfaa08df8d2581c38cb262dbb4d1f3c65a4fa068539d2056e08dcf03baff006edc688023a20728b227a99fed3b8f2bcbed2e3e6ecd8b8665a2e4d233b78d7c33f6e3bd9d0a24d13c8eacccb53a21dda9e7a34f9a0f031091e65f749c9ebccf3ddc4097a121d8c68eb7883405ee34f6a8b0208ea8d5a3fab53fe2cad1110bfa6e094f78d5314880bb67bfdfbc2df8aa250f1d7200ff9a3247c4976dbd1bbe99df02a3f246e5d466f85ed2f68e0b2de06b0f2448a7b98fbcbf5872bcae71bf0db4e70105b020ff130141e8de86dbe05b7d2a234ce2ea83a38e23a262e46ffbc837e8a71f657e443052e9a49dea4e344d497dd2de2afb4009d681f232bff4feeb173546cbcc4c80c9f85b1ce125be678e5ec62ef04433d55d4b8829b01ac165a440fcd6594f2c0cb456c8a47444ab05a0f0717b8185930d9738e885d24dab98e11ecff7d7a48a4527f94fc4c9d1b9d71f5e6bb39cf92b1a6d0509fffd42e77ac9ad6f50f8fc649b96b8ac08673f78ae8d0ba2b7243452b33aac44b06a2b9be1ad6a12583d3590a3f9af0e0dc35da88a257170d315f32f3a889601d6729433b7ade0f719386723eb2a008634749f5253cb7d9b2fc99a1ae1bbbe7f00a536cd38f8a7237d3992c3897df412f5b1d45e1ef5b5dc974d49cf8dbf785160bc527543458fd9378b3d4d3124214ae5676185794209ad0ee73b063cbd5b7830d00f817ca0d5cbb597c44d28e4885d935b7bf426c1339c500daf4f2033fa6a27a4196f233256650472f205d2c5e00e7087fb73027b0c6c9ac5c1d928ccd190b8a6bb33f512ca8e2369dae6111156de47a24469683f4721a25652ff87474dfd92a028b3ec5bcfc244ce442752a7da1da6c33fc22573bf0b13e371ca9fcc86c76fcf7a1654eef4442e47399835a06336e62952770c6e61c573cfd07b3ab631b8831fe3f5dd2c6df68ebf2f8e02ec9f6b90a371ed5e62c8463780ac453ab6f72d38c8f5212c8b650f63b98e3c0886b6a85ae8e7256c1efb30969532cdbf72184aecbde2a17b9811dd4222d080049c5d36c532cc0e910779d64af93d750ee96bda87562ebd3830fead07a3960cd6de7146603199563693392d3cce1332df35c2c8a2c251911d38e95815ce5a4ce5596e2d77711d87cdd54d22e8f0ab431bf8b24ce9c7bd6d077e436543c70b02f338841af0fb86b5ea4b6a47e27c1d83e1ab06801044f546adada437f3ce7d788a1c92a74ba540664658e70d4f2711979153ff1589792859c3bf122628479c7c35eee951dab8cdb0d4d150c2da338346988d34f8c5e589b231b5e00849611ba09711bd3a0516fd515e6c4ae1e8a3657c282c8120c97aa7a2e3baa22b6eabb8d8212a9a48e7759a9daaa51b538f662a05fb897067b7cf9d2ceb47a1897214ccfc225ce47cd60e86f7dea49e220f7ddd6894b30b66460decbbcb2e42b31f4adf0aacdde544b9124ea5ecb04b03c448b17e8094d489f516d23164d2317d3a1332e0500f1423136c8535d69065e880af34cf7e36db5ff2c18122e41880585b4d188411e86b370a024bd6e28143ea2eae52eb46be334a21a02e21c6755c0182b9a055a7d4c7b056e4930ce63edc79c9fb4e2fbffc58f776086f3487f02f8d1e7c8519c7f452e75ce5686a037b3642b95d7526acd4a81a47112cf96a8da7548016a22e9359198e871dbcc5852fbe14eecf3ccc5eb2fb5ec31d10474df7d63482a03e11f4aaa2eaedb714786e21d03af1cd644d06bb05ff7b3959601580bf50e5f7f82ff42e9cf2ffca0c67ffc52cedc53c7a5c9efb6c21092dda374d1cccbc78bbd9f5ee0fdf6da6ac60c95f7c2e96f17e3c379a52d5dbd1a92dd76d1f5dfa19ea0408e0e7f7867445445cfa60bcefc016e68872fbac9098fd6a8e84731c285570b1beacca6f4728958e7924f7a7b7730b9bdc9aaebd9e045f464071843c650d06c96d487cf8397286f81d93d0cc2008a62ee32421e5231998140909474f6d98541d899ea53714aefe652a3d792e4c72533332c3133707a49293e3b2e06ae18f2f81d601aaddaf2fd09ec59350e0979a5ae2b721771682a1bfb5748d000f9736031ca971288f34993df10fc06a16a6dbeed8cdaaa8127f3b71432e723558f0281459820a0f4a75a3b2716f976bdeb88be9c73f31623050d7c1a96c84988b01d847309e1b6d7b815883f83c9bdb7fcdaefa8ba69e25b824812b7d54530a3ecc96611897661158dae1b4aac112e9ac13d07fdc03dc7d5af23c08c5e4bbff737238fd3f1c06f94215bf2351dce9cae14b4dd4745ac0cd626054469c6a5286ff821ba192706d47ccebc443dd67fddb76797a8b78dd0daf850cb5d181c82298616e1d3a92f7fc82fd256857915773c7ad97cbb9710373299ae8516b8a1d647a13c7be848e0269ed6c8a91dc50d0cad21430a3bc9e718a13d1966a0182d9a24fff7ecbc7876c868af2baf2d8b782172c6719cf140e8cb877fe6d78779e1bb31c70c6c9a6a77529c51cf78a5e4fbd7ff6153b5195817f80603e5c5810c38cf43ca812eca52f73f045e33df4e3d04ec8c5f8b4a7399f6cbbf0d39dc951c476b9bcc002720ce89f09c3885673bba9c90d20dccca4a82ce5beb38bcd60afe2ba65fcfb01c8793b7ecc0f0b17a9da74f2e0fef4c90b5132fd6baf8c010fcb5e8e7faead7f2e0db29bfdd1811072623cee274ef2efb0f7d4191f332aaf20cf36ff89a2edf15f7b284cabbbef46901271d8c1b180f736125c8a44fe164ac7e687e9a58c3b1775238bf1a11f99bcb583d0e3c44bf4f76dcf9496a06f80ca52e24d55b54ab849d3040b4798bf5292b0574672e9f844016a52a4d4e4dad2053207bc97215bcc1bb93271c03c9ad2dfc7485ee2ed399236aa06cf9a12972e21afdc587a6334cd1d71a7539362d714ba26214664e3b4bc39cdb1db847583db8e002a2aab451b4e5bd6fe200730bfb2745d03c82b640f4ccf58701708f724effdf98cb04c78df36b7a866cfd596bf5ea18445eea0e34ed514d0dc2625039049a0cc82711dbbedce339c77f9fa1dc60eddd8d58c8f144b0f3d00227afd8710bdc66d29809728d7fbe85f08aa38aebe5605da29a09cc0526fee84691eaa54dc3744bf5a95275037fa2f600b1f91e502d5d81af48f8ec4c1834fe625fcdf2364067048727559047e07062b4d8a7d3851853bf28be9d2c511451e5fdd9459270328a2612dbff42e1dd34005a3da1226a023162f454923c0337e6c74b44bb27a3b1ac82dfd68b0a6daf93473d97a9e4591ec01a51cb6b47e2c7a85c1ffa73c35e5ce3003bc4534a2d9b16ebf9fed6464cb1e0cc665a451616a62b6a8481e4506a73883198c144a06331224d358196c815c811b103959edca35b26bcf86f41d9c7638547496787885ee62b14af431cab2ad4e0224d33476c58b8b0833bf13b50be2b1d682ca7dd194b793ad2c6e4ee25aaf95459302f0b4daed907a317bcc6a5f8d76ca9aa0d799f8ea39f330d6244bfb9f35e6223a0f665a65f55eab9bcbab446d7fcd424dce87f234864d2c27ee84600ed9193afefb6e7681bc94f514fe0748eb32d32262cab880d79cd4fe5cc963a4f688d448f2db2dcc5b0ca87ac26dd8506512c100273b8d4d902fc054d48d8bf9ee818ad9619f68a8904b613256db78c881cea3373f0cbbac336a78cd91ad9d60126e05cb8c16e9aa8482cf1b806b2f9c57bc8d63bf008ab2e49ede8e788bf96b9f1db2918dc5063f3f1d5b9b1c0327141acc0b4b248ffdcb8bcc127050d27c805e154a4825dee6be9c8d4e42b1f5efc1eecc6a45dbc119afb15ccad19789eaafa8b1715111ae32e2aced2278803b60e2fd63a43317498244a7cf7342342b60462510e19d83240dff5d58e762c093df326ea503fd347d2a92a5a4680d5e13b305671c729179fa21be83b0d83144e63", + "sha3_256_hash_of_signature": "ab77bab348525031a8d95f51fa28c0a3a385d69f50ea9b83a12a201b906d8ef2" + }, + { + "key_generation_seed": "049569cc5fb969c6eebb8aea1af1fcaf46f8a9e6cd6c796fc7193592bca9cf23", + "sha3_256_hash_of_public_key": "f6d05d01cb8a1bec933f3d9357635fa5052fba9abfef6a6f463b3b65fff9ebc7", + "sha3_256_hash_of_secret_key": "9378225e51c38a81267dee9f395f826b2a328b006bc53819b5409099b0243477", + "message": "9163116c86e64d90d35cb216fed71bdbe6a0797a48cb915f5a40fc8d31ad340767058b28cff0c240720327e12e653c1f98b5755d8000bc01324db2820781b94c4434fda76223845e0613e2526a95f28fb4a768b1487aa34dadb28cbe8df4fdb510dffe672ff004f37c7ac32072a24c0f12a050bb396ad56346f4e0ba75c0efac162288a7ee8a63255dba5cf451a0932fd56b05e40edd491293e045a6081f6586bdca10b41a6970d8f9a7b3b6b58aa772eefa9ed22c9a24a384d6947770862be4fe45c5e0e56fa4d116b79699ace41e5d9f2e4c245059cd798dd986a3763f527e0c9d5a88a09c4d76d447348509fa7d9bfbf3dea59ea57711a3b1a9352123d4a74df273fa24a89bcab42a6d455b5fe3c503f1ff638280f87c740b9e4c5ff20133cbdfb8d08caeb7de9f26811d437e6ec8c3143c0419c2f5135d25c7f40c7908c03f295fd26f1a03fbc7285196be40adc6fbdddc912b3bc94b0bce08dbc2185ee3cb766325068db55c31ffebe4b1f6848ad4fc201a5fd056916a397abe6a66ff9bb03b037b50ac509e46ca441ed45812e3334fd7036d190a7991e55cb817ec2a63cd800f293277e7d15f086618b55ad395c614d168fcedfb274fdf4fcd50cb976f68a266c5365e02a1ed0221ba4e13e70304824f94251249ca23c089b4d54e02ea03fb7c9841dd30404428aab2519d68cf564d75d18530c7d062496c120a8f5305aab23ae52255ec919eb0cd875422b144bf47f7472349558e746b0eb5493f1fc40abdadd2ed84a8b31221a485052369fd0b552972c9faeb1a78e826ba4dfb9e91e301db589e9d7c256e7051692c48534c6a5e2bf0f45b78aca66d5f53e549827e15d64e2f294f93d43b9f36bedce6cebc05e56ced3f846635ae3c384c3fd55b969ca31e8c625103c2b24e7ee45e92984ca23a331c5b14281b20116069c619d82d6080c6fe35c3a3fb2e73b695cad9c5d3300814fd65738dcc3eafcefcd24361aad13a25b3570d2d509fa449612bdb5b49e0605d7eb78449d1db40660af0f3d8bcd4869b6f175cd28ad72fe2668c3dfc1d4963d0eab309dd50b74b9d2947f86fbe9864ae5d0dc69b55b182ac1d914b11f631193f5f1f897ce52cee97d7ae95631fc2f2a1ae9b672165432eb2e5633b55185afa5e883268d8503aec10774d25d39c800b74405414fb06c55b8c48835577884d6b4f2f128246563066f8f34d76213e0720e899fc1f11a3b0a591885d82c688e40d6b44b54d6c7c6973156e2dd50c40a28d2ebba60f5117d64646caef72974f4b8362e4820ec04f2f373da8d883af27518567688146f16bf4e10969e70be8ace5d2ff6a135db1dd738907ea355fb6d243904f6427d11592672060da14443b55a9089167fc9d5efb2c64b0069795c341f90daff684e566611ea87bc40a4c45f22c23ab6888a754b89e4c95bb54629ce74ec999889c82714b5aec703de7bc080b0d2e622ed53b645688ce164ecdff4ed66c86049b2f9077f2a94cd685294f8ea9cbc1de29a48d39f6b308288dfdb47731e39644b576a298646752f5c53d7943a5d0f7dbbc9604902b61b8edefeb5ab7e5bfdbc1e6723e6047894547e440e918038cc13b47424ccfe1a207e08a40524b553c750683f5f6c960f05836fb9b28c59e1b471fd5331f1811ddf3eaff73798b7ffd6c9714978988c440ca906b4782a410372d70ee65a0a803061708003688f576e2d3a22580b706149a24b93a162be9f1b546680a1db2a8e54a576c28b4772c50a55161b2994514369c2192b2c90017cc8282f41d28099f38b2f1f0d2c0e46b444417a2078755591f00f01df0ce72b1d1bd255a14d2bf67ab3e630f95a5da9bd9e10f08efbf6fe722cf000c32460fa3271f18b39eaa4487c1ddf828b6bedf4523837bb3425ba1c1606e8d5d1e6182aa6a74f068f3e90b42641347ca755779216afbc99603391fcef4e8e5aa202bdca24b83ff42f4f01232d3f2831cda2db76fb93a4cf6e9efb71b5438a4b74c3190a8901d73566c50727559ba9bf6317d116e8f5536bacf064d3f86282e0f88dd40b63e75519c6a8e5664af8e1029fae87930f523e4dc7c2dd6dc3296a42a59f178d438866d929a70951bed05533eb1d818b7c7c595971c26b1d436d26897d6a6eb036a13511ac4a3bd724f2ca57fef07d2c0730800d35683d745125f4237add64b538b7dab0d0f258daf7de1a74f74a2fd010cdee810f514fcf6045f0cc84e2054b5f4ec2772718ffb4cca9c9be77f8f007333860180d60ee4dd8ce976e63ff49aa11dd42fe6946515e59da3e602b1861bd3f63c89362bcfe8438bc71959a617d8d63331a3d903bc5734b777fb14f7a2b063d79ea8637ac52c758ef88df217b95fa8fdf1009ab28d8a4f318f78772568cc7aa9e3b3e001c0111b1751b698ef1b66383d6b3ca942fe4f66fc97613cfbbc03eec9d0b7e08f80939d9a2ea1f72bda7b0d655ac3a94b4c699d3eb1bbd6076e63ef5c1fe9ce258b55d21164ca7ee03bb53d8ba4306f695e648093542d769da95a35ff3a2c071dd8abd5a82e217d82317065d50a87b689ae3a2ec7887957bb243373cf986490961220ea61ebe12ac0287b185070e124fc518c300620b4b6d4f29402b18c2462a7985c00e2a87691053b1fdecb7aa264f33e27c6b201ca6065ef79e5266513aea92e8d3e646453c089b5eba66d14bc45844d0240d2e7737c16668fd53e38a93d6003146019777c03644c300d06927ef6994ac794914efc5be0ca81680ca8c9752908fbd2d56d7fd1fc1c76eed755408f1d7802f0d3d0f347d82b162ee6f0a2a890e083c20b822fa6c4ad627f4ab5d1526d83d897c244d6ed4a427b23b4a0c19f4e8889257c1373764ab7063b5db8ed9c2443cb012381a2b3365eb568649d7ccd52271f25fd22fdc397e4c9c536ebb452cd2cd10dc5010bf433f88cb58d2b9edf2bcbfa83b782ffd4388f1bce3f8f9af5ae6be590bdcecb1bfea846d2f0199eccdb0c7e4d419f69b6a428eaeb462b67aa40340417bdfebb6039aab8242e39f6c11ec136d73fb315cf71414a2a1203af08fdee34ed0072c27462395815f7779012a41ec526be53da954e1f7a7ebbb68feb15cbaea8add6cd0f2fe3d3615991ab54f4c7884e8a80a9535f13be2ed944b3bb315de8af2a70439294cd53f041f41d3562be840c78efcb08661b1731feec46a9091ecede3a9fbc2dae42c72ebdd84308e95644373595db62157dba7dbf124bb45de6c2837b0066673bfd215ff915a8d41637eeb029c345e444251ecbbcdf79e246a80aa4591976a00da06c759c6160ed1986f8e15a562417da55109174628e7b11d49586882851205755b4f99a875ab3599fdcc094e4a2164e1764d24de805fd7b20efef2a8e23fea4e206dfa1fd9c31d90c1fecf745d3eb886190827d952703aa6a99b5000d8ee9d51de94a82dd053b6aa89cd7e94e92d4aa93a9224d3f688b5c834a53f2993638166a3de78aba7cb930cc5845f9915e6523683715a187e940fa2a978b5ca4c3b80db62e96a600f1864bf0b1aac23b1330b13eadd3a2f07ce7181d0a9497c455d228278e5cc3e4c00a2ea3eb8e5b9ce2799256302b0f8f1f829d3a3ae8aa7cc4ea229c5af476c01b8d48a9f6987df57c3469b6ef6dfcb488a3d5b91fe17b5798fe154ab8399a2e75f0d15b2a6aa91302056266b22a38a604edc374e2d2155abca119c11dc6827a47e3cee7032f6e0f59708dface221e47041cffc59ce0334d9b7c5e91c2c320a70ec2f32906624128363c893909f47bd970df652d5e6c2324033f32b1653a039f8c051d9dc8f839c50f5696e9e08f7f1cdac4750b429af03176ff6e643eca1d8fc710c6cdb0d26074d85316f4c9084d5f453f6d36c1cea0e389f3462e1478e2503c1db99fc46f3f0627f173672c21f3cc3b483998192e81efa689819d0007762adbd141a058587e030a3568e412d25662c40acdafc3c6ee30c10cc23e3ddedb6c73085c90c89b1218d67a328f06c3637a786d4715cb9f9d8b0b22d920b68b0557cc80a56fce0b6e2d6627de576e308757a8f37821898e96785ae323e413d3572205b0a5710143a2621c258c76c7c3ff7100a2fcae99c84d1ab1cecf7fc5b1e4698bfa3ba2a0856a65f2d4f291a4a164c0381d70d1213f7e40fc4ba42c43ea8e70043e27c5ab0827559b7cf7f2587d0d2f93c6382cf54e92764d815280d68c554e5b6fbb351bd18635786299dde39fcaf3efa708a3f18701eda1579bfb0bee4fa1f1ed6e09d450d427e4b91f4552f87f31f06f109e74af4bf301481452aafa2146f6375da467ea008bafc3c8408aadd61b07c28c55249ec0c8bfdb00ea", + "sha3_256_hash_of_signature": "431abdbc98d4ce6b4c842055c6448ae664d8cc119eb0e0273fc52d62045b471f" + }, + { + "key_generation_seed": "9d89b9a327df0d341cd2968ba9218bbc3e934502cd88919d8bb16dd3d39febf7", + "sha3_256_hash_of_public_key": "2ef23feff98c9ba14cf956cfc7073b5459f589316702a4a0ee5bd7cc665753e6", + "sha3_256_hash_of_secret_key": "7cae68e9b8d55e99ba6708db292c088c4438b37a7d97d6b69e647006d1a6febe", + "message": "02c7c4451da90503c43fded1ccb3dee468a6a8d9e56670cd8f6a58e7941f1bc5efa6e2afdc0141a2f7e8f781d79e70b4813263a9dbc8d8a67f89371cfbd90977ec96461b28bee4c644f2c91e96257b1909b84ecb25cf438a3fd6b835e20d5cda56a1fb7995fcaa0ee1b5327fb1288e3c57cbef0554ca5ad6fcd1f1865c6aec6cbdb24495700ab5aaf078d8516ca4fa3a231a97c77bd150b127cdbfb42c03702c9027b2a5f6594b022ef55b63bf3eec27eb0e9529eccdc82bc6ad1f011f167d602ef1f175da5db4028bf08a053af2c728ade93b37edc2a75b7b6c6cf38cd1c07f359c73b131b13df76139dee6795f1d85b47f29ae97d0e40cf5dbb67360044f78940a1e80d9d99fd5ab0185210d8769911bc471650df0fcb9c3af038f7882f677790e146e612fcdd6fb89f90b7e5e46cd648f4bf8f736d69f8a91e4806346b4366fd48d1481c0b47add82003310b0a99b779d63ede1771f50221651b2d8af40f48b92ee1327c85a1d2ef2d86378076beb58556fcaec6029649a0ea5fde517a85d87704210e071fcb6f63317aeac3eb3e9746018e1028c50c790a45b1beda6eea2d646dce401ad5d7850a5f69cd85301920de77ab0d01b1361efa3e70ac05881bc02190720acc75a691d6064f9d24c79dc72476309e58cddf5fb2a253d857a79c8e898ab6adc300eaaf208820cb02f5f2cd317f4052d40de28e52c55a0349dd855d64e8da8296d4f572281e221a3d27ef76fee67fbe5484e6460c99950763b801fce828e93d2a633a1ca5d7ec582d7c463da5a9aa8056bb2173306f3820bd0a3273742789b61af89ccc42b81cc68745800d2a59231d5d28e832f443a871de5b6b10b58a8aa7cc9816014d7f3545ddf1f481b7f0c9dd41b4d96e5db767b74776c2253fa230df65f3e0b944b95ecd4138e2847418b084d9f9e0798cb5247238ec12b88c10a5c0c645e1d09d09059c72e33c28a472fdd8b88eaa93c63be7d980a12195c2ec3105df2bb81cc9c3009f7771b6b813cd12303e3a9961d6731af55ecfe5127bac68d06f835dd5f2d584fc0e648c3a4256e2a3d4b81966010964657f33d1fe0400724c488d5aacf9f2c0b802cd812c8452e5b8e2b17ff4a1289d33fc405f5db4ecab4a73fca3634756dfbf9012c413b6f64788fd0f68f8ab7620477acd3c14009377f3dd54b9eaf2784433d63341323f54d113fd63d7456afef885f13c13172a37a5dc82336b9515f8f7f4903ef6dbe9cb34930743b6ed11265cf94aaf406dea9802d17bcb369ad0d9964792f74d338dafe47ee88b3b74eba8e70774edc1f16fa876fd62b0bff880ce252ee4435b1debf36f0a06a4fb406f01d618c135e6103e2a39f4c9cf41ec93702ba76ba753ab49b5836c20f67d05943edddf47ab8c5b81f4bc22d773305076f7e5b697a7b25b016190072f756f19f397884e0521595326ca591672684a3be17c9f5cc8e8f4848f7136762178fbdcc7bc6a6c6a31345fee687b0505f72bf1ab7eb87bfe5f896cfd42dd67a239c70648b39bc0c84da33ca17838fb4213c38b68f22914fec3dc50194e883720719e9b5f8d037debb726dbd899abd97853c54b0bc347a322bfaf961c6cd6209c98aa81b8e2595fc151b1375bf4fca2dff49df40a3d1c694edff6e9687e73ef62dd42ad7a05195a7f206f097196aa0e4d68f8132d4a00ceded940c4f6ae02e6d3763073462c7a4bb11778290e744471ec554a05917e52c5263ff02c07bee055234eee10b79175dc164ab2051b03598df1d4311e87acf4aec45c55b1a58b0f05ebdabe248a27c0187643cb8f9529d31fe0ac4a28d780196da00dacff5f2dd64fb04e7c159dbbcdd3343bcb7ae188de15d923d2ac0af232c5389dc9c949fce554f7a0425d4f9b28df2ee4b81740c2b5a5b93f0f7ab75ebd360cbc78b11c28608b5bafc970cf3d4455a20a198392d876edcf89e2639b50cd84ae21bd50fb077050ebffb210be711d8ea807ca66493650e909911fd3cad99ab94b2ab2edff192d9d75257818272e147a9c54e06c53210fc091bf4175f2f44423669716fd9a6c4f96a0c4be17839769a806453e55d7357fbfb3d7a458e70957d524c0e896398e135bfa68a0cc136fb93ee7d30ad463e32e152fc32cb8e7f0b05a30eb13c0df98bc187ec0a54856d2efcda10a82b89dc8cd21c67d9b6df3d7005ef3b2bc9dcd5d55b64db40b74fd322cdf9d9911a00b5a02e1ad5ca9bf65d90db709fc1e5fc84be97574b09c83b49963a51228a667bbd84bfd8e0d90ec161fe5ca73bcb8d95fd7afd982ab7ebab51bd2b24cd6d356eb850d2c65593313d8ebb97e7dfa450ae982918582f86a356f538eb05afd460566d79f040d36c93d3c645b636560007d51b121de3fafb3ed70b475aff9617da4b52937c628678b109c3b76bc15bd02b766a394893d8ec966dfd8033d12a8d98ac5be201134325e32cb6786f4faecd7dcd05aef5f3739122b817824a672e71deb312cb7dd6a77116b30715076384297b1962efdfee6d6d2b2ed2ea4dd802f4784872d825db828557d4d927b7232682ad91cec3e508854f529853a8797b7bf7bff8e3c180980ddf4081e96a12a495acde0c73282ac78617c68a55a94573e5a37b859858d1e19adc82821b316b9d346ecfc6dbffb3779f692a62d20d1bc4e730fde2aee826e76638ade3dfaa11057b0bc8a80e8905b15e41d9a4105109f18e7e1362149ae9c568d1d642d65b94253be2b13e7230f8bcf34dc87241d1de72a65bba111c111cbf5bd618cd02e0a06e37f60b3736631073a6be004c1ad5f0091a82c87b276f7c5aaf6938c886a6039df23482e2064f6af05636b4c6ba6b24a29aaf2174af4bd959177203ae9b160f81ca6764948afcdacf6bec0b987c6dbe178dcf47c137c64809483019c5f2072d0301c19c500c60b5ca913c24a8f28f50e1578d806ff9f9b810ca14bf5f2268fa18dec67d973eb1d975aaf871abc980d06222493d900cebd8811fa20d5db8f8036430f8bd7f9554f7cb47f9ebf389f66c3ccf9f42db57affee074ffee4eb3e11612fd8a8fe02cc4e9d2f8bb36c505cece9dc87512aeb5d8ebe33328c5217ccaf2e1af1e38bfa84c0035decd8d8c250fb4d964e8f0ae448aab740d9ee9d794390686fe9a95183f0d5166d479c51014f1f29d8fec616e1a4e7a9c86e2af790bc7bd7bb6f746a2266332e04affbe6b9512e6620681c3317dc846e4fd7974e8ae87e370ecf9dfed574e339cd7e8a663ecd1a7bf5842391913d98686f7f2145bbc420f2f58b89131d5f3be41c85752e13504bcc549a8f690cd2b0e1e29e4dfa3cc76bd398bbf28f33a00c3915dd719f7cb985e9a0a7cc8190bffc8bf47310c71418d7a6c629c491eb8e455148bd4438ba6b7014608b0ce6a1bc5b035bc174c9bffd966d8305fe9e5619bca3fe4b39e6732dc652531819ac828f86ea11360678e786eaa741382d713ae26a608d582a3e4583d45744acedd32670b5ad4a1310301b28a174dc9858a55f0c1b7486cd66cb0635083b0c63016e40dfc533ab80c9cfaf1378d00769dcbad56b09da3a4e6cdbfd8f3fcb951680020dca58647665462e42f42dc14e7b20f262d3ceb0b1a2ba807b98d66232ad7d3839c298564bc36a134cc2447b1b9fe69271960459c0a6f897c1878140690da7d41fd8aaa05a679fdc3037eb2885ad3c82374f4bb991745351292dfd8e54f565e0093776b7ea65ddcd500beb4d15af6029f2630a0062f2d4fb331b47b6a5e139d385016e1fa490eaa209636b1383b7d7dc1148f07ed2cc2c03fa7fee09305f34c57b3ce899c18462b4f1ef88c1ac5259440aab48c5849652aad9d3cf3d31f36c7f64f918868182d36345ba5bb7a4ee088d8b081eb78fe977f5a5295177aa427215bb26d1de33ad4b2d610a47f8c672eeda703a04d0fae4c5961f13ad6fca81863d8a394135565d8b27904a511fd0621a532f84a47ccf4fcc2114d4c369b7a76822959f8caa25a6495081ca9ec3ac3348a981618592c090b6439cda2fbc932c8697b3709323e3388af8efa1b9cdbd65a65c8f0c302330ddbd10e0235f8030562452ede447ee5a5a9a636af6f615b1210aa7cbe69572b3467b643bc5f5ec3f9ad15b3ad918993355e209acbd0f1393076da3b0950803295b6571e476acaa04d48a4627367cb7faa83796c4178ca9071dccb8d3ea70381b61f0c56d515e0a765e266dacb13056317ad8737a1ad541aaccea1641946e331229f19bb54c20bd51e63d63bffa13110a552fd0a95ab984ef53bd639efa0568c6875b2798e3a0578c940c0c4197d3587bcb1cc45a99f5d37b1612dc1a4178a3e288fbd79ddacd049159d6a5416f9ef3f38c74449bfb2e6a894566c5c17b4555e154f29a93241463690", + "sha3_256_hash_of_signature": "4fb66b93c57dfd98a31100e022465ba7652c889279c9ddb6597d11761db71d5f" + }, + { + "key_generation_seed": "4544c2f21054605b0eee46f62a87dfcbc3bfec473b9850886266f478bf9e33d7", + "sha3_256_hash_of_public_key": "9ff5bbc1f48dc432443efb0ed56e6c30d4318556be346b53118d0433f47871b2", + "sha3_256_hash_of_secret_key": "2ea8c6759ba674804ed1e9344f8208e9ec65d8a844a4961fe69f5e6b9f4a6c1b", + "message": "e13692e3cc06ebe8ff9a292d890f0a34dfe9a4f968f196b475ac4df553a30e2fd5df008df4d7508302aaf6389b6a5a9135e9bc8a5accd2bd2df98ff662b763101d31e24e8f182fa50840be27f76ba5ed645bb4d3f7f2f6ce25179a47fd7b6441a9b3a28783ceedb425b2912734a75d7d03811172188253bd8f0f52eaee84a9fb025f95ea1b566c53297a6a090f7fd8b21639523e073adaa750d63da61631f933fedffb2819e0eb3074e9e11e10b102ac88e2c8d6cf408fd241ad301f9b8e18a88b74cb4b0dac76347635dfbb3eecfdf84229babcc003c6e4efb7394e25667dd7fa47d36e027559f53e98789e6e732e6aa23a71607677fb975c2852367c5ba5e3d10b3017ad26f9a38ce803929d08a43646ffbc3980b359d8bc2e9615636d4e5de8de6fb2465a983eb1696e98dd33faeb7af8c2d30506b22390d7f9fc21c7a016fdf22d21ed2ea4175fe9f5f44598ec26452700dc9a495675431e1236865f2f4aa5bc9c9a10eee9e29b1fc4fefcf8f24bf94342fc7e19aa6534c3b771d910aa419ea2bf70e2c1915891cc630a3397551e4f34bd2192b70eb210ea67cf152a35a3f5d0878e153579b42afafe5068b2be2b48127ffb54553b7a9b6f845e7d72c43938ae42bc03e33b836ab212909510aae7dbe8ee6d0eb8ad84d60832f3151273a1e09c514c3aa4cacd15564643f4255f36059022b91ba4137ecd97b34be3308d40ef06bcf4f45ec625b54c7347f52a21815508199c8b7a6212779cd171894da9fc3de2a6ef5d76bfe03b8199ed1dc92b2a403e4da009cbc0fb597c5952be32579eb8e781eb12d935848c051029c528cbb68cbc1de0102b42561e21f48e72e028c2cd8816a9027914571b49d2f94c9189e1a7f18d7d3d0a09b3a36edb8a084ace5fccc77e3e42eda0fbab8c81eaf170103ca757981839c9448362bcaaaa3f20c8dc653aef36953559f3597e1915f02a8d33d0e46201fc794ee055e6d9955b91fc7aba1f136c280367404725cb355fc2f129413581401f98236d2a6f8bed7fdd7ea99060dabe3f0e8ce20b0e98ea80994d1673e8ccc6a0ba4a9d544f3d31bd95c9d3847527a978c1f155efd84b6a7becfb749628ce82e80285fc7272ea05f953404e437ad557f38fd9bbf77a69b81e4441605b23f2aaedb00c7519d8e9cb4cae5f8c3fa74faabf6c12595ba045f647aba7168c65c8a6006733d1341435495c7088c3361b50c43787ec24c24f57323466b5c088e8097b44666453010da38ad65b426e72140af78a5448b2f93df3820f013fb9dcac49604c86f2b2e4ea565463917285f148e8bfa9e11943ad3b86b14ed59a190cae097db26daf8fd2a642676a37dd90c23b52c82ce028b80a805d9ba05457f7b6cbaecba4094822e16c14d6e2291b731d581b12fb16802653360aaa6a7989d61c80debfcce81a36d9ecc84039c4f086a5579d36ff5d0cbe61292e4fc3d14277af380a9c1dbf36c2d61f59cfc0d62524e042710bff5ba719e56ba367ffe849d660b9f7f3b638e113bf2e1a4db1b8f65a0fd680bb2a168a4fd5b4e0edf3208ad47f1ff4afbaa726e38763cb5c84c03da3d1e32cba873b9a0c750922cd3d0a10a4877eafef602f5c875fbf0ee2f4f0af7f308ef934f7e8e74fda62a860bb594fd061d1b2bb32ba613339042fd90e749acef450d204072acf58b18c365e4f4b815f1e837453c4255d53bb68d50f3677e7173fcc23d2b592149a9f3dd615868af91f705387547862d34553fd45b8df643f596dfdb7aba47bd5d91445826c86fd4d30365a2f9a3cc0913de19707d072f27a09eab906304008875b5be3526210d6b8bc8663975a1f78eab9cd7f7305cdd4c00d6277622e50606e1cadd639730101d088bc2bab295ad86ba8e26f5ebcb3e9c7c543e533a7b3c20f0f89001775f714825dc8547bab06f5b99c5305ef18372a184569323fe269d45b669b9a222c9defbb0b2c84f42a57ef343a5c12f5712eec33985df8f0c566d471a9403fc103a3eeed42829d8e3e5c517bde29447841ce96c8ac587df3e4b6227fab386140db0112ed0d2846355c4a45e94f3a0718ceec13fd3caaeefdf0b7f89f502aacf8c9d96d01b5549157b7df2be65bc30c889e69971700286c561df91c8cb923001e5f0e21d2c7a3dfe8d1af07fece1eda20c031b29a4389f265d2c7be64ec37b2884849ef30fc8a82d2f766ace68c72f0a4b72f3b50884749814387893db2370a3410f794c64cd24bf0d13e44ad500ba9816f9baed72f7593f758592c2e974d1207a664b869130baa1fa71dbc55875134e7cfa276e36568f79483886099a1070c14c6e4eb87523e04c0154a2250624261211723453cfad185298de06d08cc25fa18bc58b34ecdf5d9dbb02541bab4a2af110ae09130e12439f1cecc34f9ab5d7be36c827a6f2f6708b543d4ad2e424805e2a74895742b0a5da30cabe4ab45f40cbfccbeebdab9b8eb8f78781168b5bc79e04effe1757ab0547b9bd0d2625673ce528d2b4874d46df0e09c24fc413ef9ab4c3d2e803c1e316d77ff5de3368bb925b2b1f6ffc340525663931f5595c8aaaf9fb0dccdfa4793519a66d4fde38bd2044c60fd1de15d60ba878fda570e7aef6db69d2527a1f1481a9d05ff2f6f621238939acf5d2c37b2bc3a194a9e65e7441764a5ee37b1fef3b8c9c425be1b5ff0d05bcb6a3b91876ec04ed89a31749fd443c2b85f8f388e7070d77dee37e2b666628cc9a961236dd24af2769c1f613b4e77f8e82d1f410ed59f63f1df19bc53a448106de4f8efb8cc37e40144b0f658a4135e25a3cf36d8692def2677e4bea3a9770f19e44d55080625421d5badebef3b39be71c08650b5718a9b2fcefc4becb26c4b63c43f6557dd66517d103907f82f9c2b965b7c5e36059d2159183f5acb8b5ff5e6b92e94d53ab25ae955424e80edec4650be293e836da6148392c500ff4b7672932e90e068569b81ae335b2e5013ccc95f571948d58127eb1269a08d6e897d2d9b60f3e49847c05d0b3ac230a67eb6d38ffdbd4b8d82d7b9ec803429c701f080be86faa165c0111131712db4957fd84a8936ab55558c69d33d5890cadd08d7f0d4962cf9e2f69c7517e79db14b76e6e188f5ed95169a2a7e4c0ebc2175ec2dd44abcf239ceb3e22f955ed25da41768ca5fd9a9ae15faaafeb431958a679249ab8bf879185e8fbf9986b96a92972153b4cd0d1be001e5afae3ad1f0b1191f1483738e728d4ad240538e5ef7bc9ba4d5903929d74cb64241306fdbaaae17b1c3134aed2cc394d3ef9653cc62a29c4b0b9be04e95e072ec98f7a80a7b575ded4a1993aa884c1edffe056ec475d934b4eb0ebf418975728c6e9cb3919b2b67d2c71228a4df1fe2c8388e3a2bdd75549417fe795f1947f857b1c0c9ca021515fd4d79e691493b988080943c394bf29e4190082a94f224afde5853323ea51c06b41547eec0da5cc202a048d77c7b91e794c51e72b02ea7c14578c11d9df48e099465783e496029ebb6d42d9caa52902a4694355db01dd7f5d7c113ae06e3f712fa577e937cd4fb817659f93964e194fe7d509a81c258c69c3415a8f11d35b414339fd1cc1d4f50665d9111592d1c3a3d69fcf6a971c285a94f5ffbfe8d2fd2746dceb3b218d970d670d10135126e479d92000d41eabdeea4c04d1748a4908dd39c60a52aa5fe29c8aced50dc1295b5c2c4a98e3c62ee4f370f4d3e500fe27b66f65bae604fd558d66b7f09ce36c36c8b5b4fed193ef56d1d8df0fe6fe0031466a1c633203966fe83d6bff843657dc0af176aa8d5cb7312cb4e072bcff24d5f3828e29b2037e8d1fb63537c70c27011e9a97e3f04895f4e84ac69c55d450b46d5792a5d790557be64f765fa243afa98527b976783e7acdf76a7e1dcbda72431fc30d7b05197478d8d74077626ff7409f95b24a1f1bb6b803b9f1b9ad5b06883fae6c4b587c309a63f3b2fc9619032157b98c1da9608107e87f4fee0dae995ab86ac9869446cde92441f0b9f8240e6f7f7aa9189d92b7faa3280fa749ba8c7729f8974049c5cbcb8c6650cf1c16b8194c7ae1a82b40b8b04488fcc69e674362fe4821d4c1846cd9bc49234bcc464013f5f9a082fb83d63098c331d4b1c9129f52259ccaf4a9237f8ec5bccf06f230c08ddaf1d0c21c5930f55d3d5f60cbfc447e7fcbc75cd199733f8d17bd043b67b0c138cb0c9c8f2e477728f27dee573796f71b013689b537aead4991e67f2f5eb94bfad9509d7c235c9e55f68f26b9ce8aa90834d170f8b700a40ae9a817d5d17b1644d25bcf1172a5cf0c755a6ec04fafc39db06aaa05f5988e187b9e110eedea9c84b99ad29a4b31950f2c870a1f91daa6a5817faeae516fa42660fcf56000f7365d8c6cc11d4784c6fc02e4d0c727806e9d43b957bba124c980c31f81facc6d46f6c38d227eef8f0", + "sha3_256_hash_of_signature": "292c36987fdc50d91e9065860e8e97208bf3b162a778f19436d963649f1812d4" + }, + { + "key_generation_seed": "d9931e321732bd82ec9ca1df12ba48549bfc7d3e76a404b71892f4198777ffbb", + "sha3_256_hash_of_public_key": "9cca1affedd9d787944685e59ef2eea2f051f577f53531854fd51c067aceab24", + "sha3_256_hash_of_secret_key": "9b80bcea6ab9e0a6848e2fe3c5cec37790bf0d2136444d777b6f18c76b0d3bdd", + "message": "1f7ab96e8c14d1a5094672d7034fa8f81703a2cc18983c972cc66736cd98b031ac8a479ced21a1f634938df85f3e83161646db81b9ac3ea22f80980b8e2eba4e9975714e5a98985817f426c41f3968349686b69af917564a2648401b8fa127fc3200dc16a9e663d1d345ea83131e21229dd39e70d7270de7577a7e9635602fd2c30efaf204a9234f0a73d21375658b0b0b04927e67f3f5534614edf5137badfed914a49aa301000092da93b3fa4a0ff592cc3a53f4a75b54fee775efa421eefcd6e0d32fb5cdc096886076da940b26c6e07f12f6e08fa7b3e2dc42055308e5607a2732717ae592a6909c6e084252a5b08685fe8c6c1da387b0aa9800b67cdb3ee2fb21b9be5e6b79ab545563068441c0c9c1e68cef6028a5cedf27d3ca47d95094c9e1e68b8449758be3ff8fde148abc420295dc76e3eba8e11433217fdc3136551a5a41c1c7e7d6ef43601946897fda54842d8f73faa7eb7ed0de544fef2a95c6fecb13c8c0f14b5b22493f54374184b73d5bd47383bbc5dd7bc1beac0cb8e66d2f413a9dceb7e1d0ee2d63b9eb28db232c33a95b792ae67d2591f5af59ddc45771a0e7195c4d25e7f4079359597678b0c0a87df3d66a686a9215dd566d4722c212ad05a23e1377e37e18a6ab3ab8bf5cd47bf1baf06eb05e4c150ca67d7e52bd297a08cfc97b575752e686b83575f425f3a450bb0f596a60e41f7183f463007fd019ee255bdef1d98b7a0a12ec33b3e2bc9bf0cc8f4860debcfbbd5e40b2adc2cd10ec35a341be7a49f8d204fdae86921b7de5ba700a61e2b041a8ea7040acee844892e5cf025ffec5322ff6d765bff1107c967a12eccb0489f64f8c13bd7057df76485446641aa7a560c7e73008c46572628e1a225a8d3f6d68ddc9759a952fc07cd43de4434bd3391089e900275e9ebc92563ac1403bb7dfdd182092130e3e6aeb7b666f4ba66c38bbe1f726f40a07df6c42079a6054399519e26d765ca065f4ddfd27a29cba292699cd826fa9d3e7ee31b0d76813879db5ec5c7f454095dc3bd27323dabd2dff949ac760d6137334507816330fa67d886021661adc69aebd882a07e01b4b6e5492399ecdea99222ee785c810b30409dfaf2a3ce5a05d699c2368249c9588d86feaa778b4860d6dd442088a21d2d9d0b49b15ec579776812af8ad582f1c44bb6432d7472300b5440a382ed87ab64b20373a0abdbce391d0bffc9c543ec686449fca9d04b7141836a416720bdff250a06d7651a1f98eabe4b340b2303591d0847aed6ffe423b6dd8c0c03459c381db506f531343f82c116323899df1e5d8db8997bec12eb70103f0bf2b3d53c4d4694052606ee32be4f5b35450358d7d85062dcf7f0bdb51364700baf92cd6ace4e2c10e6cd9a332716f5f4bf7598466a99238357798a499c9b8be77690635c57e7d87a904b3f2278c0b1b23e5860b0532f152e1626c86fd855f656b5d070bc81ce4634a87c8ea6d6a433c02dd2e6d6561b25968b149a6f3bba40b749f188b84314b5778a000cae91a53d59860ee6f7df38ca0935cd64c08a34bf19981c17951b9c39a847d0637441452e38ce5e1d9b99bed51b86705cebb8d3244c40bb8d70f846936a2be29c21604a7e6bd3e655022b929954f6c9a5743f5fc2127b49956d80128dd582ceaa06fc174813e5f5e6a0a4d7d26756fb28a6588e9410722591cce2a6c6ed0976b98e1fb0c642d5df8f08e96bae1fe10375fa1d7c70806101570fef1ebc8f58664281e2b61df2081b655013aef54616308504f5f4a1e8f156680163489d3fe7bb0a514f1d2d57ee6302853d7d03c767c7bdfb79e2b8c80403f26f6edbdd6a890a0a0b9b76d334e0f729ff9c47bfe960a1c3faf77e81b9ac156367423dbb4d766a1f3b1e67595effd76287f22bc37da4f0204633e804002eb7c1ad0836fa4d01e2fcdeab8457dfc3d8b7f1151bef3574f8f4653aa3780003787b8891901abc8250a974c15f2dddf9e1be6798647eed710d06cc3fb4c276bffa585680fc632d8efd1614745bc3c72b82c53feae935ea5014e2b321f69badf570fad878c9590fd20fb7bf1b31e373da93d1a8c63ea45e698ce060fe70aba0fa84f37e836f2ad2998f07101d3fc7ca2b08b1398e1687ed5a8ce860ef9b4889ff436b74d13281d1f6a7edf1dbe8989bfaeefe6a475e65217643e757006871e664099f5b3846553603cd9eef8fc195807361fbfdeb8dee6a0b79f009c10df397ffb865f4ebd0473d458d553358029c6b5a95d6ffee9b645311d10a8f479b7e5249aa87e3ded08311b4ddf3a458fe61ae294a22643861826acbbc9b0ea8b73157ce15d1ff35098ae67159b07ca7499398c26776dd9884b5d3786c87d48e864d8bbe2b73e2890f217e135bfdfc4dc5e805d9cefef5268e33db611aba6a5d57ec82b7246a63dcf3eaf3a51cf503d65c206d2362421de774158aeaffee45a6b5ad5cc0b1de0e2ea74e97913729a69e9c00a309ddceb7738baf4757ea9cc96e055bbdf692b12d8b01b92ce5ecf3d52187402cb7fd961a2672dc1875b6ea22ad7f5f42b1b52ba2d780f2e6c5b25fc7e30b1b663e3a09c8ff0b5c302e0e7f984ddcc62dda65fd996e17da72f02a16c354bbdad44c5b5044759bd53789b98bc58cc25fcdf10a9cbbf0fd6abd58a4cedd92c5d85ef22b3c5ee5d9440ce42995517d2f7352ce997f51a36b9fa5703b4c6491ad01f406fd1b5bf85321026d28b51354dadedf057b37743499a986469f908a01f3c1b74def5d8e2f57ed25a80720b540333109a0a65e7984b557f65429f3d3bd7ec3732a10d7af36dd5d2414a09949a0f57f37bd9021d2c482e61437cc15e9dfdd92d4c212c4fc6c22c54591e5afd48210fdc88040135e433f50e45874e0d5ee2bbc857f2c80e2fa4fc7acfec8eec0cab351f677c790787c715945c21bf923edc0a58878ae09acf5fb5a003c9c0b6e30a450ce6dad4b626108b88e89f1e6a7bb3843e1ec8aee35af69e81773cff71190f819ccf24142d60ac51b80b61019ec7ed2efb6c5f18b499fc9727bed2e3324f8b94a522092e0a98241e29f8f14c6561df3fea0824f9cb0fe10bb497e427ee62085e7aabb2900fa47bf27c1638bd116c5555c076deefe9754e8ed333d72ce9423e27ef640fd5199c0cafbcf2da1c5c34121a69e7e0deb3c268fe60c6797056383da43e6f472d225116f63124498271d3d43aadcc5871f2349ce040be068d72eb57b7827a7d9aa01405ba0ab07e684b91ef05418948f6713aef1f4948399e0e6130740cae3e481a6366295422be3ee2e892aa9fee86a6e23e2ebcbe654989fd93d1c4e7d62910e1223bd66b7c54f8dd7d373986e5d4141bf0bde98dd13aab7d598d698660f11fa4bfb0ad09d5c27b65386c8673e6c4ae9e8e30f8dd1a5a3fe557a3c29dcf99a7c376200ab595c49445e740e3daec07bc047fd6ea4fc6cfdc23d7449f9d1170fe635ca36d3de5b57f1cfb182de240cd4c1e480600c449d1a8596d8315906a53954201929e7665dd2e27d590d481dd394cf2e8ae19217f1ff0cb511def7460dc9e49c21607247857ba744b1384344b4c2d8ce987512376f66f1a279509281242a7a2a58ed500395418138abdb9c5572a258d157f4d3e88ed216bbe9cee3bd054fe61f94c59a4ad19aa62e456b86cade61622a6fea877575eeaea20c76ae8a89e7b44396bae0eeeab1c23f221a3df2b2cc683256a4e5c8207eda0b235562ad3b510f9d3fbe0b51cd8f238a0abd2ec182681606c8fd111d8ce1ec1cda6db4572303ddeb925ac1fffd75e321468266790dee6bc0e85070cee749d9e46795936324dd1388e1b11aa617500534b8daf2de12b035f73111b770f5f56f5c6a4152c45ce0e112e650faa9f3c7e59e3410745c29fa59cae5cc37fe4c6594990e50df1576b69b2b292afc58a804743f49dd7c98c1768fd19ab4213ae4fb197492af5bf7fbc6c8b507673539d8515dd527fafdd8ca3eff629caa720aa11e65922678447ad4ddf5ff943873df5203afea4130ca5f633e104ab083ec690cf092d208a98006e91bc7e33731d18e592869e564e6d3ff8bbbbb9837ffc1f1b92de0f5dd4a029c51e3f64592cac3de1b4ca5414f894b7b0b7d73d6bf1da4b908aceab47771da56a8b0536301fc5fd270caa55ce171332f7db2eb4619c4b2c1971ebc0ab8b0b11fd54c24285da8428ab9e0150d8897216b133ed554de8cee532024df8b8d9314d7c9a3ec60464f9c7bca8c3d4fba23a7b543ac111aba8c8f1bd54a243d565dc062f84cccedb0a03375fdfbcef8ad8cafc440d3e6f988dc607ecb947673dec4ad48724c91a6be22a0027e42af6d94d26d188d0b7b3a5af012880fc0105dd2f11171742321dd41a0401415c58ad4dc445642a2cbb466788f54d270bd8df25602b298b62b6d0fa3ada97008a99b73a807092f8957f17eead9d53b1128fbef1defcbc607ea92afbd353e95f52d33ab7c1ebe2", + "sha3_256_hash_of_signature": "bed36ec7ebcca2247c753fe2c4769b1b5e79b39cb8146a52703c07a3b7b4759f" + }, + { + "key_generation_seed": "f838451e4a5929b8bae9084b40b1dc0edfb76a9354bf27f981960c88b0ba3a11", + "sha3_256_hash_of_public_key": "79ba1c1e2f3780585514e1f839f79623aaffd6b009f4be7a29c589b05b1f192f", + "sha3_256_hash_of_secret_key": "94ed7aef23d112195265a927fb900f615e00c6b6b7f6612c27c4a62997685045", + "message": "de897f02ae7292abafa6a0cad52929113410f2ba972b4184e894c4d31081420751560956f49ce2b772635625afc3ca6698fbfde4d0a05ef243df190ba1ce780eb572590e01e6e283e1963f2b0722b0ceb365552f65bd405f1a284ddbed07ba61c4453d30cc28c83e41590e09d7bb6932d231285205d61332fa9263b8a2d3d7f7fa20f521ca4b49f249896780e08c2dc41669bf0777278f87bb1f72cddf4b998062b1642791f81ad474d6d8f963dcb4458ce11108544c41cdf19145b77038c7e8adcd6501508c53b25be6e787313018620d1ba647cca4a5a8399e11815eaecec6ae66dbc576699bb0ab44de111ab6f252256389efdc0546e641de87fd6a3a724716257a9174f39542539a593864441eb79d499fcdf2f1d053cebb3a1fcc09419d2c553c2265b3dc3943e0341bb49130e9981ec59945fa0b23e9dbdbf352aba0d925c4333f2ee1f2c83c847efa78bb13263b893d7cae029bf08cea2a5d1b5b997e403a489c6d9a124fb8386fe58c2476894e7754b8e5a162102a119482b5e59f8d89c8b1dea70b6c80641c77bfd12d45c5b3ce0021ee500a1665abcf740794e0d3e7e8cb5804a1e0d0c81a107dee80bf63bff8ce2ee2dd602df279de39c579b417a758356d2b48b41e83495dee9adfe4506e03f19dd096e81405264d408b2fbcdbf41db5ced6fbdc2645dbefe5bd038382993970c7686dba3fedc24e1f91ba4b6cf70b2e832b97be24b6393273a519db0b4446e98d77e86ccacfbeccb18939013c66f7a29b10de2e88fcfaef656b858b7dfacc4f21ef5f328c0ef604fedd993510ba40530b79525fe8d336def0e5c303539e664a9360edad7268f70df4de199ab3f70eb2ba65e2752bf5fdb1e853e6f4efcafbb31d8cc23155413be31082da958b01682894a9057cab66d4d64a6f3b1d81c5b75815a3e0caf6486b17339174276a84e11c117b060302dc2ee06a03c0e15395c0dd32661638f059a385578c1b792349a41c511d12ac7185b060a831ee296e6626459c2750faf3afb579f6f6836d566c00c979b5130e8e50431e914834cbb3d26f6e5ba50bcf05d50f699faf10767aa2831c3557a53af14bfd9f23c00f76c2680c7dbf4a9b2a425e34c943228c3ebe55a0960acc757d7878f7943e2e8a1cbc8c0d2139a6a6459d3492a1a7757f71e90a58a78e0ff9b04d059c5d131f6e3c30742fde5506ae7860045a4c903de96dc43ac6a69273bf8edab7e7fafbaad9efa8fa609961502efaccde63a6d98d8d017075487c608ff701a7e3381d7a2acb134b198950ecc6970a75af5625faa4eaf968cce48ffb673f4f365802a984c609c33ba312140a60a6f0924e945d11baacfcd643c874d352a90367ea4c59b63665364832b1a9a9a01eda92c64f393c357158973fa7c6047b8b5e27eedb28e26359402b63032f8b230f5aa968272819ca486a8bafd3d66799ae951cabf04ea81e1e7e4632b915d4e8387c7d1f4fafe1c1fc8666fe0318403ea0027487e947d844a7fa28c0523a64ebd95d2a8abf6a71fefb5bc059b2cbeecd4375f3a3f109dead98539244ddcfee9e42db3abdaf943c445712ebf19508a1ffa6133c5078c1da69a32cbe729a8876c4c73cb232024a87d87fd5f9456d3d4a936cb4ce2e00ef415406d66d344000a4a95cc9651425a16021336c4beff310210324c754bbe13cd0066c507413671c80cf492b4655d898a18a2f4db5a393400c6ad821580b0712d6c919c62e87fe212260eaef6876c409fca1047a67b223e0766144f3f676f051fbe912c4ce4a9f7b85459da031ec47c621f6ef06cd1621421fa52b047b51c944dfa94807083b4ed40d533b19813477193d1e4e96c8d76a5af3100fa44a985a6513060b08a7f3848159b3cc551d43370b223037753b824a099a7c7df59305be09e2e79618c83818bd542f39380126a927190ea5536dfa63b664aa7601c6d82cddf4ce4006e1af2601ec453971828cd09c29d2f3ea6392b58d38bcf40bf6b6497f6b848cb853b187610cd23880cb09787c76087356c66565c0399be746a81753442e4aaa54e84f1d8c2ccb2d00a551e960203d61e71a72e131ed1967dd06e72c99264ef2ee5bd156fc869b5031ba23a6d354d7cec58f339f6bc2dd1c547f07aa733994860197dce5bce6024a74668ed89a2c9cafe1f78b31638c3225d96009c260fbd28c1f0423e75c9c01a0f9e62b7f265fa3817f441f56ae79ba54a0c107fd7946a2ddda60d0eae428715fe2b4ff93bef83cd10e5e17760fe028f1aac8084a43edcc12bfd3265d13fa94d9704809a50881d48f0080a976c5bf31b353b9043c0f0b69ae6f2b8badd056752f2fc9e90c4b35850c2d45b9f354b41ed7826b976528875547a0c389b83725e26c006cc8240e380e3eb554dbf2133a131743539b1d174cca6b135c59f81d499631bda4cf90ded836e8c24c074a0bcd83271309ffef320791c9030fc2b1f53fd2de870e54eba20ce9930c279b48b39cb481737f012f65933650374ba39e2222191b0e3c7db9632ce9cb077322cef97ed832ddd8aaee53c52c03d2aaf8eb5597d8d6467a406bf428e2f16462e0c0d486a1c1c7348cbbf92633ec4ffa75945025a3c92095317e32290d4cbaa6ca40f3f201975f3fc8b733d1467c094e075e8415352e3ae51a6c5169a4aa430bcd66ff39b184f5b7174042dfcc6840eef60ccdcac12d012ae4f24f7184a038d8d9964ab405366740600b98cfe2e4737c8d846fd4e9b22b5047110d85b37bdb9e7e3baf5298bbdc1050aa20f14e34dec283830f5fa9c570c22ca659c1276be8ffbc0ac3551db8488855ae7ec21e239e88a0f68227d17dd87ffa3b3d0535f9e57807755de56a65c0de9f4a79f8746b20908bf9416a86f62ee2c2545bca2d55cd4d45dcdf06dc879e1b6270a80778d0274aa658395d800eaef367df4f4d838eee0a66093e0f419b9edc5f003e31cf0eb7e1cee9accda7a2dfc920a4b5222389dbf12ad17392850c434a9b3c260159b0f52e78e7a66d28dd5b3c77662cfed2cb3dd5bc3cc26a34293ebf1fb3a9bc59bb0c104c5a9387f3893a65d145d424ce741a375f9c65e733a024e78fe274b29ff4b0eb6f21fafc31453eaf7e48fabec5711d3898b876f59952c73123281a8e85148cef5a166bf45df36053d57ae6f29d3e334bb2395fa236d4daa8a4fdf99d80a9bcdbed36154bf4fa3d463d51974032d7b88b2504317e14165b1c3fe3d8fe366fc8284321d80f9cf512f418c63f73b7c29c07870332387bbd1a870ac39485f64086006cfd68c8299347615a423736c01faef2da56cfb6fc966948649324e22d4551b9f50654ee505547f7d0b8481adf6aac3977f49d7e6ae5c4248df7b43bda7f082aacfcdcf1c1bc04f2d45f5e028498ecbca47ec4d1ddeb03a2ab27be9e4b80585145676f8ae7a5017bc5efa317a576ed6e423d5a0495b8dc619712a2c3e6162b04b9bbc7de4be6532f6c1c019e702c014c60189a2612594bcb18317804c630264d07b7396db562777bc305b885e00706ff6d0208737bd229bc7aeeff5fb770a4c057b347601f1f6c16f60d4a53a0b32631ad2d41fa307f6630228e1807d22475d5e331a50a680896dc606f3941ac08f8ba46de5a49f5ed6a94965334fdfd69c4a6c7973d9615b3fe576b15aacb9b98d9e498d2a3a89b4f8eee715ed5f29f13dde7629bb386f7cc800f16f3b5ba8bd0e14cd8d9bb0f0aa615be9d7557f6efd00f7bbef9989e7f463279408e6ad77e100ae4457d57424f2b1caef43052c5b25c896baa1c2fe67d1d6f669311f17d39460f0b176a7727f53257a36faacbf3dfe623d8f882f8ee41ba1ce387e1d1860f4babe26ed678395b9979d84dea5c7b38905d4c7fd867ed7722d066bff3a833d3282bb40d1cd310dc8dac9270a49b65b5181eb30f166caf0832a8dc56b9d135550b506d98d036be7876836aae669507990de6d03e78a38139cf64f65fb410f192e30b045c93fe259c10e0c5b56a2b5f0605da0851104c4beeb4e3b30135cae5a6c68403c63121b0993832834a3b5ebdd345c41b26dd219560b624024b8b945a10d385b3ce4e0bd54e10a64aca59d283302028a9592120d142cceb1cc30e1f96ad041f1e17bcdc3c68c2ea2e0d65d6ba3696166cb365cc461abc4d67d504e8290eb452ecb77f6d5faa5053d01317646242384c5c510bd43c5780bbd01ebc3af33d29d8a09ef39ac85e70398d2a64dffa72b3efd8d6d57aa2f9dac0cc6eeab27b69fdf2403a5fede0bfaf441619be03fde44c49ff0a34e9c37d2b9aeb726d56eb646a67bf349323f397db056d71de72a2597d780942554c8f8273e307dba6bd02e944e0559509e1f28b511bd709d03ea2451ef234df6f077e06aa01e2806d5bdf89df29f1b3d8c6d8014496ad83857f7465f1072e88709d0194733e1fc8c9f092df5b9802fd2ddda8b142217b9532d8604e2f32d06f6400025930da2be9b25529788e6bf4eb7f84c272df455ce2ada291cfdb5fe815129e4aed59625c879e99b3e3c1b6c5d7", + "sha3_256_hash_of_signature": "4b8cc54b17a46b4022f62eae4cc0550a2f6b2adb8e7b5a46f093645590ccfb1d" + }, + { + "key_generation_seed": "8e4334b2589d0caecf0fd9ba584ea26a4123d4543a8a0fe126d4a7e07f6067af", + "sha3_256_hash_of_public_key": "ea0999e78def698e0c4eabdd374c6836e0c85d6b33024ddb77c69dbe9cd0d7fa", + "sha3_256_hash_of_secret_key": "912f26fe3f0f5c2fedc1300dcc618b4073ee38b3513eb0759c311ab408ea1b4b", + "message": "525e8b98c55864849ffc71ebc953f7a0eca6298f6aa15a83bf6923bd5921b1c86dbbfc544a39c364ef6d9281481e946c994f96829d6639727a5345560d8641e9a510f913f7fe5592c2a40cb278f5afd8d4504b5387c20945654f08168247a98f56a43a5020955f882d2d93781f4a83676b08f50341e953a5d1b67de7f6d1be3d78d5d060aa85b5ee4271763c437ccd595890dbc8fcfaf2754ae9349ba2fdf89847a15188716c0ec672887a4b9a15176ae0c5138819ca232d012be1dcffd29f677442083087c127cbd80b0d9cc0962bc8318e734910d1e2653bbf700c84bb0919e12df331ccdc7128b41f0666f6419afbadaf673be16c9177d3cf113c6488504de088149bfb83eacbbc400309b7ad753f7b2f5aa89f070c9d14c084c32df91c5f7cb6a7d869d64f4a05af80a98be7517ed784c17b0d7df96b9987b7ea7a398ce018ae6e13e1c0f7aa040ac3ffd273bb9687ad6fefdb211061a6228967e9dfef69bcc1c5d02ee56d49a93c8aad46d08322a2ca246ae8c3edc071d063ad605a97b8ae94d58e897a4a6310bcbf55b0cae1aa81769d30b46f883eaf29d4b5fea32f2dbde49360cb6235754bdc305abb5e5395360097378656e2bace675448889b0149d6086c51e9c3af07a76563164864f131cf9c0cd475cd4a58726ad237cfb76aca68032351fb24711da635871386b4bfc94b0db6d35f07d0196f75cedb92efbe7d653e0ff9326a596f9166ff6cab73125dad27f361d6122ca531d86910187e75f849edb52db26c96fdf05925dcca232480d3f979eab07cca68fc9069965d12bb666a180989ad1fbee3fe65e746c5a8f64dab2e370f0487d001121edd0d0d760531af46da65c75de11688ebf31dd2ac95c188bcfa07ea798609f3ea8e6364a43742a2825144fafc05abd17476480812eb2483734b13d075b3ee3ad510b67cf7057014351b2ce5357e3f12f43ba74ced614be3a9ac0e26763e9ac596f87ae98f72abe0de213a81a9a03e2b82f2312c1a186dfcfc3db346feb132931c793ecf837f57d8e326101f59705b77a3083e712ce347c2c29c23468b0c5857efa410197833987c61ecbc2a855ef78b3d7b1b697ab9844aad07c4b8ef666bd80daba5fcac900c5d358a11676ffc89dff4f36f29f14d9f9b854dced41ffc4b36381449d22801c19bf8e8ba1f07a1b38ffb527a34d009c4064a1e606ff2ab90ab2e05c156150ec14d7dc792578a16f46650d0abb61175d1817e2c38f109ebc01a3abb358673561691185da32eeef566c1ba1c72c1f08cd1b427b552425501b8783116f2eb0cff73c5d2def18d291c106980135821a77428fab20a935ac8b6dd8edd1a936225344eb103de0d5879cca09359b5b882291c0fb1fccf167c30dbecfc324ac315713cd10f35b72f0d4871a7cbaa2b4cc2bc2598f23da607c94a063c9e2013b0eda5f3bd5aadb2c429177a4bfd7b6181ed5f9a55c1f043da8155c9e7bebda7ea07dea49938fe07743df2295c220eb53348310842b1000b7a02ac025c3a94fa82d46ed7e2712de71b149742731ebe62e225d21a7f29d5f3a8a62b71fe16258570da412c07cecf82b2064ab5d98761c69fc5e899a8e174875b3179deaa0bf4a0261da9bf39148440dcbeb0c887e41fdf751505de79aa1f8593f45482b659f5b5f4cc3e7bfee59def49458db195a1a692b8af4aa44ccfb00b753ac761181b8aab39db82385ae776cfc585f7873613b62de55bb10a6b2f27e631ce41436c3fe390163e6f4ebd6b501519c96c06fadcac8f75920fe1435542fdf535ead6c0e3f41345996063b95a208defb6f110cc861580979bf4422ed395ca218cfc3b22c0ba8b31cb9eeeb51c3df35fece92795cafb8440f522b44e21b3a18d5cdbc296b887a4b927f36715e4ac2cab043d8b69a8704d6be24c725b0c2e814bca7b040c27fe8f4c14911051039af13f44e0485eb767f5404cfb6fd19da24d82fe24b53033c83dd8634e2e28aa330a81f14bac1c57dead7ffe39994d9d094383e14322e146a3df27a776e2f09a11ec9014c809f8e543594d6b4814918a129b36fd25015a044e04d3f081d4d201df86a0fcafbbfc695088170b8246776b6a28e59449c646d1e706cea96b12683cd3a7c60459d42989ca46694b0089cf88e9aec5e110f69fe0e3fe20d18309d1ba72a83a34813b771484505b08548fe5d376aaa0c414260ea4bce5eb81f6545cd5203026264938905be1e252574f4b4e71c6e12f99f6efd35effd64183cd0665fe89d6a357b1908e083511dce2cdf792a608044c31418c433f86719e156af3ff98d0f54ebeb9f9fbf24588a5557d310ef9d7cf5dd8a68512d8cb15114773c69d7b40c927858afc049f7c6a89841020e1c313c5c38b988ef505ebe6c15fc1d6ccd8b472f90ed64da895d06ac01bb99f455a195a670d22dbd5e3f03ac84a08831e9842a566e9785a0fd4c460c5cac154d705dce1e7fd1c45baeb23976af881cf5628f3cd92ab19bae8d45a03a859518e4a1e558fac2b48a432e46cf274e6496b63874ca4e4571132568aa43eec3d2a3948f40d327976a6d28cd816cfbeaf8fe126913384061d219f51179f679081503371ea0b6bd7e9524b0ece2573304ecb4a16eb471ca0817c0c6ede751f283aceec5a60c2796c6261ffc6226e4813241619f465dce67b38e1d5a647b079503144907307c7d6eb6e6ec1936b5c94fcc08a882b4555b19b33a9bf22384db38473a313966d157daf8aad41ef67d3a5fe723559096ab1768ff69773eb9d5c88d6f35f00dfa4473df71c7e9e35393638ded05d05c105cbf37711d38e3eee35e8cc0029b3761241fd1e56969e09e949690d4fe25735d774e777a2ca17fe058e14ae6806f611fb1e9fcd516e20499a704b67990716703a4287b50ab45d155d40edc0aaf97f5b87551c236cebe9cadd562b27957ead251f79caac6433f228b50167fb1a753306fff08b53a8a3cecc226857a321700ebe23ab4d6c35415ca79b682d6cfef6b1341e7ce00cb9870f432b63a2d9a9a43c87d28a95c514582812da37738bda6cc76142e08f69ebaa5acd0403100c2343e2fa088441e9a55c720bb509bc3600c27c1d39157e049650d1749751efe55a72349e2a5b714556ce2188ce972287be2152c7e58d3fcad43a214a4095de55cae9f627d8b9018daa01547842fa1ad14d67327cd47eb9b90cd94afdf5244de57e527f17894a410fb4210e06632e88a398400b0aa48cb3feb9a90acc668615d193d5a98158092fbb59ad2d6d4ffee433a2a6a971a228685ae5bbafb3ab28242c630af4656c5071c545618a0a765fce41b19970c2152d44c349d0cdfb29673d1a42ffec139d1c9958b0962f7b57f80cb8fe6331553b0df93da9bfc722b1c001f48ff9c0fef032610a1118ac9ebaf9202dffea605272a50a90768f031c72d570c0aa5b0d4fee4ad568895274388104c0bf88d03fadc3159d6cf28ac6a7e3e5cf6fe5c6658128cbf81456db8c29a76f9c75230f3837f1a94cb83c3aaabdf4b29c9045b45ab9552bbb6c0844bf2926267c0d74d3337249d5c9610e0f6ffd0278f12f39c48650c048d61a3fdb8e1a2e08ccca68803a55b39bd39160b0420cbeac7d8a55f571f490f694a7aa8b725ba84238ee1e711864aa1f74aff252c088e36b79b09c80278dd442eaea8c7d5833cd1baa18bdd866689e663eadd0eaa6e0c78a3e09dffe5f6f1f4003de24336586b25dc5ee45d56f31d8bb2de31b24e87172f3f1b26d400b08d50ff624e456183f269cbf06b3707260383174fda152e4d0c528a90c54114c4f278d0fb35b74dd3ecda14ee89d38e3227a7e18b068f134b22154348867a61719c926ea3320d1be0b9ed78466b2ded728ca04c15ac144185fb2f5084511a38cfd765659351ac1ac3e5f327d9f3de9b2b003758da78dfd08faef3625cedd87c8a55a3cd0257aa71b3788fd2449efd1f48948cb304468e3ca07ea7044fa185a2b91f9761c6532b9273db74c66b2de95ab19e5102cb90c719ec85671e2829b182bb6d09323248d6584f0ca67d422bcda65a0146d8df27ab4ae651706d5fa33b5bb88adc2a1a95105d55cca8439a5060d110760dee8b855d0839053be595278eae66542736d25c93d8544c6e55ed51ad6e7029c2e6d32cfa8844bc14972809e31754af84bb479c504ee77cb65ceddb6bda613feaa2ae6598d1f4975d0fcf9d9dc787eeb5c03f8b0bf438e83c38e2195ef1d35d40f5a14e194bc1bcc64d02ca722e7da28334e91fb6654d708c5b07946cdf58747086eb3ca59d095eb27f1b7e6806d3a35335b2265031a1120f28eed8b4c5d9af268502727c5d23152149c98e6970d4dcc4b9d0fecfa6a79fef82cb233e71fc8aa999df66ebf5a1db2ed1583c65803fa8958f49890d13bc05c6a991f26c31766bdef9bac601a47c8c3c5e395fd8f47e56f04439e9bc8e9b1901a529395f2d57495d70d0712881d298a60e3e013326cd56bf9f1319ea8d6a6511eeff373f081478a51e14f0aa4a33c6c5ea7816380c8984f7a5da45b0c4b6b550644e65a5b2df059ed050936fe6f073b4e8056accd3eb65a0b", + "sha3_256_hash_of_signature": "d41d6d943b17fd90c77a0ab198908ab33da9ebbba6c3bb6db0b4c8e05a0bcca3" + }, + { + "key_generation_seed": "37519a02e8021f2257259c0d2e499af3533c8ed8dd5bf7751cce920d79b518fa", + "sha3_256_hash_of_public_key": "13120f2e90a3bcfb6ae565f83f144e4e6b44171a5a80c7e8e8fdc8e7025a079e", + "sha3_256_hash_of_secret_key": "19815b8f87d2a38bbaa27e5925ea9eef338c25ac101631bafd9509872ec507dc", + "message": "00769683fe7bfd74b3acd21af3898b74ca73dd126c8315538937cac4ef0ad4588765a26dcce1c90c559ce691e7eb3e0a497d357e1ab583c761439c0a66d1164518f01b6894067925753cc2866a91552fcd0ef029c2284c620caf364de6c56eb41ee0e4431d9be22b76451d132a3f9ad91a53449be820a7acf56f6adbc7107c7c729ec8a64fff6a24b4cf83ff4e945def336dbfea6067fccbd1cd6b5698adb1ad6df03fd0a553457b8e9feb4a1243feefc2df7f66ae3eca5bf169f7891adaea8d5c59012c7aa00a5a86b0a33d0006f8ad5a01c60abbda6d249d3fac7ebfb85103a3a747a45d0adb7def52ed3a5f1a620ee383a9c0cce1900e413fc74a7a97646111d54783928b15bca783d01efc67f49ce6f781e82d25d3f30561f507e3831cb4ea5b4a08d5489830017270b63d8298beebf48eb56bda5685d5e1e06404eb9a6c3790e9b29c99168b10badf8fdb03f3c568672773eec96428149ca272ea5a8083f8208bdce361e7d40bc4da75029d4a18b0b6ad615dbf849935d4755cffd270a52fa290811cd55bdca38ed89f0066adb9ba7f58366379ffe1caf3a9127e147c3af3dc27279391e0c09537e81e20e7b9fe4fe3da970fe50bfc96555233cc9e61d3c356aaa8eed5a8aea2327d7036ee03e7ee40aa35e9da4544b121514c261ec1cb0b2d75b1d5ce129e47f89825f69ba8254163179fc1331a917ae9c5a18556a10c5f983871b1258cb6fc8ad207f97a220c5598860b6c56f1eff09de6000241e901a89e107feec15833d34d6eb12db6b188faa0b858a5b9e32f84f783b43b6f8a3b2e4b044cff8902e1eb0c527bb4e29c92acc9dc7e0d9ac6b3a021415768b21dd9695983ee89c871c0eade0bce4fb72e682dfb5a2bb7498bf4d2c01240f67d1b62baa4e587069c16e3032114b14a1c4288febaebb4c75c3c05924a358c4bb7df95ecf81d67147fae3f605ede61b7ba164eba1ab36ece97db0ecb32a673e899b24557d8987af3adc57a9da609914c9b2d6d8ac58e5954e0db5aa9e75b444700b8f704e15a6a7bba81809fa8801c6ceb5747a44ceb8f99cfe6d8a2a03c03451e5f3d392725207f3dd28b2c00004425b7ae05fa3769183ab60857b27ab08bcc4321d293c93d1d850d4e7a81b14564d7b15ac0e3bc1bfe0561622c6aa06923eefe163629ede8ba1732dbfcad52d3baa6e11e569ea790b36a8472b2ca37bd5c0edd37d8f164b874952d00d592fb705c6b3110a12b03829c157191d33c579593e7828cda5c24a284ba2f5a42f0bfa601a8f6d3db1ca6d703ecbd261629c9f96ebc0458737b9951219e5b1f86192e2a85b47d80610a0acc8b1a70db2916f89cdb2c7f8943471ddbabd2a3536c5dc8a73cdeddeaaedc86fa148d2ee479f8465558852fcbea0dd8017f1b976281a5014319c2c3caccbf571d9550215b24134f6daef32716802e7945cb3f97afc1ab1da17d0c41b545a750ef345a6f88ad5ff52d512afa6558335b5eb8979d8e6dc1da562bb997e7d152d9fa3eaa09119c3474e11218230d8a56c19ad87fde483fbd6ddde9acba813bebc8505a323c601e5b5251650dae9334562e3dcc38a28bd7ded6942d0cc2014235c1b66cf4a57ba3010b83cc7050309f57a27207512d195d070db3d10ffcbacdb47e4231142bae588f92c5b0a71abd67ca9390c2e05fd2cf7a1fabb14c5a7ae3773c66db1f055214479e388b5e6abf0df8fd1b0e4f90828acc397643cbc274143fb4331262a20634877be4c7489c1ae9eaf90bb2a177a6b5ac15cbda27da0616e5f87461554f5686a7bd6d047ad0b98c8cdea3db78dd2970c78fb861f2a92ddc277876791c4a30f525659557831f4377065d19acb384cc68340152a6de6d84cdb58f433923d1fb8cc6b10bacd95b9ab1b45563998620d192032269fa8301c09a29c4b5b20ca0a3d63a4f5984b7db0f5b17417dc7b939b9b177bf423e2f3d57dff296e6e4ff0fb1744b13731206ead54ef0aa1da09bea8b0ac0ef71b73d009d30531de9fde90d86bf5f20d8e5a9e324e657a98f8c0031adac4385157ba4e28b48aed957a5b36c3b49057f8eca7f56808f794014dad170601070607010e004f42d01cc63b2a1761126ba045f1165e25fdd05901fac6b76e777faaaee6f5ed94302e2da28046b4bc60228e1b9e194f364e377f84681b3011583554b76fbf8d7456dbdea665adad6aa0556c8cc714f217a518a98615c4c1cfc8adbbd4d12c5bc23ad7a0f849e32fe2005334b55d7bcb43d1c95d4793e7c3882740cde8dd24b367294496a3e2f3251a66cdaece9e0a73d853f8d4e3a4637836ded68cb28ba4fcab02d61fb5cfa581792e636217f3238d78912ea0863816ffb2f388823174b19433c2b14bab69e12c3b791fe683744d4519455a52555af0d7e12749f6094afdba00fc6a609c7578c531fc4c3c3065ebf78414f112014726ec2230f9bcd9c15e36283144ccbe0d1785b65cf49ba8fefe92eb6907c0330bc98ac172ea9e8dd4df8974dd6b6772bbc6ca8e8562c5ec0b6592de7440ac915c35e0ac8087f22eba110ca3037b469b1d5bc92636d81881e38d8bbed01a29b3ebcf0c19eb95bf999eb848022592aeaab649ce19824ed9d3a32d75fba556ee07606a306d1fcec2e24b38274c361b7bc96ce37b7f4fe434eba17ac2a097051a92e4ec32e4c678f7762e8b96ebfd2600c0f224b04b2cd7e9f4ad327d53603828015e9cf45969800f02fa5e0ba26b8c844ba1fdffde44303ad0389c1b31d582877ca6bfad4973ba35fbb90ecdd95f430078bc39aa89434130a5fb8321e51f9624090d0277a9f112ee8ff65d3dba999c7c08727d0f08dcf00ce22f62c955d6a822f247c8065ab94ac442e1cb5f31254816794cc2556891a523b8aef09d3b9e07aa8b67b3b87567adebdbdfb93ba9a082f72052572c97e73af16cfc42d2a51a3683f84748a338aab56264753ba4083d356a27c71f47221ed8340c50afd46cd207c4f9634ab5a44888a4234770c46232c35eff83fa950b0a6879137dce209d5a1f26809b411f046f51ff084f15bfe03292ee845d3044235adbc299925235462e67f803daa1426f0e116b93f4532dd2784f7f87ae360281ce21f70d230c242e1a98de8fe1d6147ad71edec89e24a5980c45fd91e23516758af71df8e0dd96929d4da61a3baeabb96c9378986deb4c9101175e3af1e102b52a8da27d916ee4a28263ca485cfe87ee5436249c1a2f933669f6e3274e9bd93092f4a798ae85d6592ebb54dc65c28ba08582e275972b0a12c22a7792ccfd4a398e504c6fb2cf5ef1f9c268540b4fd7d07d59c49a559d86a56a009c4c18a3fceca109fc7a45c6e842abc22053e84878c4805d96ac96ba00fa40fc3b50407141105845055447ca94bd27f234183c2b8bf37f5cd249ed0705afaeae59c8be8f6b38069d67fb23f74284e8185c176b58b482900a3e09774383c7ecacf4fe5e580df99db102ad4018db73c73a635d3fcdc833b000c948d846aacc92ed54ffb3acae1bfe205d6b2312658f15decfa085d13bc3757c754c5704d8089563e0ccf52b04a49df293cafbbc2fed5d9551b5a3897ec7beaa56a4034bedceb4840a9bdfbb8bf47d66dd3a4e3eb1666372c6b2c39a48d52761bd36403cb130a087685e2eabb8711c11005ea09f90ac49665415c56cab6fd2719c45b6800df914f8ff327eed29d9b9a5bbd6b80b8bb31ad1522803b2c8d89166d5c6b2ed47bc5bbbc4abe6709d46b856ab81ddf15f098a9ab76a8257e7e5c2e7dae53fbd691736f0d6bafe0bb939172614e99c7d7e37754af6c3c637d076a43dbd70e5eae910c8170cecff1621e382d2977635b67f4fac555419f8a0bb76ccaeaef4c7385d293c9595ae10e5201c4a31b4c3ecb9f3b304efb1886f9c58a4ef04e73341b95d9bdb85d706b2a8d3fdd153743a8bb7b3289d0fe79f6a3b9e0fe160dd6700fd64fc87d9ac96858a6d395fef6f3d2193ebae7c3a92e18746a7f12b244fbc5b1df0086cc7045036519d9d7bf8e92b850ea0d3d1e775dea362362462dea2d3501d39203e2879070d1f7ac92fa1576f6d12886d5b979e3c788c09a769ef4ee45e14cd8e7553ebeefcd31ff3d43d4988db08f6630ba8ae8c7250ac42a3d78edb967d59310a4a224567d8797c42370cbd2302a3f49abeaf85fad9455f98b61ef2b5e34a5c552583872145e191bbffcaa526f5e38e497a1a1e1220a0f283a935ecd366a9069d5a2a80baba3a22fa85a2557db72d7e29eb4e33e8ed8bb4ec2ec7c2e9cedef46ea955834acf8c9ab23b78052446fd73c9d61683d7fa0088db97d07cc350af0b6b2ad7e66a493af814c11f8c0f2fdf0df40aafd0d218c00319c367e98d7f10c74ea06d31276f3f216e1cb2f12033915008cc83b00ac60fc9c2fb7f97d6e8cd79650d0f9d82bfd9cafef668021d3d165f3fe84221998bc8c29aea0b5b7e0f1f25a0d7447e806cc3fc39e6038be3df9ac01f46222d3a609f8a026744ab4f58a734e3782bec301ea91f2d8e2242d04a11e82474002143223f29656b1a7675aa5ad181004c4f1381df6a0f95a0186e82c04b4de881209e9ccca3ee5b1def0b02353738d92a07314403a1a2721c256121fba8b8ce9b460", + "sha3_256_hash_of_signature": "a8f0a95a2d7032520a249b265bb0dcea19ab7645e72d6fe5db13eb10a7f9583e" + }, + { + "key_generation_seed": "690482bff6c1d0ba6c071dd395adf69e55e1bfc4e0992a8650ffb5e60a02b172", + "sha3_256_hash_of_public_key": "37f8f312b9253497cd5a654da84fb64013c9ddb211d6d175e55d7529974f208e", + "sha3_256_hash_of_secret_key": "9d22e38dffc860a7e6232c70c6093060dc3cfa3f3313a3987e3259233f887cb5", + "message": "d21a6bb3a2356805e678673c45fb055fc5266e3f692af9935aea307f14a5c41b979966a5dfe42ebfed1487e4822b74ab5af28995e085ec8007eca4977c63ee5299fec63dccbc42eeacab488e574249e9d856146750ad97c8a443485ec1c5820beb0964640010f6407140791e74684dbb91052e2d8bef7bdcd78b2ec03c97a53295d683bdbe32a70dc19a2f75b8613aea9616ae0e280179492820f73fb7fa4121e673fb5c328f41b67ff8ffa7aee6564adaba046d6e1d6aa13fb24965390f829246dfa8763851405075f76cf94c66ffc3308214df0960c649aaedc22926ce9357d3875f8b71d68d75999aa3663c30a9edf07228bf7dff49ec1e6c7a33d2053597003b82392e826ebd701b4c981aaac9951c79e08f592c2c0637c8e5a7f9dcda599e859c317d4888b4098992e0e2d979e41c703686d577e5ba6001ec4f587140711293d664963632f87ea0461e0e0c5e9d8d292fb409f9f9ab172ee17fc8afabad06e42b437ce22924eb5dbd3a80a06962f3b37946259f9c75a233cb2b4abdc5cd1b648faeb1be8630db40d151b8fba693df2c5bdcaa14dc4783f450b6bc407515ceebc5c9a47bd1a141384f0b596cab1135c075651cba989c190f3171dc1d72330edaa01656813c4b7811715060b023fc426745c301b2a91e0d08ed3bded438c4ce6799c35f3981c882a0bde4a2feeb1a52cafa47b0c48558fc43f98fe08f03a71128362bb6fb9da6a22249f4d4352ae7d3dae85de497e2411eadcfe5bf1a3c075c45811e0097ecea255fe15bd8321fe8b546a8cacfb899eecf5419db363c7567c2fe7360b36de14674f500a31d3eec71451a7c0d5576a8939c0f6d4d9f2f03f3c516ce25ce73abb35c73aa94f6aefae6ad87052d6b195fa43586817f5bb974aae7f1b8608922411aa5b0d7d574016cbd3ded13395623470a108fa0e1d3f9faa7e1e5031843f2a23dbce8b196315290dea5795e4115d53dc570a444064cfa3c9457dbf3ee323b1966ecd2270c32910f8f430522471258a1f1955a6e1dd8c84ed9a566499bf85628615351abe84b401421da2cfaf575e2644c9304c075ecfc374066cec713fa4c0d89043689fbc59ff54b8f97ee0a3b0989bc5e4ef83cc9833e75bc8b67bb5ee3c06ea156611cda95a6702416807530ea206ed89835d20805ea988b1958569cdf7f809996214dadab4e20bd44917e3410ec6beac98fea07f764e85b66aed5e17cf675d2ed8e63db728fe75158cb31779e31379648b43d68ccff3780854cf03535c57122019456e73cf06769bf1fbf558542241ce665bd10f921828553585e0cf664cdc6160f9c47fa5330591b74194f4716056ca83993efec4a52db9a1fbd3b2f504ac19667325167407375b6d7de739f07947b511c8d475744e5c29d6e286a37f1ff8317bd0178f0e306a38fa6e75f4a80427feb2c91235d3e7f20d8101cfc03bb73f44ef59af3526e9afc580027a1dade37654238b8ec7af0105248fe30784a88b72e11fc1bd807e47a349bd29075befbb29730ef8e85e3abd5105559bacee74aa27d90d360a8d629dbec95eb34c7f7ca20096ff7b521e40d3944a975436896f372eeab6b8615eb91697965bbf955779dd3047f7e3bf029e3509a5780247445d6223d085afb4291d976efadc41e42dc2c0728d18f6155654a332fec72eb6aef8b92c1d177e3dc28c31971bcaff76ddebfd9588bc244b116d409e58dc5ada1648663d603c47faeb814aaa7eb9b6264356f926c18b9357bf426b89ddc8eb9177eceb5c6cdc64dd8feb7b326bc1ba89bd9035235da0e644ef959c58dd97b88d5c749b36931ac2694c67151db0894652e99254222d37cefe9e27b3dd663a152dbe29a3639afe42f4578937076180563aad6ad739255ea012a17d2a56627d84c44fbab261d392a966cfe19278799cf1634d42384323c496190d4b9fb662694e3887ea66ab9e8b195488c8dca47c8bc0424247759137cfbf86dedc3641904cb6facbb30a9fa84acf69a67b4afdf4c2aa420fc0d90cefa0dfbbcd3072d9f772fd6058e2bf0e251be93b00dc43765b53db51b22f12d3ed0cc5655e4aebd9d923f99a43e4461dcf5992030e66a1cdc3a65558d9bb3a39788d92328387d144850dd3706fd7a079e3d2398f542f91a8aaabf0c5068dbaf1fcc5160398abecf74884beb04f3a3ea38bbb80d798f5981b3f2db6c7b33f867b7dc06a4417e30f94cdb4f523aeea0be12bd75aaed57520db0d4b4f013be3a1dc7ae5c58fd1de9637f7d82f697b7e92da427a78feec6a5c0255eb57a43dea6cebc8805bc04e04fe789e222b1e2642d26edc14fb36ecc6092b3060e45eed6c5b35de8741f72933930ecbd7338cf39474122357365700cb50c5eb176fb92814fa7f4032570ccee6b859236ad5da5f1730129edc7be218ba9874620f6f0ebc45e0bd622f8fd1ae6974994af95c6519ec1c46650c073d194fa6ebc62f405f63a3416782a47872c7d77d648d0a1c802ffdfde5fdc112c94cfc68f401889efc522fe488fdb5384c0d93147ab6587659d936f98ecfbcdcfbf8b352d605f18c855e2559743ed97991c5d50df44a7b929303835654a3955abc5bee6327400a7ccce460b318d8b5ece5b12f606adb3d7b5ed59563b8e675e78029aabc234442c2463256fe02b04f556da35c4615d14a9f4eff17db0db81de4bdd894f6628a120be2d4cf3e1f46d53817899657035a76137e23c0b0e8ddd29465d7f15628fd435e6caaca4194fdbf85fdcc31d5dafcb52568b7c0cfbe713bc85fa424ba3abe149e4035fc86807a8b876d2163b447cad5ec0e6ef38a1d591afb46267f9dbf142cab1cac1f73beba212992fc6d4647ec17848d1adbb1901277a5078dd72d9c9184e893c0806e9b4aff0a824670d438620f2a7e8d2965b619d291e5824c014fc888a36fbbe17356431f0039038f9b497902aed969f9c488390b7087763638e976801127baf1f53803c4dc9649f0ee85d67b239e2bdafb2bd75f1d1da22a56fb3af10a9dde7ad306c4af8681029316c0e1949228e6bf5adf942f1c0ef92b2bcbc0c70d49e5808851444240a78b14d21b54f66271482f49b85f5180b268050327368496cfa8b54ecb97ee6d28eb74a3742f68583da046809002c22f7b31fbc0566969f9a15cdca892c4beb101a2ac3526c76e9d30982c9b4893450fdec4001d2431828d24d8b1a67df80e2e10ed2ea8d723227055c48006665f7da8e032efdc70bc7eeb2b369b551fac542ad6df1a23107e2b3c0e3ccacc25f26404c085cbf56e52d35d7948db9fda6dfc24709994719d8ced41a2cc9b3c4b2bef0967cb71861cf0e6aea9bec9395726aa0e2f1a7247ed0f6038e3df4bf566786073590dcf97f8f0a99658d8f630a2d130c46cf4d26c669360d0f70b75f904c9f923ab285d5db129f6c25ad21f9e26ac844d07a8eed86c4e224ebfc5b3f720d6f94b0a01b1433c46b40cf84e80f7a6afa7bb8f9acf818ad3cab2ddd6904c067bea4f1fe79b83cb0aa8fc75b6b096bad6fe94abfd48f8efc0f2b9a02ebda8fdbdbe1c77f1854edba18aae7f31ced9cd34c1b355108df18a8953932f7554af05b203a96a9bb93e0eff51d7f93b56e351562cf85a2d35eae2c2427b89a8662a1c723d4f14e6eafdbd636c2bb7ade29c1a6bc8a463734c808bec68b1e9a31af6e29b412f1cb8c90a9911ac5c3ea71e46113d2d7b1ae2d8802b06a770fd0e9e4652895e42181ad09bb541e9493f258711bb7bedd3e7ca8b8ce875669cf80a6880eca3f13800de7011ea67f443e505c4fb455608ae586f922b3c83fd33b306bdedb86223c33e3aa65edc93cbcf3a03adaf9f328997951d59a9200c0ba2618e3596af176b43122cedc52b1e006ea6d12dc236a6fcd7cc46825f2ef7ed71683a731d746fff2fe54e0b392a8cbfa38873196bb2b835dca7cb7c3ed9a004c7a329b9734a111744bdacdb669e69e9df1e52f07c513e3752a0ccd81d7ddc4a64868b7bb2bbbd2095373480522be10615248a179dcb61dac90f7fa5fa9b84f190a9c62b5ff9cd473a940f03e7107157d7eb60af1e3e384ffe8a67dcb2389b3b0fab7c789cf100ca95cd6a85442cb9a2c243fb9d454b20bae5762d72b8fe79b4df81163d61de4578cf976992d8b9989fc68089f811f53db1e1092b60220552876b818bea981571898cd6ab7b5f13c46b0a076526e3241d65014f855efd7bde08ad91f259dcb64e94ec3dad97811eb024ee1d341521dc92ae5e93c73422088976f2d27d64e1d193b955e6736ad2bccf3c1a53d590576434acbc0b687f27f255fef354e68aca47160efa7126f908e08e4548c11546d9c412d685fa84d2eb4dcb2bdfc48e2fa8023548198ebb072a48044f4391143e3bef4ff9066a4b0d03adc826819d67588ba84f99da27424103652acc039ddd3b567851cd78e4117a8b93afe01fc8eebdaa1acb8ba9d095789e76b9d5ab9ee177a15d666ef171fe1d4bdccfe2e58ce669b561f63028c6ce26db5c8182fe048680b175c7ab407215ff3a7801c950d509867ab1b0bef89b3e38a387915225ede76f91aad15a85d8c46efd588bb3baacbc52c036211512473420f3f061f5f53e9353de0780425745a76439b3811511c86ca503251f24113384e1a24a9367536e796ce08b896f572489a2339e82a856c", + "sha3_256_hash_of_signature": "c3b0eaa3f9e65e8232961368e754ded04e0ea0c78114cfe85150adc0eb97bf48" + } +] \ No newline at end of file diff --git a/libcrux-ml-dsa/tests/kats/nistkats-87.json b/libcrux-ml-dsa/tests/kats/nistkats-87.json new file mode 100644 index 000000000..088c2473e --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/nistkats-87.json @@ -0,0 +1,702 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d", + "sha3_256_hash_of_public_key": "4cb13352c600d29720c556928528e1429f9de7b5c1e5a7e3918c5bc0b4502a33", + "sha3_256_hash_of_secret_key": "18fd44dfc8288c6fc7e81785f97bc62b7cbdc4d667d911cfe331129c396c12a2", + "message": "d81c4d8d734fcbfbeade3d3f8a039faa2a2c9957e835ad55b22e75bf57bb556ac8", + "sha3_256_hash_of_signature": "fa1d963f189dbc48fa405bafc5c9f681bb28f3df29a0ac615d17f13a4803be30" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345", + "sha3_256_hash_of_public_key": "6b5709ed5d5ba90aecb6651342c690a20cc4dcbb2548575ae9d817f7ddf6135a", + "sha3_256_hash_of_secret_key": "6f2702e37c7034de7cc4f1b48158a8d30fe464c4b9975df9e705ebbc66d32929", + "message": "225d5ce2ceac61930a07503fb59f7c2f936a3e075481da3ca299a80f8c5df9223a073e7b90e02ebf98ca2227eba38c1ab2568209e46dba961869c6f83983b17dcd49", + "sha3_256_hash_of_signature": "12d32066ba52b93e35fb9c9bf0359e2ec5ef1b25f9a85f91e94cd6a58ed3a452" + }, + { + "key_generation_seed": "1d836e889e46259bcd1ccd2b369583c5b47cfbb919ec2b72c280247cb15a5569", + "sha3_256_hash_of_public_key": "f0ae7b220f0be66f3294abda5a4473d6add9358f0d960200f3812916eab86138", + "sha3_256_hash_of_secret_key": "be51954ed7122139dad4c185e953aacfcc58281a0b79e662058932b12c0d9ed2", + "message": "2b8c4b0f29363eaee469a7e33524538aa066ae98980eaa19d1f10593203da2143b9e9e1973f7ff0e6c6aaa3c0b900e50d003412efe96deece3046d8c46bc7709228789775abdf56aed6416c90033780cb7a4984815da1b14660dcf34aa34bf82cebbcf", + "sha3_256_hash_of_signature": "9e6fcd768e7d241ab43648c625158483eb294b19579abfae6e1884c507242d97" + }, + { + "key_generation_seed": "539577cb7f2088fbedff1b53f235d607321857db32bba645f8df3a89dd426552", + "sha3_256_hash_of_public_key": "813bfd8ac1ecee6b355545e9929cf81913dc59dbfda30018c46f9cc78949b3f0", + "sha3_256_hash_of_secret_key": "16c3a58e049f258ef4f9aedd7467a789edf7df94d6ebefd065614c966c4ef9fb", + "message": "2f7af5b52a046471efcd720c9384919be05a61cde8e8b01251c5ab885e820fd36ed9ff6fdf45783ec81a86728cbb74b426adff96123c08fac2bc6c58a9c0dd71761292262c65f20df47751f0831770a6bb7b3760bb7f5efffb6e11ac35f353a6f24400b80b287834e92c9cf0d3c949d6dca31b0b94e0e3312e8bd02174b170c2ca9355fe", + "sha3_256_hash_of_signature": "51995ca79bc63095b31a3e1e36ce08eb02e6622fec4873edb4955f3e9418399d" + }, + { + "key_generation_seed": "2ca59c6cf33c53803749f69ef5abfa9482fcee7efd87fbf17135ecc3ff3fd7f7", + "sha3_256_hash_of_public_key": "3d909eb6303b29e8961667cae8380deea55be7b23159c8948ee38090e95f94d1", + "sha3_256_hash_of_secret_key": "f88d5cfedac262e7f1eca6b2935841a3c25ce3178db3aa4a419b1ac64701d678", + "message": "1cdf0ae1124780a8ff00318f779a3b86b3504d059ca7ab3fe4d6eae9fd46428d1dabb704c0735a8fe8708f409741017b723d9a304e54fdc5789a7b0748c2464b7308ac9665115644c569ae253d5205751342574c03346dddc1950a6273546616b96d0c5ece0a044af0edefbe445f9ae37da5afb8d22a56d9fd1801425a0a276f48431d7af039521e549551481391fe5f4ebfb7644d9f9782d83a95137e84ea3aeb3c2f8099", + "sha3_256_hash_of_signature": "75d5c65e1eab0ec55abe510bd0257186425ba84f2351ae5bd81377cf083fba51" + }, + { + "key_generation_seed": "e17e72290e49a44c9c534f211195257cf13b0d45405782ceda2d7f982a551721", + "sha3_256_hash_of_public_key": "20345b91dd66899e79b2e84a0cbdd5da79929d8620e7befd2763685a34dab09c", + "sha3_256_hash_of_secret_key": "e1260f346c33298ea1c09def3e6f9ad9d62588037d32e99f921379c0d98ffc36", + "message": "dbe5b6c299b44f8d60fa972a336df789ef4534ec9ba90df92ad401d1907951eb6285eda8f134277ab0a1145001c34e392187122506aa2dbb8617d7943a129eb5c07df133d7ccde94a7cb7f1795c62493ed375353d1f044257da799f7d112c174fbc35687e2f87fefbe2d83d29d7314b30a749fe41b1b81095638f112bc4563420af235280e466ffbe7050c4937c60fc18d1a6025bcbd489f0c538e088e906abe8597e2c8ebb64f01d225c847aae4b77bae6eba9269962c4b94a9732ceaa2cb4093d442ffbcdd", + "sha3_256_hash_of_signature": "55548315e9afb93d1faf68db253b9be57b6b062e3bcec74b9a80139febb0bea5" + }, + { + "key_generation_seed": "3b7388e675de5c59a78af095481c7dd999c6eea898595b1e7dcda7edc3a2c25c", + "sha3_256_hash_of_public_key": "d9a8a0599a60b3ad5bfd5c1847246ff89bd81a299a0adddf167df10ec2f4cefd", + "sha3_256_hash_of_secret_key": "02fb1769d0c9fece6ec70eeb35c448bd78ff4b4a66a17c93eed2c201449ed0d8", + "message": "0073bee97fc97c0fbc750d474aeb93189f061e1a5cf6600c04fb0464338ec7e85252f94fcbc7b2bd00e438480d9af3add92a92e3e2e8acb55077c3278fc7503988a76e9b6062996b20889aa55b343d5a003c8a8852d738f955799fa3426be5ccd3aa6b6eda04d4884941ffc0b69c5acf12b347a74d0580cc3335ba816200f87674a4c1d98097c70f2f27c74e94a661850610ecf4847ab5b58344f958c5719e06ba396225bbe21acb0fdc512b885d391e11b0c0ed5ce6b5dd8faff91f50025c69d43072f7706d80d9fd786e1104125d79a5f4b5fd838815d44fc8b1ab678078cc174dde970d448b", + "sha3_256_hash_of_signature": "84cf5ac0cfb5eb5898a7b451503e6da543f15bcc2ccc165d613d82bdce89e51c" + }, + { + "key_generation_seed": "dc9f40cabe2e8e4f3d1538fbc1ada27b61b99081455ab0c4c41b5b3da8101000", + "sha3_256_hash_of_public_key": "38cf687c7182e8596d639c946ea7f13ca5ac57ebf41936212b38c4db23000592", + "sha3_256_hash_of_secret_key": "d9a44883b4907a2597b9e21f5d87d50e61b3dbca711379875d6ed71c3d73c11a", + "message": "a1586245d81f96bd8ee81aa30f10c0adb343d74cf72c4dff71550c12873af89fa1874d4731c996243c3749af3f6188ffe9fa45430549045134eb29ef3cec37e72904aa082b1c6161e6b52361e49af4933a8d8c0734f21cafd7467b0c02876f43211d6122e3e735fe36064df7a0c91449237c2bc7c3a78ac7bb0f9567f2576f05802c872adf183a87aa3b8217188f2f3535f877724f35b29e545de4bcf258f13bbc7edd8c6587f733c9691f74b4151cf8c060c3ae9e8d49fe7c77bf477dc9f23fd0f0b67320275529034b84f94176730923c03aa50f9584d9c2d60b8dccf85a13f243f30a51abefbbf2cda602bf3d75e849eb92422b808416c7e56b046ce38e4677ad24d23d7237a9", + "sha3_256_hash_of_signature": "3bda83a703648bbf9ddc233dd9cca9d8374411e1ed68ae32412b3c804b270c31" + }, + { + "key_generation_seed": "1dade637ae98c393260f5bbbe288373100dd7af37eba913c528d2b7b998767cb", + "sha3_256_hash_of_public_key": "7fd70d7c358391189bcd57c25eb294217e6689ef2e8597275f9326bef2f70d67", + "sha3_256_hash_of_secret_key": "aefb2f52527b146a9eefef3a4db44e535839755b46835df0582b3872960137aa", + "message": "9366ed7b3b623c411448b634446f1a3faabdd163a6cc1e2bcae4a98703cd8cee441405892fba051be2a586a6950a5ef73a255e5f86b0d7212e0c51c3bc79be4b88e76ed6f043fef3204faf044bfb1ed722d61eb5d0b74c66a257e8ac3a2206273c80d2ec2123a4dbb715d60118d99ed7322e38f1562f82379138da3ddb8baa7ce61ab729afc3748c0134633cf45a9973c05c75d04e82f631845427626b5799dc07ddf830ba01e8bc6236bb6d03b37d949dbb29eec7dfe60fbc17ea590956d251539792016e2a8b01e70476961bc9ada43cda682d0caa4fcc58810bba1a673ef8f6bc90baee701e8e4f7c04a346ca56c7b2862ff57756ce6cd1ee22d677bcdaa896eae96f87870e032c18b6c6a0c1a191fae2ed487ce55296cc4b6339eac9e8a742bd0a44c3525cc750", + "sha3_256_hash_of_signature": "59fbaaadc00ba4b91a2d3c01d894f6d19a0491c11a82b9776f41b690e5504bdf" + }, + { + "key_generation_seed": "8866693cee12b909e32a0c64381796633666417e1246b51a2643564b464b4113", + "sha3_256_hash_of_public_key": "e3c20880bc4c0b6eecf0478d4e272dbca345b83fab13f997c4648ed38ee22b31", + "sha3_256_hash_of_secret_key": "8f2adf876277ef9c0a4fbd1e69ac101e7f5fec4343509d246d2d93155910799d", + "message": "0998114c84f84080e7eebb47d248980fac9d28f1abb6dbab3dd59a5cfd2c7cff7f308372874dd5447c7b02e30165501c0c673128e4c543a414222bdf47e7f4e8dca757b0f4a3281c0d10c4f02ab52aaf5b9a715e012607ba310947a60a5f62d6b8cfa96386d27cfa709189202421c078934aa2d955468e550ad4d0d4acdd98b168a9568e232192e92789830317fbc959087fffe353b6c168f3efbe7164444f1d6cba5246e31658c65440a841dba78257e78502843ec1a6e9710229c8eeb85d6cddc7d543285624aa1f756a5dd4f1a5d4fa52db8c5c34880ed448fbb6d254509fbeea0fa022f276b6a66bef7abfea6049ff74291babe781f718683397077b29fa9e2b46bc6b09251e587cc5b182195dd4060cc4a319bfbe251a5b660a739dfe5d0e5b93f3cb7e440194f1c8bda922cb1a3ee3d27edfd61c1d31a7f4534e84889ec83b51f1641892766434", + "sha3_256_hash_of_signature": "90171879326ea170618441e515b9b1f7f94cd01044d38c03d11761608cab2994" + }, + { + "key_generation_seed": "d6dad5b2746422f4487b72536d70df88af4b2f9040aa45999f8d7784ef696da0", + "sha3_256_hash_of_public_key": "ae1a2a2a2ba38133c9b4016830e44b0de96f85bdc58c902fe483cd71d38540cc", + "sha3_256_hash_of_secret_key": "9c0959b5c0807248e19a64f37a74807708f82bee1852e5a348a590e3f28893c0", + "message": "4cca95cb9f254c2eaa7dcffef662ee03320d5fc626a6484304bf62fc20f341fbe26e1537d7bd20e95440f7cc95ee84e1297c807a0bc9006dfcd5c22a5c1fc0865f5d70e5d63ad677fffdea52bf85d1a4f159f7ed16a745b4d971b620048b5f518eb2dc672ca35022578059e1adad7c07fe910a5d566b8321d9a12f34c250be35ce964dddea23c90ea77c9c1bbe3532feefda3637157786ec7d37775ae5cb0bb92eab45a0fb1e833e8a6f3d06b85946e31a79b64a02b31fa640ed514a85882c89f693a06354dfddb0b5e23e7792134c69c1d3908882df3a7694a05b241b87fb2dbd1a4d9f26943b69f3cdf730301663089d1ebfc23299da21300f735cedf7b109f3e0bbe273776e6aafa7054a6cd9682b967eb7903de549e9558e62dcf3ac444dd7042fea362efb555bb97fb464ad7faeaba3197c14a6740477db50ce3fb8b762f48f880381d510fcc836e5880b48f08bd6333202e838ab73f2e106cfbfb218aab802da8a00f13f78ffb70c", + "sha3_256_hash_of_signature": "08a4f5133959598301e3f3d30dbaf70f1fa6de6e842534aec32a4f9edffd35f8" + }, + { + "key_generation_seed": "68e7818f33b97ba6166768c395bd010cef7bce9995891d164303b53c1123a991", + "sha3_256_hash_of_public_key": "bf8688834fe698dce363a4e80c0371d13d5ad2dd971173ae805b0b4b7ed53214", + "sha3_256_hash_of_secret_key": "c27d235a91802b0a6cd00de510135d23f62c5ef3977ed40fa6feb8f1585283a8", + "message": "5c4b2e1a344da1418b0f4be3fd99505fc30f2a1e5b696e943bee2451d7b268f722e04f8e00fdd9e1a470f8c977a6d45a5f621b8815e352fa14f64977d1fa08082a48af495719ea6ac1c0b3d898603b4cf7ec88e68dd7190884382896d953d612cc21abecfb01a04a1bb1bbe8986d34625756396ccd84bd1a6b5454dda98824cd4844d98f356ab485eeb19f9196abb1c3088c0c3c5846c88760b696d91a232d6f4cffc85bff33de1a3433a27a209a461fcf37f2289f98bea7ccf183db1fc42a7edf958e7913f8711dc375e43f09be7c7a2c2b1318ae2a9cf5988fbc2ce0735a2cd9fb6c8496c34406c538c01bd494193240bff947fed47b7cce99a1747973f1faa5223ac564bba0ca8973d1310b5bfa1452cace9110bc22a8d4080a8baaa8adfa3cfb6685679b648484e3a43f9b1b2531949bbb8fae1846f6d45d9272fc2caa2913b5d9f8d322e9b18a685122d74634c60730c101578bef2480711feffe02123e76d6c846559e2ea99a98923ef095630102a5573ef027e0ab6e52555a9ede0d15a73c8b2fef87ca6fd9f903f0", + "sha3_256_hash_of_signature": "ec3a5cde77a94298532bc91eafcc7d2d8352f1b335b2745437e873d19b050fc2" + }, + { + "key_generation_seed": "35b153a7706109d4a13d7c4b26aa5b56d9e3fac53b47e91b0c10bd4e0eaafc19", + "sha3_256_hash_of_public_key": "54b9b495dc2a4d0c91d9bd985c0614c3f61f997658e21578565ccf742a1331f3", + "sha3_256_hash_of_secret_key": "4e5189dad3c04b6ea62347dbf707c9a2759c446595e99c5026e8f1f1c5667349", + "message": "49755a7b1a7cdc5c9bdf5149968061d3c95ee67bfbaf02750c45094303a9d9cd23a08f19b9c768adc63ffd1527186d09ca4e0356bb882e263bf015cbe3716c05b31a69dddb790ba82c341ac9b6be68a81b8bef8d882304baf0020d761a0db04412033dc369961a5213b04e81736a580f1162780599cc029e262d67f31b2773afb457a1adaaa292163144f17de384234f3303111fcd89bcb30333c6c6486f775ed099043c34e6c86450b650f1a02d03781b1d20691b767d166dadf1dcc4d8604d976efdc9168373a7316dda9b9fb02a4a321218d9f54e287b7167a08bc0153843bd6355aea1310824dd5d5ec458be694af176119d9e588a29c650ff5500293659ea478b39a62149f819cdb7e7cb32e1d7b1284f159e2ab1b1ea41af4d0ac94ff3111fc1ccd818f9b2cc7a259701405fdf6a51d2d3ef62789297bd16a659f14968ef902c4a23da409bf13a4913467b5c991854b2ca6cc006d3f4197a6aa58bd5dd95c36928da9583332c3fb134fa3890fe7e299f1c17205366c4f4230724c43e4803912e72b816658bbb1b63780865a1f66a2a49b96e93711b1be97b827d12173402828b1a065b94310d5bd6098d", + "sha3_256_hash_of_signature": "abf9499855f4a71dfddc2e66275d50962105e63c00eb72bdc1a480d02d11ede5" + }, + { + "key_generation_seed": "0e1a1634fb2396e187cd8980ef29663c42dc3ef963ccd491f817a84283a11fa0", + "sha3_256_hash_of_public_key": "8a5f5f0fdfef9407cf7ccaf3086b2502b967c28dbf667589b0894283a1ac74c5", + "sha3_256_hash_of_secret_key": "1ef524cd82807cf7f6e15751ce57f23af9b4a19eabe2cf74ea8a69e0537d6a43", + "message": "439529df1864297e33956afee00a60099b658a67830a6a6abddc329e87831d9f9b647917fedf1ae182a40402143285516fcab83f447354c72fae81ac26e7005c2aa561763c152e66bd80f14565f47defa440dbb491e7994ab9fe35995d5fbb3800ca030b43df611141637a5246ab9d9cac02efe14af60736b6bdb2babb97cf21e831e5d04d41c00f090b154977900efadd3a9313389a3f84cb3ac38e8b57b70a43dd08a8243f8154013fd5cf29de5a8df0b197c12b17e0610fcfe3625cc94067e01e23d23a243ad1c1f805cc50e1447d1df93c25b8d76396bb7199e64129522462c5fc8b30c132d4ee9e0bf6f52961fce7ecf650647e7064aa5a6574649a323e144d7c5491de4c0a1a76d08f93f87a2fc7f6955fef86991e62e2cb42908e83b0c0a8bc180b7453ced293f1e20f300431ec1d395e8a537f0bc36a673d491f14381dea90d8f176d06031b0a7afb40ea8f76d37fa82e2572b9799a5fc7cf4c49bc20ad78efa8cd989a84d72ed680ac3c0f64155c56acbfd7c7d628b418a489f961357f77bd62204adb079dd3106485a37fee535c9cf82e832d8aadcbf686976b806b02ae733db46db0bf162e973931c3e338cc86db38c66262d1b2ebc7691b8281e0b20bf36305fba996d20ecfdc695", + "sha3_256_hash_of_signature": "f7f065ca898d4f8108d780e3a1c1fa8d132d4f04080b7608e018f01059123bc0" + }, + { + "key_generation_seed": "b0bfa060f1c1a70f1ac55e321e6186a6613605dd732574b5fe6e14f0ff6f7a82", + "sha3_256_hash_of_public_key": "429c90cf0dfaf64555826b0c13a973ef30d50387e3f7830a394f4c94351ef21b", + "sha3_256_hash_of_secret_key": "89ffa98eb920a2f8706442a8290f89a432e96de890be9bfc0a4961100eccdd6c", + "message": "8cb18850e27d8416b88a9a71f4a66bdf447814db6c82098c371b53f61600ef5dfd88e4fb34200207c3f6f55166af4878d38fca7e2dc18fe662e3ea491b58a86246cae16090fb7ada53b9a67b3d0e3787d3323ea921274c60cffb19a889bcf0300fe10e242aae025f374dd83fbe9d007c8b9d9d75574c74146331ddec6f0e49c10dbaf15654897e33e2b4780dba484224aa6fac79015d5792faa2d532bb7d239b11d91420b98690b1fbde9632223927e0804bfb284368a426c414c3db8ea82f0d246413861475ed2dca9e80fb4f3c34fef7528069ae1975afc52ac5ad2cdbca1459e140f655556093210d7905a1a1e6ceeaef0194a0b2eab2c1ee853484e715d2a1db551fdc620d5331164c74ca4848b61d408d2f2a943fa09efeb63d524691c99dcc0b22cc61b98e6fb8039e5e0b2d7de2caaa900a44184bd56c9f02141a3ae8afc661e3e898ecd3004fdb0704272ba780cd5de35153b6fe223843024273642dcf8e4b58be2ab1f61668680084aa0b75a32e766c8ae5eb30d4e02a12e6798dea40f80d8ddfad2041a52922701c689f46f49f84cfc05eca6d7d4c356d50b6a0ba61966245d45134d6a1f5197540a1c39c36bb0b78831af3f5156e669fd9213b64e0cf1c5a31e88ae79ad61757ec67b551b9f0a760f646bf81f6b92403a62840cc29fa4f3949b3a9f0a9a4286ee7808a", + "sha3_256_hash_of_signature": "464561f3f31a28e48f8e230aecefab6bdf5136b7d65e1d89bafa19e1db589f63" + }, + { + "key_generation_seed": "a33bc0a7a08c13c0d4c1174ddd886aac4c5666e1f4831f006c9519d36b2ce882", + "sha3_256_hash_of_public_key": "421d2825f98609a4ae386a9d3cdc4c6b39cc5cefd439d4abc53d17ab70c985c0", + "sha3_256_hash_of_secret_key": "a6e2f3ed5726258722f47565f17b17edfd1d335f51e5ac030c14bc2eda07e4f8", + "message": "9b64813c058f07a09a796fd764604eaf58ce144363702896df0ab5ff26d5de000d14bb8fd358ff5532d3b909ab62c18ac30f1900f84ebd3f4f18bd532d16c7b3470f0f8bdf72938c916db18bcf1429dc1635b1c152c5f89a9edb17116c11815a6c06273a889132923da908ff39f4940a840d3cb575dc4d637aafd37968ec61fc4ea04b4c320491a73ecfbdd8e10f1dfe902fccef93dd287ed872f67146bb8ca5a6adcf0350e8bba7f2f9762c4aa748fce19748eb17334146c152fd63fae3dfbb1a2c2b3c78960369551fdac5d54643beeaa59c1feb0c21dbbb19977d848cd82a7ae0005f45956e0fe4700f14fbaa0c12fb8c65a6aec95c5a5c8e79a6da9c4e446872575c06ae49a31b82245e1757c7ce84d6d5df3f642d3434b7e1a15a8b8a9db460826b6cdca69022dbf87595b582ddbb90a81e09a13c2ab1c125e4435ff30abc9c56a00edfa979f79d9c895e800d2dd6372fae5faacd83adf8a6d55279d52df547e9bab39d99076ad7d297371344d35bd584e0fb5932f92fd5183b9250cd180fc645bef6028c405b0ef35daf783428173f1f2482aa1363640f66af0fe8ecacc0dab84abd2a1fb53af44445698cf1ddf4c2ea214dd339be004e75bf76e95ca5c16981aba5540689c1c1f1daf4d0f89d62ccb3496340d61e7d5f5156fd3edd02edfec8fcdd0b231697b0e66f4a3aaf46117532f5ee2cb4d2b3b82b0beae0a45a482ce9a976cc99aa82beb0fe08cb68c4", + "sha3_256_hash_of_signature": "0e7159138a39ee89e55de501a10bc1498c2c6f1864ebf298051841e5844e071d" + }, + { + "key_generation_seed": "c7e33fa5329142b668ccdde1057eb7a8619397537f2b4c6d6755b3b9ff936441", + "sha3_256_hash_of_public_key": "34e8d3e4e663e786f85c4064cb48899ed5cdb895a08e70d2297ea998ee70c3f1", + "sha3_256_hash_of_secret_key": "9cfde4d0c0f8493c538facf05b8daec89b44d69b8be38c0e837a8f13458764b8", + "message": "922320f7439e492f13c272a5738ff7122dd7a6b2832632e1f7a653fef3b8639bcb9e84f482f22a948ea17dde6958489593d2cb268bb52df8ed612f2317bd6847d1622cf0532cb499adc432233b93b6f7b1866b38975ac87859ac49f91e8d235846775f9e6e6d052339c741ef6178016edb3d0b1e3f3536667b3ea2d489f88d254b8582421a31461374f465d7ad62e896be0857134707a70477fabc09fe0a5cc3b3f32911f5ff3806b878205525af69007f50535df05c33af3b0d00e297ac7eaa012e1d863dd5dd5fa47fb09467dbad8bc42edbab42a9625bfdb9fe578343297506a3b71cdc8d5919955af4605fcb0c7164d96a187aff65d0f6210fef2d11ba08d90c4458542be72e084577be9e451b8b6f4909884bcc5d25316adccd0925664d4d91c2e56433c1b68c632b0ca56d856df1edd5e113d1f026b30dac4fd648a504f8f6809c701c97bcac2b99286cef5c1c923200b1bf6141ee1cfc51c5e14554bc02d7e058970254d2c02948360abc4dfb439e66946a8ad615147bd8a6cb0886211e8b15dff3c72b6f8908ce56bbc1b40e838103202e9f188d98e07555db61778f895f76fbd838b6d14209d28eb393668924ac0e61072cbd9f93b864904ff4302dcea131b2ca16bb04959acee096b1963ce07f59ab505fcc8d89fe08fc58751965f2f5ca753d76d58705652d3b1505e0f720ede3142de9776ffe4aa0c8a25e76c7a04843377c59f1002844e89189e22f621467b813a98bf07540a1649264f14a6844d65692617f7a4d93fa9a23829e256626", + "sha3_256_hash_of_signature": "5c732d79e32962ac4a17267c2bce2c434824402e6aaca5d72492a36d9ce0655b" + }, + { + "key_generation_seed": "7611b5b7d4195d5f8b97244b6811748efea929ea272e66435a36d0bd16e3bf21", + "sha3_256_hash_of_public_key": "234b9f33a3b384b8067a0fba42ce5d3247042e84fc3969bdf5bb52837035b6d0", + "sha3_256_hash_of_secret_key": "26bc750f40db319960bcc8049ff3fa332cc41b11d8aec41827bc759a3499067f", + "message": "576289d10ab03d5699eac322d349f55c547101e4424bfa43bbba3747b79f075ae1153a7a0ac8bb51d24fc46b7604e42efe4343fa34aa4eb16d918f25e8a4d67c860cca3f7480e1221ed3ae13a138f079fc252c6d7bebc55cb81b86e74f339614bebcf7e8f4440df8678b01a4a41b3afb1d112fe1c4c8d8c6bfe9d3ee2a335d477c60fbf43b2e5fffe1546f5172ef51cffb2a772e1575eac79b24d49fd77f0be351233e57ee6dcc7e2e29994873abd434d34ace83400c026e27e27888ea0bdd1bde5a3e55aa8b5f2feb57b8b0a96cd831906297c8169d04f15843a3249c50523cf56a4e19492ea16927dba8759b88a99e0d20820e51fc9b6a6863115cf05c5bc3f4c869eb5a87124df5db102d737f3899cfaa5fea4dd62dc4fedb1aaff67906adaf8968020efa5b10190f70e5f2c0f0457e4341bd449201d3a80aeb791254ec1c46ddcebc3896c6df702509ba62cd446d275806438eb4c03132b2e6bd01bd2f832d1d3c053c48c5a9db1c4a22b130c4c9e96a2bf4c2a8f7de0217a52d9aa5aeee5e6a49708237eab60b4019a51390c3ef10572a73d436875bb8d7d78543f96376e4bf3bcaabb92f89215e8d1093f3b287945708b5514bd7e62654d3bdf34b29009c64829a0cbf33c54d7ab0e81b81bdda93028b341ab1dff3d752dc4a1e5f9636a5c46e137ea35919d99e6571c5370c6e804bd2e2abf566f035d65cf8f97e3e8f2ecafa153bc6d8ec2831667a37fc96d1c2da40ba84d0fb041def32aadaef3f98cafa957f6552f79d28a36b8ba20a9452671de1be8af5d66714232507edb9ff657f3d7e5fa7320fc0359a5f99280d446283bc", + "sha3_256_hash_of_signature": "50381bf4fb39d34457dc8d7bd74aa7fabf1d7ecb4e344cdb0085d751f48fc2b6" + }, + { + "key_generation_seed": "5a1e3e05c72cef1a73ef98840da035e4fd2552912db8dae28a79011de4bbc1a4", + "sha3_256_hash_of_public_key": "dda68f4a7ac73f2fcaea87d3a02ef5bf75815a9490d76ee0cfc9d385490dd1c1", + "sha3_256_hash_of_secret_key": "e2d0be76c9f86191492badaa26d29a39515e043b2e46e6563c7f92ee006bc408", + "message": "021e9c06a2e4ef63d1a61958620c40016783879080d44311e04f2a446bcaee5a486d17ff0f356ba70ff1c2b55bf957a59202903ae349878cb822e04275e0afaabc0803bb6cde3741e0bf9fce0c5d5c814977474533dc63f9ed4f32ac3477a3ec9893ef55186728c85b03f4c2e61ca7733e1706766aeb8fea80e233e8761b57fd5a3cef700196674b34a3a55f68b3368b688fb1ddc976ff48ba6a98e2d66023f291a3c617a56ccbdb8732b8c34369ed11f4ccea8fc8f673ad9fa0fd8990bef70af44c617fdfa096695d0c94ea8e17554f4461dc776db2f416448b17680fe4d29b09e57603d8ebf55771af84d8d4b9097302901c25cb6d73932e67c323d12c8acb0e74cb89755f7eb3999d4eab5e1b775e6b5c29d9733697030a26f3b93b3f286db0f2dbda71e1f103878063e77919d8892eb6a34f821b603ed4a898a9f30d00feef20985fef1a7b7af70dd29c269e88687f005d551ef05eb0603fd38745aed4f5bf4c2fc09f0604c98ae3a89e46bbfe907b87a1672de547d651f035f392a8d4db5e7260f43953028e312b95b9f25fff2c0c579218390411d13d9a25f22de4c7aa05fd11781db08977160d48e02372c7d826f5cac37d1a9b4230be99a2d13cc2e9b2b17f0a1044eb9e0a2fba376d35cdd2bc05f57dce4bbc3bf07a09bcde369929e6250efdc61689466b040aea376b09453a2c16813bbb685b54a225c49008ba6811e8bb5b3627f8c281244fdf5533216d126ed0e64fdabec533424bff77fe722cc438ca7587c19d965f0bf085d8692c27c5c84a9dee53256d978948d89abdf9842e0b765be6a507d8630cbc5ca7fa0fbca1cecc78d2e536aa7b2b902c4379777ac0920d69c57cc4e6032252bde99e1a555e80d4", + "sha3_256_hash_of_signature": "e8894d9b5ae520eaf1649ed273a4b8a983992775620ae4cf479efa366a012398" + }, + { + "key_generation_seed": "8f3920a235eec3659cfcfe62931474204eae264959702f901d461b66d9bb563d", + "sha3_256_hash_of_public_key": "b5501401024402517ea446797a5012b4f2764c2da0192e38eb4b10d6c557f5a3", + "sha3_256_hash_of_secret_key": "362e246d5f1650030778c958c049eb0d19791286679abfabfc4001f5d3daf9cd", + "message": "7bedafebabbbfb863ce496475f54e69a905afa45899c3d7c16cfc73e31597d2404ae7014612e4cbfa238efaf5b396b0b7435ada5de817e013188c280423c68924e1fa2a33ca56e6b85b7cca7f00d3a6151f0629c1b92a13573320e0025863bba7f3eeb987ee1b1a6230b10765dfc1feea498ae4b83521188e7503b506259103cefb370e3651b06dd4f08013ff3ab9e2430626b0bd584232948462d85c0f82da07b96fc65f62a43cd2f132d1a1d691c085980dad8796cce2fa0b268395eac3da2cc400f30f75be87316216980ce213b48651ddb9e294f8cdb2ca05d3f2a507e4a03e2849aa8062918afb5bce9e4c3abf2ffd4751dddcf08ab09e36a29b830f3bac6feebea084575472e6f4b239af89965a72954769a83e391de467934237b07d8884a6b14cad034fbf9bd7531d50d742e234e227e1a2daf77a2ffacc579525134b15186d81ae6e5538871024bd2897475d6ee5b11bc51edbb928d98475073785a75b331bf3d2297165ae6cf95c3a05f06df747498462054f58a5ac736f96014b1a8cdb319d030d06dad9cab2b913f35fc392e1fc4b027cdbe775d64b04f1076a7c8f44c360745f98e87b84c18ab76f84f373f635af4c8a87df08dd4507899bad892ff8cc1ee534d3277b5b82095628b84a7d5582149cf46c50aa963b56b4b91966b106b4b2eaa45d83a10993e8f933370ab29c6606b7ccfc41b21c6b99f2b9ac643e24300b350fa199ec10e64e4af19181f78e8c43b2fa796241dc42cc8992bdfcdc39e7bc41be68cdce4fbc47c996db42e8249eedc146c216b514430c705fc939b9eef677ad87f9cee3398551fa0daf774302324a410f4a4f4fc035cfbe960b38c390441e92d9e5624a8745976bc88fa538e398712361b77ad4ca5ff038d9f6ce157eb8a6137420d4e57018275dceebc4e480a5d", + "sha3_256_hash_of_signature": "6b388601ef4fec8473b177d4ab646d9d493520b5ff14c8611dd56dcf8f11937d" + }, + { + "key_generation_seed": "0b2b3eb50681403a0b9a99b25041a489c6d45d2a49de0ec83e1fd10922abe2d5", + "sha3_256_hash_of_public_key": "2b54c519c637341ad51d55a1df2e98c536ef9202188550a58178eb72ca359bb0", + "sha3_256_hash_of_secret_key": "121c680ff62c6902dbfe3e3ed5baa46fd01004902c92c7e74a9010074c8406a1", + "message": "a86ee95388df139f9c5a84108d1e63f7a7842909b818e9a0425c257649abf125386fb5286031e7e6d0eeb85c452e254da39bbda51f0d2167ec0a51992753ddfa76874aa80804e705cf8bbadf3b82b6d7fba3d1cad130abcc0b44d6d893356f3e94bf8e82ac532ef8c5e5f4200207bcf6b754f14e57a889ffb753f516ef8de2a647fad8e449264f0bbb4cf48bd01501736da49509c3426a3d4108b98e6a4aa6c4430e8ee76540051fbd1dfbfc01750e26547f8718ef7d897a0342bb000fb99aa63b781c9a4b831da798c014e58725e03d2f8b1a029c3337f4099239244aa320965b2cb5075052d901b6077a18c1ecfa5f272850a475b5f6bbc83f3c09a27072f80743b23ec6a9870913ee2805b4d296b2f81a9d733e5c8d5c0b477e51f9328af3af8abed960408afecd27fbdd08fef50f4b07959646e0a02104a69674294a79de0b25b65f4dbfa797e5fa56d66e8bc07d5e2e7c7d2e845699acea3bfac60b2c0b988cbab949a5b598d8e2f1aec66196e115ad7f237a1c7fcfb95a1bbd6939a250e7bb0f4a02c23cb1bd81090cb770e3a70cb081d121bd0bd5ed1dc06d61282b98bf2dd7b13d2c6cf833891c67951d7d0f429ebde3f1da943adb8ad285e6f13f798d6cd9a0a06bcd6125ebaa48f8f3bd5100a122f617817e3c42ebc3c3b154258fa26b9fd886ebfad42dedc6a2c4f9986bad88a2a79d7ee603554e9cfc5fe33a3a171cf7ba94fd43228019b2f6ff96a8abbc58d2098ad95a95442f6858eb69e131d7bcadad81b9bb69d7682a978279b631e22927decffbefbe8fb2e51d46a3fca66225d30451cef9953ef94f30b99f2b26ea75b84935ea4fb257dbe5734454b8087b3a4e115c6d31e72709303e9f0bb8c86fc6b11b93b53f9781bb92851a5cb5dc00d0b4e15683dbe4edbe986966fe1f711f24de9a0e1beaea8e835c70cddc589773d31191b74af780eb69867829abed6d3ffa94d577", + "sha3_256_hash_of_signature": "ced0b3575cbdb7fc41f39886f298bcab2158ddee5f5c37e150e9a811cf766859" + }, + { + "key_generation_seed": "8217d32cd15658d39cdca92c41b59f5780869a68838a3579dea48b5e3ea768aa", + "sha3_256_hash_of_public_key": "e57adbe67e479fbce2c4f257c83131fb33e2015e99f6a7f66de16d8c4ae6b90a", + "sha3_256_hash_of_secret_key": "bc34f4ca688b688d81759feb719b44ece9fbefa5d88edb3e0736e513d7aacc4b", + "message": "f5abe373ce1f6fb14f2014f5bc0071b17ab2c84e8845fcbf4b15c79fbf2e5e06cffe6cad9a283014a975f81c9216b261cbc79edcd58d0e20c586d7c641e0ee97221befe54dbcc56a594df103ec24b52ddbb6052d1644972640f39deb98997fee7a252a65070798b7e46707fa440375b1ba705b3ecc7eac56d9c45297e585299c7d747b430f0d01e82081c70b4a87846f90267d5163181ded63e089a00afd33b0e2b3ace91182d8cc899223ce65a5d84b86bb3e8b34b13949bc800f2145468ba5411eacd6a6c331c340d4442d28efa0da959a2797c7181bd4bbe6e6dffd134cef373ecb0ec08590f06be0ce292d3718e2c0efc7cb40f1db26f5f38fdc82a72f81afbbc16591ee02dc818d63cae69ff0a28f942f7e07f6b0a741f3f0ebe3d0ea5859024aa408462d3d268c23f95d717c0a685a4ca73ad90ee923db57cd6cdd828b7ab0d4afa6a9ad7e32d407a44d7515c0a6af52a66ad72119ba1daec6514de3f8b462ec473072226aad61135b0f5ec646ba9a127c9894e51fdd1b2d38011a2a6d7497a55283133695d0af9b3ff7c5a8fd667231f9e511e3b8c4c3adc44d02de08c47b2382de67b32826754c6be5231ce0fc657341e20247cc6ce574f3d1a9376ac8237b49e5030e877a4e33cde25d838ead659eb1678706c759707fc66ce84cc968a8334c18f1632348824a6985a0331a93b59497b70c1a03a6848f18f5992972bc79f07f4222d2612797f495463836ae6cd3858d5b9bdf744a1cf361b5d454d41ac899a4fa61081b937cbabbf0ffec1b31c162224ea36ca2cd7fce54ec1a504932acc5bd0b17a156da7488f7017e4916a687fde7fcebb2901813b07964084ab0447a94dac3a0d3fda05b9f497cc1555a8c74838e29cb8ce89d304debe419d26ba7f3dc6e9526bd895495a5ff1d7ec83f70d045e306e7c2487a52cd7553f062d31888ef7fd27f667fcffa984afe0b9a4c4e85ca943812cdc157c5486b0b5ea6da05e4bb8697113190321a976d1806da129101e60a28b7", + "sha3_256_hash_of_signature": "878dbc41451ec51b1a90d5f80e0e1dddf9a928de554e96d3e7bab107c71b7f7d" + }, + { + "key_generation_seed": "cc625322c9d52898e7f60ae47bc2847e20f3722794de41e30fdb20ca1a093208", + "sha3_256_hash_of_public_key": "90d6e1b972ba09c8154d2d472ccb4048ce523b6fbbc8499cf1311115aea24f6f", + "sha3_256_hash_of_secret_key": "ea21c7e9f56c03783380ea6603fcdb2506ff0f99984027a15f7a79f0534d1cad", + "message": "4c4697a7d8195bc7d4b8f2fcf3a7e9419e8fc9ac6bafc5d658260511c697286bfe44e2ce98c21c98be42e5af0fceef8aa54c5770af287a81c7481fe3391a6111ae6243d545b2a651599b45931d7640579f8659a8bd6f77260f235f71476ed64714fddb70c549cbe089322130f7b0a21f530508970d55cba55baeacbedf684c7979078102ecffc2c3f182f710280cabc2decd3d3b5d3ce908cb2307b00fcc0c5412a12aecd041b5f70cc0149390312b9c81592bb0e2ece83d4495944e29aa798de67fd69e2bd0695dc573f78d8bb48e6b8679e1c50d1e6e58e218b77ee51597eb43ecf7301d86f457353d60e98cedc95b4a76844e889bf7e9d03503757569e40d55ab43d63293eddbb579fe981ffd4dab056f85006ffb5e759b9c16f5f6b235d7dd78458a73ef37118edf599aa504e9db9ab5dbc90b8e478f3dc1f35a7c4604a383bbbb410cfb2c5f746f83ef94bdb2f244d421818c26827d5b7d665b8a802181eb7a9ce95b6633e24d914feca7e969f64038acc3009b15168426edb67af2ccf4e859f5c616891d355f7910acfa599c396bbb2d2782cbf1432e6259faa77730b6b86fe0d67730152cd2ae0f9b0314048ccd25772c01fc9773ebf06618a8ce1e940f48663427775990cdc41c4dd3e9ac6eda1ea50e04f1d329e64c8532a7ae32238c131753d60a25810a5ffbeaa9007a6984ef69eed92b777e079ce0ff48c2aee9c18d1db9f49b5419ec6c0e2212ddd2e2fdeaf0fe9f2b84d9c50dde86a70fc28bbf8918a973cc67a36e97ce3027d73891e7aeb24baf4b12a9dc8aab5d6afa380bfac3703d2d32f1e40fbb532fd6d7d710dc0741dfc7eabfe55ba5c311a00e3be55c2ee74155e3a06685071a962d7532ac76d59fc187eff01f8d339f74323732168fa5d14f4b2a72c9164a04a6ef14bf5deb1833e4baa19a55ae590f542d4448e0eaff0e0afd2fb30fd671631b9325f4a0bac9a43dcd2840185a2f601117a625b0dad5503578537be2a535d2f556f371536bcf68c0e01c96301f08e1567dbf9d8504096a8fd89c086db695da191099fd1e8ea94035276d1d", + "sha3_256_hash_of_signature": "b39f3980cf1864fd2b9a1697f67a22c9c8c76305902ddc7872a67d13b5407b4b" + }, + { + "key_generation_seed": "950226d6ab0b774c5f439afcfd0113b5dbf5905960c445f5e6e03e5d5c687a9a", + "sha3_256_hash_of_public_key": "315300fdcf297327f095b8dd401e48cd13aa28440bc12c8d289c441804b22cf8", + "sha3_256_hash_of_secret_key": "36106f5472a723285fa8398f5e6d8c2224190b57dd178042451b5f585c8f5dab", + "message": "72713ea55f1e5ccd5787f172657c6f6c74081de2d70816e8531497965df02dac04d91c4d09dcf8904cb152e2138f829386f4351015da253a5b5eb92d96e537dae3ce809443ea90332d9c754eb11f4de586a83b5dee7b1b9bd547ee7107530249b14279baa04683d74b69d7bfc8bbcd447fe7706593c01188fe6ad8d0e2572d49f83e93986b380d4169bdd94e3311941dd2b041dfabc5aea1297c65bb5c8352c99ff838d46b93b3e5f79e3cc5be5408fe5e59a10d488dd65a997b086fdd96cefb0247b2baf7b490317e34330a879d04e374c92ada33ee243d84da015fddec243b00bd7488aefe373e8ab1890273a7a2285988e9daf9c4e7c5a17f54ad6195ede2c79657e1bcced0641e20f7ee26eaf53dd8c82827f2d2783d44fb030c95791f41653e628062267a5cf534df00116c1ed1de9f360b97555c65cdd80724104fb1bd4da5785b5d9c24438557e48aee58d57a03e06d553b05b67e1c8d10085c2f153647f174f7922fb8d2210454f7014bddbc627756eb7cdef99b6e3a2779f82088e3f2da14c2dcb5b185aeb5d6acbfad43e286aae8f84a58e8df6abc64e4a8efd69fea18dbfa6808f25fd418de8ba923500b74e34dda3ca6ad8dc208102dc4a876d8b8cd2926aea4b3ae11a546f6235abea152dbdf43e0bcdfcdc83299207f294a707c8b4d1f56aa64a205c718aca69b862afe7489f11b324e7af6be68380d2ca6e0af0e2e20f890f2cf98907a9d43135c03e85e86c9ee417140efee9054b46c110a84f1841ae3cfafe5b4a95d6b2b606d8d0a70baea85c9412bc2d54146e9f866800e8e8615a0d64d1d595677e8c88699e3ca6097d47e9fe64050fb55033fad4d5f226da8eb5ddf99369acc7552927ed3ac7368b9efea2443926df26d1c172858fd8a5d4e1d7d39e7f7df047385d39131184087cdc45b299bd1f7048e918223da3f960608e853ee49ea667465dbbd889cbda20ffbb540c9ebba5c2cd16a22a57b561e01331d6ea6bdadbd6a5d2bd1441ef4e1d9dd11cc62a0fa5bbffcbed0d27b6acaf0889eaa5863dd9bb35920707b71a0805630d1769fea320516e71cb2b125ac274f16f7a6876f4b922c7c006f38ae1f7183ca768715d2af", + "sha3_256_hash_of_signature": "3de6bfbcc4915942e0c72b013bb7215737875182482562b5cb239b1b098e5298" + }, + { + "key_generation_seed": "a6b534767a6d839fd19075ae0ba10147c46862bf7bbcbe83f2b72f72f1368a1f", + "sha3_256_hash_of_public_key": "4cd622a01d31cf8e4413051b1506f02ea79bb3d5956e550483761236c4fbd83a", + "sha3_256_hash_of_secret_key": "a127e0fd8506def0346737a7ba66f5e1f7708d6268e1abbe6afecd8827d2c78f", + "message": "209658cd1d801079ffe8e950bafd70a028cfcc35b9fb00d232c5603a1d51ba13e5de59e0277962c4474e9f3f60fcd99c9b79665b3839d5c037b921a4de8e144fa1d38182fbdeecda6934e814d9186591f01c5e23349b34f4439b4d402c4072cb4d702966ab473d2c39443f41fbdd0c48e566d33e076422ee72fb47b2ffd661f367e9efddc988bca02382ef93590d4fe3ece8b1d9d8b3a653219c7d131b43e2fde2851541f467c31129e6f9b9d124221cd52610b9f138eac1d01f193148fa0415b29f5c86d15067eb1e26c9d51f05655e8545f734f8f244854ad76c6b04c230898bea33efdceef100d79f8e3b894ba583466749b82007067806e3a7b3ba954f6fc5abff0e099a24d14d865f6f4538736124acc5ead4169ddf2144ad558da3c74cdabec147d2afa113edfd1e2280766b18792310fb6b4fe5d0d9f65906b1cc43655bb3d6178ef9093ac9c8f1a91bf49008179394eee79e1d8e3228f567770c1ba1e30ba4bce2465ab68f53ce21c0d8ab2f6e535828f211d4db957dc3af8b7e00dabd8f1f74c959b2aff45121c5b5abd3136c6f55d5f5ffdbcebc3cd7a430ff3813d23bcdc1254fe6949da4e7694028b7fcb876099e91b92c65d85c39d4be9325afe81703e5b18cbd7bd9eb59a9bb9408abd966ade9a60303807ad1b2c14c04cdf8fae6950a55b21c9ebb5e94713bf8c2890215c5da94b59cb31edc671093b15ff5014db4cd3ea8060260dc1612e9fd6e5ab40f0656121f689c8e94212269a7b24305c83bf0583418755ce690913cb081f2893fb42bc4750f2c053c48c1552430793cdde1a49ac9e21913210d727c4beb5640ab9b7505ea4e59af417a085394181784bf1bb0bc32bd71cc57ce77541581f14b8ba4b758500694796262b561a38c72893c77b548d779a3833eeb064cddba5471cbffbc769e139946155bf376a56415ab743de568cd21895ed6951b5bfe1b1629dd6510dcd4483f206954964e0517546dd96900a2540a51835818d1730b0c9123e7fd8b28e6843bffb659945a273cea944ff6e83c234b3e43db4630614e0b67778ea760ee341fe68c525e90475a1560821ae6b2a85015292c36eaa2e041ac04fb55922c48204525187c7e0476a9fed04efbba96f369d8ae709506620127fd399613a9796c4ff96d7e", + "sha3_256_hash_of_signature": "4e3aaa8e0d672eee4decbf3a14c0f541da2ccb940c0917a49a59ebd5f3185c2f" + }, + { + "key_generation_seed": "103164ed522df0db131c15e139c0f83d9b1b7a1b6ecf7f89a5248cad7e68de8c", + "sha3_256_hash_of_public_key": "db2a45b4544fcfcbf459521cc80b0c2a4f824ef644e2cef028549af4f64879b2", + "sha3_256_hash_of_secret_key": "52ed29628990822626f78189a7840417d21e1c09376565679af7c9c73da8408f", + "message": "8f37a065dd696ad437ec82909261b842ec0a3e66f8ac574105a3c82ec8b4926f2466fa550f8ea1b6a9a142c00afa44be6512a85350930dffc99b95aa21012057051b68c48581ae439b9290a163aa4b6afcf80ffb91a3321c7b9abad56d5dc1be4e67e5576c9f3a7db96071859b94eb22a73dd96c66ae67ab11d1ab62a86d826c682dfb8cca3259dcb5b34be635421cd4206e7d92147f14c36424eaa407b441f58e5c187e58a26b2ae144888a3cc1387ac7d0a681eeddc3b7781ab282e8185ccf33fb27500cfd119e0415db1e45237520a868c8457c88a1d3ee97ec9451da35d7e74924f8902949e7eb14ba87c8ac672d7e4f3bec1b2814dfa67a8dd2e2d4ff4661d64bc4c6d6a78d4e489689b6063cdff5a3f1554501b424284a9f4b8fe777fe4e6afb83a85e36200a9ab40b9c18678454b2a3f50a4862ba1e36f0c57ad004ff90192b5619614e37dbb38a1b8a65ac613f7796c70772128377065b84f122540106d1b4f9123c4e009b4c0a85d59b35f72debddd154abec7f3fb25fd1fa04367386098de610b26fa3ecb031a6072d14607e92ffbe195abff71e586a984131af24e18ae94dbab0544fd2ad217960f337111bfbd4046809ea03c7c47b7177757a4a43e1fd0134859ba735a8fc17597e593bb58322136602954d3a21096b0d1dee5cf0ad17a5fcf561ffa21caa70d33998840e4cfa18ba481704a8b82d2cc1c110fc9a6704751365ae9f338afe4cf9c811697dddfa8635a2f3cd02dd1845251014bf2f2d6c02a907bd783207c4773a937048a07c500d7c424b5f65a2c376523740df9a0b60437cb8ae17d64dd51dd4e433af83b20c4b6b890b97976df09e3a86ac19006c229d59fc7a2923245b7b1f0acf7c42e486d41ca1ac1d7051aeef6003ce94182f97d099c74317f61eb47ae18c2bed6a3cb253c21ec835e435123e0a657ed926f880ce8e5de3155272328a467278f52ac50a1121ae818a3ea3a2e1f7401ce23aaf66a4ac289748a7e98a5124c586d8957bb4edd3f091492bb1a64d75efcd45ad51ca420f15da848b20dc6bb765e7b71359b3a9e95e121266ae4a40dc2e9a3d81ea1b1a643594b3d4e6abb7d1202201de92bdf0cc1ed977e2d5851822a01f48a6f23180822888ce345ac9be0cc69bc448d41ca20b79c35b1dad73e6c683e70c4439b404cbf07fcc39b0e5a1d33f3717a6bad28a6da4f091bc7a", + "sha3_256_hash_of_signature": "345cc243da48bb7dc16fcdae962328c1abf4fbc23391fadacbdcdc40019e6b2a" + }, + { + "key_generation_seed": "bc962d978f38881085c1b813bc90eee44ad9e7651681c20ba46402f557c454de", + "sha3_256_hash_of_public_key": "e88818a53c842cf67a9f0c5aadd799ff9795ecd65e6a2c01123988ccacb7069f", + "sha3_256_hash_of_secret_key": "7adc29f2d77cde417aa81e24095f521f7665d0814e53a315785924890b202f58", + "message": "30d61c6fbd64113fced8c5205026ebac0d9f3522182617cb00b6e70c8da62ecc1bbc8e1fdaf17cc61dd01ce85a9072cc1d9d34fdadba5b93e0aab4c9c4c9e26d3f7f145fcb23673b6e0b373c0fd1a58f52486b72624ef91a539519ee5305772a006e49521744912bcf3cdbad424f00428aa96ccc21d000efb09da5ce652e361a6fb649a060835e3b9dc9cbec660c7531620115ec905dca6ee2a1ce36554c0fc1d6dd6863b8f3843508ed5c214b6923e7f5c0304e9b0d5e5e433bd029116a33a60cb980737ac950577d0594bfe0ad2225cb8d3fa42f192b0ec05a49391632a32fa931c0fbd83a7b6ea24301ad0906e7911f9d900d19ae1247ababb1c0e9b9bd165185d9d7413ea068fe8824cce5b3ad51fe8e2bb2c4022c61b002c1df4852e4910f38613787ca12371038b6364d920e07b4b417401253451ddc25624b5d038b2dfe29b8494ec960f87803caa256a95c9868af819747e4bf26faaba6ddbaed93a7815c795ad5eb7fb4592df678ac1375388cc7ed3a6230cbe80abbb113c80b70c789cf0c66b943e67ce814f12d3d83f3b90a4320feb7fb81dc93b05d7fe2d36584399214d3d7c71aef322a5d04b5470703b3660bf86b0b17ba9ff23e45f7befec3758786d2111c81ba4d81b83feea35a0668e5eb3694963bb4db3acce4fcba6f3f6fed9627580dd2d2dc103ef7e52bb9745bd42a7fbdb459b5c8aaeba67686eb899e3177faf0897c61b008ace3304c41b4c79e2ef9c865e9958d8716bddb69154fb33187d927b5296c1589fb1ae3d553f116ff6cae56910ce6717c446b9947ab2a981a8f5999c1c6e517eb3fe584f5d10059910e22f40fbddb709c9f686f51abf7d7206a8bab4a346b51523c362d749238d7ef6671a89cd86a8540604f134d760267e91eb92fc0fc275cab69c776ef81dbad35027e5307f1d34ebf5d6e4df424d709666a1e649c044c4930098b2e6e3782a93976b55073c504563c7e052b6816c07f0fd54a759d2bc189fac3ff54549fc4de192efb58a9e301863a77380967735910f63d35ef5fdbd8751de4bc6bf2e3095628dc7f67c1f5571d17aa342593b2c7f953c3f0f22da1862122031bbeaf0d00a029c043304e3e2609c4fed8a7404fa10e2ec846a70eb0e37c5be61e698cf2296ec1fbe6fed75f6fe3113c23b29afb5a6d7e3a9e46e2d89d8c06450cea11492c1a97f7d6be8ff6c014930043022b264fd32593952bc606f779598631e48eed86ec2a013d8eb866f311a400", + "sha3_256_hash_of_signature": "2222fa9923c394d868969d2408de34581f80a30187484b8022c02d6662c4503f" + }, + { + "key_generation_seed": "c3de54854a4060ea09ed92a363f71c7863eba64195e9ac79e7ad7eb6a183cfac", + "sha3_256_hash_of_public_key": "d1196e04f29764913317fe5d66ce2e806bcf964e707e24fff0ec223fb73e1621", + "sha3_256_hash_of_secret_key": "7c53b5214484a940c07cdde90f634e1f5e2811adc4b292815474591c23a40055", + "message": "c83441b16b39bd7993766e7260d07751af2f19a41e70689b0eeed0c118d9ef109866aaef31b2d2962a25a3d1ca999214cdf0eb54598382eead64435b7122d275ea8879bd47b41eb64ea908867fd78ecfbe8e992a2636aa7477de5058179565d3a2ceb8ace5c0302018043c411d89975a64927b48cb622a13f1ed85cc1113897a68488161afa1e636ec786a0aa37b928ba88a50164a9ec372523aa9ec8885aa9c95b29f7ca1bbf0652bac195ba94e976d336b69a9f5346b4c7c81457f802dc9757c7a2435a617317340f764c1a2ae131a716318f00af0efa89d3b57d8f31e155598b3944d950d6a1d6485b509358efb3745b95edc30dcff02574f54dfb2d31b259d132d18897df868115679f06d41102cd4eed4ea290f711148b99b647b8555a4c0dca1d2d0871c59ab1382a2d6417e6236d71e2bfa1a75cda54f93e6c087d611878ac7670a04fd7d8cb0993f456e3bc1c3b5898076e22d2d9e0eebc7d7bb8d142bd2b5f6fa42b40bf676fb69c532d7520a4a105ef0c1337f53d6e9b4ba17f1e76af4cfdf08f794752d2bf71e8777e2a209f8891b1a53d7bf2a5786b00b9a0cd0fce79408f26befa2535be188a68201b1514074cd70660971f86e8d3e92790ae7ac591aa7a996149bcdf060c615209ffab82e6000f41b2a5606fdaf4cd08cab0c2f1103b2436b1fd7dec477c6233fbca3b07a0ca01bf3476bfe5334e32aaa2ed35d5747d673e7bb622e1aa7901c77f28a3ab2197c8b8253a1d28c969eee73d17ad71c7919e7f217ba2badbd1ebf986cfe981024fc347028c1109cd4204c7d53535a9b677e39a43193e054d0fd68104d88934dc7ba6cb3e942aec744b935cdcfeef4221784f96798e650ffb0febf2715d75339d0cb6c2e57c1e9d10f13e6786b7f041ab307b8cfa51a2f10b622995230fba54b70d94ae278ec224d9d0950ba97beba7eeb0e2fbc4093e548d9ec09ca1a08e5f0483024d7c1927ff8dc270900d42d31b81b13a29839bd746cbb3591bc33817741a31dea308f549a74f3a4e5478844183b8d7363ac1f4d4a5e907d9ed98afd08fb8baa84c324563495387a4f12c239fb63f0810447131311b2d2ca302c7da2da57c94c3b5e844f537886fb766ec0e977254dbca8fc84ad77430428f0692e55d8e2cab294b857ab51a2ce4a725433df28d9caba86c770743ad987bba58c0565bd18590931e283292889294b607a5f19d9e905aa3940836e2a74a2e94ff3062e85a5c6c978b5eb2b254bbcde128280e6cf02c11a0c2066f349e3c6c083965d5b8a9c000e15ff36c5bf3a6d42", + "sha3_256_hash_of_signature": "99a869b1a8adcbe450f35cdf8875e54f7ff08d38456652bfb7f34ff3998f886f" + }, + { + "key_generation_seed": "828b9804524bdd17d0eb387368b01b0e95b4960057ed63fc2289d858201e207e", + "sha3_256_hash_of_public_key": "d8376fac9b6c5aa35ca2b017d42390abb62b3fb98ce533d37d075d4b0baa5031", + "sha3_256_hash_of_secret_key": "3ad7cc7fc2d09c97ded59d939f394270aeaf5397c2f61891755b7ffcf9ee6176", + "message": "86d27c1fcdb8164f8909073f590d0a280e5ef193b0c42863ba518bc8a51e625658dbe2184c3353faeb674c991eed3f1b0fe3bbe50a21ec70e9f57b97c38d6e436d3dd577d7056b07a401ff0ebbbefaf8212b993a39281190e309ed0c50b269e4852dea85432a5941269fdf63766b21d25d8816de5e87ffa051009d232d6b258c5f43f45f2d48be09b2ccd8fc963fad81fb368502057afa7c865d62d932f652802a299295b29411439dcf832e8367a749b4d7adf7e8abde3ebfb844a9b1d32f77b2bf96b5d29fc15dae83ea80a990aef6590776ce1cb81587ada80b9a7b45aca3bbc54dbe67df090104fa196701280b97607a333a9b56a728710cc1cbb7569b79ff034572495181a92d2380a7ee5e9cd1b0f758c2bfbcc4e11464f1cc7d91f117319c30ccbf4c11e60b5dec724225b8d77b71aa58f5fbd498a3f49115687d58393be648805ba1737bb921a08d738243920c3834f8782a8256b7dd22ccd5f4ece86b8a0860bff21c5c8f0be987f2d510ed4df9cf94bf698680b7cfa22a575a3d1b5b431734b59a4b31913019c1f42dcb76a9ff32bfbc6e16d2fade26e3c17bae49cc415e4b370d1fb43ff652be62d18b0affdf286765f4f30fc8d6f2c4a58cd17b3bdfa013bb2daa075be5f522ef9bfc2e1506cc1c4d381b3342edc19c955a5fe48a712af5ace66a028d03fc859711c9d33231e48d41e58a2c2ad81da77529ad5e6b73e1ac96f0c8e53f153faea7903f917492a1d2b1203174a08551ff0f9f91e32bd0f31d606c80a505d5eb55265542db3653c2621e7eb3fd677f49534f261205f834eef1645af419ef6be5cfc16d54c7eeea12d2eb9458831f77fa558e4d5c7fe446ddaac3e1d502c941c95f572ad545ecc7cad21f0dd50845cbdedf589505fd34cd8c00d57243c3aa3615d84c39b0a72c28f40ac72da25ebc6987df5a7e390399463786e75d524ffb6c961bbc9301264bfe3c699101d18ada4a72d193971d54089e6fffa684cd3d77570ce0bb9179a156d3e2dcf266358499bfc158ac9a6913f622ca861c968ebba0a59a12674bfe39389a2125a02563b082259483e80c89a3763c0a9c3db485aebf22c844539edaa28a3fbc0053eec475679b741d9afc16b5fa109399fdd1fc3574df8a1292b8d7401aac1be452d38f97d531813369ee4c50f36736b95ae9c3e4f91ae85e2d664337daa40f75cced2f4a4d210bb4ee25a56dc217dd176db5aca43c002afd63ed8712d89e266674d9736fe4a9f202a81d177970411dccd289b25798272d2647ce6451906a4f7d46e87a46cf6cd048b6bdb62488a24f48d1ebd61ffa474321b929e0a7b6f9d0f6d777acc14815f343e1", + "sha3_256_hash_of_signature": "b8e5a04b2e3e5f3a3ee4e507231498112dd706b48fa6279ea2f6bc2b81eac834" + }, + { + "key_generation_seed": "4a84ca5c3954faafa11ae87fcbe701ebb5afbcc5f8ecae7786d10821e01ada5a", + "sha3_256_hash_of_public_key": "5d81417c966a5c5d09a29057e9c3ef633d40deae9c33330e5d7e05bb1bcd6f55", + "sha3_256_hash_of_secret_key": "a8c8a187896dadabc24c563db196ad900d35cf824080b7b551665024ff2aed4b", + "message": "56ed7708f98432fbc623424c2a3634780470a01784becff01bea5ba192d02c33675084263c4315420a009579ef80dd15eccbb812652421872a9577ef7d07896a727a64141bae7173426dd5a3925159bfa927ff1039e70f729847b48365b4d3551476206aa049ba5ae8f605847aa03965f058fcfd478961ebeed06530abe900042321059c297dacfe76cc12d52311b2ff8ee1231c77049e232d9fdb751fb27eb7eb6a373b4b1c06bd0ff46b1b208072c873e6f938e689839079e48c6d18f678769f5f28a903467f2ff2a8b02cb19df675a8fc7560a7d38a918ab8be083ec4e0ea148517ab90f38394833304f245bffc47f9eca771fb80b9c71ccd05fc3b0d66eb06d24b914b63d9f16ad2f2bc454b591d01ecfc527277ae71e3dc683161a53f129743f3428fb82a89dbd5d42f3eed237cd2f8d76de2e56a2143ac6b2ba811f745cc72132028eecd4412b76fdd87a2e396adce72dc69b8fe053042e798b220974587af96ba419da6888b13ffe217c9d01434347f4162fd554b760883e8eb1aee46c4c26b990c6ba10d2d939f513bf0eecade8b5deb8de2bc8c8894aca51e65aa696e390c11689f1c2cfbb70bc5f72c1872d99babe8de8fe2dbb446a8129af0ab8d9613f0cbf3cfa6ea3cc409f4a97581d5012707756994b6c8d4fe7f64e0f0b85a85d0a5fe23224dfd7abeba8e3fb2e97ad87fa8dd477adf48f64faf486d0df11ae9c3bd3a04abc962c5b02cda02d48f0b52d84d4920c116c22455df291a96e6adff91e3cd35cb8b5b4e70e3da8b87cdc969643a32b1f97131c5e0bae7f6dfbfac32218eaa596d444574ee85ef7c9998dc1088e5813d50a4377d29506817e4234f68b32ad68e00adbf6462f8d4e215f15a19dfde452f0a65360f7c1f20e11c42eec55565ccb23ce248bd62e9dbe8a7d6639028a92b422ab444c5688b5d191a4ba8956f358d131e2ff6dfc607accc5d31af9678f1a226530078ff9a73d681deb697670ddc3e9096ab0fedab664473dcffedf9be62a5c7c54fa2eb5059e9a1d38413b1a4fe6d531b799453bc7185abaf78cabcf65f365b00827cec5f29c4737047e3b2932a78757e9626a958486d1740ecf1ec17a01aae6adec5104eb934f432207ce31d7096acb3a0fe2f5dd7890c021892fe7d3f34596cf20b6b12fd55911acb46d7386f99a9e9ee067a45c6a1fbb463e63d69cb582da6ebd6330f4f80a1fa72f2ed24ce9bbcd967118cfc7e21f6bfb68a905f532bcf8b8befa03295d362b41d25cdccfc9b41767858f651bc56ab2bb4a8675513c5d6f1c943a20a27dd29f941ad141debaad219e056510bc984063fa0f389090d434157438bb1759690c453a2f55f72c033797a4b0c534ea2ea084b3b6f8966ac56b106fcc11ef08902f2ed", + "sha3_256_hash_of_signature": "10e52393a48f40cdbfecd1f8ba010fff604c6495964372c1280a54b55aeb14f5" + }, + { + "key_generation_seed": "3e74ae2b1d49ee6f149076f0bae2d26a5cadfd5de7bef66dfcae6b588a1f4067", + "sha3_256_hash_of_public_key": "1b7aba713a08fc73b898bd66cb75cea9b257005be4098d1d3cb56136197d9972", + "sha3_256_hash_of_secret_key": "7a33753240c72423c1d0dd52fc93f551bcbb8be52cc58f037f2ead09b9d56182", + "message": "e42c006f144b0b4e188febc82d63d3d37096deec9d3dfc3b421635dddb73c76f6260ff1c53222a50d30b26e2de3d16e3aa64c78604e1191bbc0e2553117a441159b2a35fc8889499a2efbdd2f30b8b4c6cea38eb5b2575926e6f22ab96ddb4b0c5c6d78c3754a1b6deba49ffbcfa7477be9a0f74ec379d1c9aa59247c091611573af765ae698d78152187b291717a9f03fe767bcbb12f52311215579352e7ceaa8654b5403f18ce82e0a73bfd5fec1063b506f44eb1c9c5a03697d03dcb2ae15c5095f292b4bcb130b55c19ab728b3232ef77d1594611573cc6bdaa254f05934a329dc27cfa6cd8c02cb51c3c295c964c40502fe2b1a81a51c866f7c7380bfbe339b39c8f51f73722a05b5d1e9cb6313557b3656863803c9dc99bb1905d7f729b2db8da23d88200032f36ffd04da11ffdf6277acc69c5407289d00fdc3c56b32d54877f4a8dc70abd37ec532b8617d9f3c535b8e962fb389e976b4d1aa12de5c1c2ffacd50acfff65201104648e0c04cf7c1f880e8bda1d68404ba67c4bf64c9d2aceef81b35fabce58645e0f2f61eb4ccfefde7239be408710d349987d849d40b3ad294b9d815a91848f9ed53b69f78d9e955f6d1fd7e38ec291664d54c2bc359fba241ba6abcbf5fc2502d93760d9f6b1f7fb766040e98bdc23a6047134a35327fe128ae24b4c7d0cdcf1801947a1821ddd7424892df50e2dd5c1e2e6c5bfb4467524fb45c7d977604e7e0f1f98eb8c03eee1d9a5796c8a801f082678940f076bf44d3496730c9a640fefce385865899fc33b5dd34d036f2fd5d07fdc0a40fb725e84ce403b46de712b4b44ca8801a1ccf58233c5da06719769823b5945849ddabca56b0b4ef9327c8b5e5a445e6853e5b66b8d590759d6b2db722c22f8c741cf3c6325a76d93f4fde5872d5732fb19aaadeb7c18094727ed43b305b87ae2dbaad67f90feb86498cf65cc57ea635340f27ae5c5cd60ad3c763223af877e65a005c488aa4af9309e1aa02002b01df8865fd481ea254015796985969997a53b06df0355a6ab3c8219b652b09e1f86a6ca12d27c4bcb9e8d35e6889198c8fed71ad5642f5f9f7ce1df270d68aa05467ef9acd9a51347af1ee9ca7c4a5d78189042900c6d561f68d410a77e79726dc123b196c78829f02cae7d0623bfe9e7b0d8bf84033086295992b77acf027489d51bc7ff006a8d4ab8079d494413a565e7f687af40dd18b86aa4274edb8845df114c0146de3199cb55f773a87ffb126b3a4d00d38835cfd2d6652c07f572f39d0397fcd62acf6ed9f3e8951348ae7e52a669fa4e2bfcda548abb1989a1d74a27b73103770290e6ecac87029359354ee4c87a77bcb5ceb10162dd54499905ac8ed442c173cacde068bc546720d1284015acb90ca19147694b53899395dc663d6683908f3cba29ad37f15cd3903c4c7f4bd73", + "sha3_256_hash_of_signature": "99063ef8914112a436b306254170bed3f5d993342f431d2c0b702de5bc83ade7" + }, + { + "key_generation_seed": "39550bd2782d66fa95380f5f101d827377b11410f8bf3bccfbe0e504fc09ae38", + "sha3_256_hash_of_public_key": "9fbc59b61cac83f2b553580a7cb0d61cc49cc2ee1dea3fac7334c31f826129ec", + "sha3_256_hash_of_secret_key": "8dff358d6931d120b3d8b8b7f7a788c56987a69bd3f1af96c1e78f6238a44142", + "message": "9c311ff20f574cd9b7bce1df705ae7dce6e7a621c935a6e57a59eb31fc443ab1e014ad332fa784583260aa6153c464565c4568108d60cc126f6e8ec3bc9120e5659c86cda8a31a7131936de7b3db39a4692808dc3d2bee8a99880ff9d1d5eff1e825a0f043d908d62a99779e013845ac0c21abe8e4df0ee901e4c6beb8bb36b30228b7756d617a8f30c16351d8ff91786f7406f75d9fb648830f88ea4537f42ead62e8790e9cf11f72c31d718221049c9aa35376ad8fb065f4809f4383a23c2b29425836c2dbce4680450896eeadee6b83539adfdf59aa4fce709d601640eb9a22dc3b41108a8ee1fccde9945ebb1d3f676ec8395255e125e62a32149c73451f597e1c32ad979e5be914ffc7c548d6ae92ed08501831e9007770a0233e5778f22adf7f1aaadf9c9a7c82d2f42989bf21627d3ef8bd0377a5be5c9f5a585a246a73de4340e6b43b36db775b34033962646c16f26a2b7179c40a721fea54805b9ec42177b42160b1a67341235b5af9f30b2703bff8cdeee5bd7ce506b0707a69f84225b6e5a92e80edfa235803dbe2cec47cfef0d9fac95c3379816a39f4550bdbfb45609c76d0351ddf8d61724bd5e8be94673b3013eebe172cace247d79925b12b5dba2f6fb72e797b2da849b79dee3db76775f5f1dd4595678671c7b18bb3749fbb0c6a7135d639f16b3864b5a251114de7e9f8cb02b4cc69902ec8d7d544d98e24a05f8accb182e2eb44bde868b077b1fac4726e8b01cdd0d024405665f7adb60a23fdbacf421246354e824cb74dfb35e57902794e459493905400d0a0bad51d8eb94efad55c67cd0c7cefe7a1b055f06371aec7f490fa685c611d553d8430992ee7b1855a9cb305b5ce53154345d7def6110ddbdb5cb59559eb664c6439e057dc022f8686f2aa0ca81552428437b0ceb5fbb5df254036bd2bae7290d947c963046771a39d2656312236569e775e7d2a041b7eeccec99c1b9d2757c7370e474012ae707ae00ac37b73ed9c8e1a2774e54baceb42e8b31bea734463cc15576bd4f7a33430b1987d62e47473391938312f2481838f286c4dfaf701ecbc6eab1a9f074c1f8d8963457dfaac9a9a8eea70c50ce70d1ba1006760ad3887605ec38861dc1a777d21e46ea169537057cdfe256cc08699d73b1ac4fbc62f863353581cad358b9c573d77585df6544e5d55048d66a352828cd1adf5f42310ffac022a25824430f741371027b2dc14717dc87342a74f0038674187e478d8eceffc16474a4aa8bda0c8d41962ef2a4b64a036c888ccf4ea628e1cb9ee0f9a918fb1b22b9367feeee0218c83cc7e27c5cb2ac64dc7e111e3c85ca0e6bd4f685e5ddd428e028d192142ccee3f0c8337bdf43ce4b62704aa53c703ec334fb56ffdfb81d7d4419535d17e5fcc0e6f558ad82149c591fe0357da15660f61544b4041128218b6de2b75d3801510669a3977e2983bcaf957ee2942e504c29890a81542ea208e1cec", + "sha3_256_hash_of_signature": "accdd66c01d64f707117e64dba83c9d11c86fd324e8341b195e7e53a647288e1" + }, + { + "key_generation_seed": "b18f0fdf9dc4f514107f88cc43fb29190608ebc5a2cd00b49fe20631761038df", + "sha3_256_hash_of_public_key": "fb18b09fccf7c8839f10c668ffa65e62df14c139eb6f1e290b69e628894d6ecf", + "sha3_256_hash_of_secret_key": "722fe14a22f9e8ab0265fdc8a6f3ced63482866d508ae18519af098ccf00ba30", + "message": "7ff38725f35312d75e58845fbc33e112dd95d5c1cf78119cb413ac839377c7051bf5f17add1484f5ee12f42b0587ab41df487ba5e4d8836777b614a9931a5fefdc4ac451662b342d675c940061c4ff01f747b69cff585fc5317636e2a830140c0007f73c76fcab96195c86db98e5e65c733825db0325407e5bb059490f2e9133f9b4aa328976256eaaed2fbc59d00288d4830d99731a3aef36e5bf5239f2899c500f942b80b00c3b33307450ff0c105bedb7df84231c5d24c3c3475ae2f46336582de93aadbfd385c824f21362c19b1c6a75f56b69297fb3084b6164204e2348cb1d7cd3ab494bfa7ec8fe346251c874085f803bd7f4dde1995f0d3d17033c461d06b49ecceee0d5312c3a435af5bec9808acc524599668aacd95ecea7ef07c4ca3fab1cf964fdba987c345046e6507ac3d372bf07d72cab816ba627c2bd452ab8dc3044a7f0a01d8c0ea47904a5dd66c6b7ef9130d628a4f2cea5a0d05aeab7daf2729c1041fbdb3c2d17bd66ae293c03e77a0837419471c29691edfb20cf69bc6260975089aa437628f140a44fa2e2967357ac1bf1345e4208c33cffede6cd634b371e7745143ff848f77e5130d1e0f51868585509f9cd3b906ee0a5072ca2e908d6765c74d9b5c35b6ba784a3ea59d808acbb1c24d6c088ca6c9e17bceb18337a4da0c1daeb5d51efb35712a475d6c5a2ea51e93fd79f7deb127f3418f354df06489e10b42bc1f20651660caea17f67f306f48e15db7e67a1b56578ba7be6c229fed9567e128d48551e6eefa17af5b95a716555571f44fbc41ab29208db7c1846e130866d5c9be6f73e601c55610dfd0f67d98933d252059daa1dec20ae0e5bed6568a6322322d8a40e6835fa66e317733e1b465434532eea8fa76886b600e06efc1da41f8dcec0a5e8ba8419f0b7879cc0a93bd14d99608b5bea931d8971da8d2d89053e1de40209e257e741bef48c17fa15467f1312a368d4a061bfc76c2b7bbd900b4a34da51b7cb5bd6e2fb08806a53c0d60273167d822fb6982785f2c3b0ec7d893b615724d0193928d0ea8ea2a1dec5abdcaa904c754cb7747449e87221b3d86bd5df26e11da753e768a8b481c306e485ec91074377dfc68be74a444906e420c2d8bccd84be13aa5ccd11115b669c89e9c0ce374bc4059c696e5f8344fee467ac8c8ade37daf614992914c763d971327b60946943847fb6b82672cc376b780953b6f4433df69ac61e110fbf1a35f6272561193d8652ebce3291333fdd4d84b9cfbc60a57e1f8b817e84ea15d440d4a4b4f7e19c08ddfc5949fe8cbddcd0296a62f12f53d48b1288b80e24c756fc38e2fae9c7a3315d1c6da42ae838afbbf5569f633a68289eb7073babcb210f4e08856fa65057bfabc70ad3b58c2c870dfb5e1b0d11b6fa6d5bbb68285d8f9c21bd89669781c9f4dc32eb1ef58b80b1d371334d36fa66a2b3dd4b3e4dedba7aa9fb7e0245f5fdbb66cda653c5232a131ec1f0c21db1c47b990a64a24dc8c4da951f419f57c03ff506e0147c22e99461", + "sha3_256_hash_of_signature": "e350f1ae1491ca7b2d100d63dc974fb643fd11a4e89ca30a94210e08bfbd66c7" + }, + { + "key_generation_seed": "d4fa14da39548392300a41be413ebd53bd7bcbd045b4d3c8ca44abc9599e269d", + "sha3_256_hash_of_public_key": "b68c26051c6947eadf5e125ce1e4dbac84f0d4a7bd5b9ba65bdefbb3284e2422", + "sha3_256_hash_of_secret_key": "555f251206f5d590e9ca11831162fab35f3e49ea41d53b46871f8f1de9ffebba", + "message": "789518ee21dc99cac94dd5298b2f3eb8f6ab8d0705d24d9aa3012f217464e7f203e08e5cea9e44f54a6f73e88d81592826e243b7f0b2a1b3a06e5afde23a2985183a0e430e01c3fa90e9f1db7e69dd8e7dc6fb802933e04a18834c091ecd46f0dd423f532668cee8a12a06bbc7e5ff3b9488b8f4a87a92bb8d6f313269ad95c574245e06563bb58bff6169b8f4c333033bc128b91cb81dd41b831df5103b295f744ede95fc3a0c72f1134a9321836afcfd563192c343040b943f69c0e98e8d740c06ccf840cbfc6bf777c9561065916f13d116d758a151e8ff4c355363aae8e4f49d2a2e062a2bb213aff25662d95549b4b025e70aa3363b50d25af84a3e5b0ffa598ce074733ad191c86c351592299c26c0a4933573ef436b73dfd0c4eacf93d361afe5f824b91bc178ee8381b9efd52302ab8cad6c08c7e090393b9b8abc78af374fac6e60bd104baaba524e68d75a759b94176105a9cff2e5b9c3984ff61c5afbf22b8e1b9e4f9bdffec0b19c2a5c8db3b8b2c02115d101805c1bd6652f738f02600e38998ca41ba8955094fad5bdc34133d4b523ede66cf483f1cd5acd9efaa69703807410939974d6dc033bc696541357da9881a4fd1385671b6e4bb889c68b544175c1e2ec1395dff4cc87e037087c615caf40804d5f44a2de301961a59818173730a45cf4c2df172614aff7199a40c9ffb9957242a89ff86b36a4f4d60f15db569c2fefaf677b35fe5f12ad5a323397714286e338ff6b9080fca50b657db477a52a93b243bf28ce2743794c361f443ad81ebaaeab2b237ebbc572d8586c3eab1f42baec1c985d28bc58b296a11d96a04b0e1f7f6790b92e450248804f3f62b5865941bfd444a910f31e1d6b79d8906e7e9828618f960ec14124fbeed28e1f58a8bc9d31773442fedc5a220f3912d0b41267d427c0c15bb76f9200c54b5f050307e13f1eb3de92b864c994a3df4cebd1bca634710fa342e23d7c8a5bac1b58aa321e215e4418428206f05232e2bcd1b5ee1bb7e34e7d4c93088991ee9dd643fd08b0185a2f0aeffb0ef0eea3acb4ce234bd5479a4f4296001305826f23083cc9dc99011864f250e77e42a0de26ab09ff6e3f32552f6f913256729b357cbf5dfc825e91bb5d3fac1f729803d431d339955960ead69b1e54536cfd774341cdfde1d1f527da4e738b2e292bdc884687d1016dc193edf34a37d284d026d33698295e864196e0bf16fa83a35f65ff2b38b7030e9e63eaaf594f272e07941313d538546bc84671739af822391ca4dbe6a579a81f45ff51fa5b7ef49beee7beba4ae07452c13366668f02752923ea3653043b26c883799fe6352f95144283d946ca87143b74c8a009c024d073baab9bc4da6c87d35fffd753e1eec7f01944639e566fe17a6f715f4197d1cba58d3d153bda37d7d2d5e19620ff0842527d109333fa2ba8bfc491689f4551bee6c9d13bb9e69ee4f44b782bb05d1e48d293bc15b9fc706d52b021c7159ff7df80e55627dd7555795f1fc616830a4ba2c02fe1a19dabe088e460bf3c5a88313c443179c593458467faa468791ca74e9b1e759847b6939f", + "sha3_256_hash_of_signature": "a01d79c9699ab7d8c5167612b10def462f58907c2d3033745527134a57e849dc" + }, + { + "key_generation_seed": "c796fd12d1feb1df46b162c38292684c09059e4463cb95dbdbf498a4dd4f7f00", + "sha3_256_hash_of_public_key": "aa16cb8160d85fdbaaadfc2fc7f7623669d89a485a3241541f37a1e210875291", + "sha3_256_hash_of_secret_key": "f06911620645780b56b3638a6581f082847ec75e1b652c9ba3b85369881aa90c", + "message": "a4117808d9d05b702483924e99623e778e7a3b7623739ab7ac488ed93e711ebddec383bfb7e06086fd0c374f4668ab744ad99b8af1c75309b60f55dc03ff7be6f23187ffd5cb224068568ce2d06abe441557b04a5a0c2858c416f6f7aa89a96adfc2afc54e0f31416ceed005b7b140b342652dac7bf401fed4d94d475784936fceb4b4f334bb14ba55b1ea9a36e2b0591287eaf4aced997162691a96e7f59853e609eca9a225f615a49a12763d80b5dfe6f8638923c39bd652936b19b944d5116f790e866a61947eb60cd1f3a1f319710d0f40e487efbef51fb4d00f5dbb94810128215f72b1aedd74a1b1d237088de3098417714eeb67d6a3e6bb647b6b0ac6d0ba3089d4cf6252b69c414e2bd6614429b6fceabeba50a4b53c7394652acf7dd9403ae14436ed5fd4d1c9e238a8399a763806fef5c3742c55b7159ebf5a13b271428f91229c191d617808a26af9190f9d445bfd3b273702bc3e7f610854c8e86066be7757960a880cb6727cef19dc7b464c464a7dac9ae85b799747b8488a4123b6bc7f0f7c2a8e53fd4f8687075b4e25660f5107acf22ca688057dae0496ff15a3eb9379a9f6e22fa43c932f137e389478c05db86060686afeafbcb9ed79ae194c4146a48ce5e07eaf585279313851cb864a50075ae46c1aab3b3cb920dee2652f5afa0138051c7c980946e8d5e18c16789cd184dc5598f65875ef43418dd56e11defb5a4a6afbce041bb292e0e2ec563296ba4ea6cbfdcca32a18c8aa395515a83d0fb7819413e5ae056ff0ec2f63f1d52a8be0b334a628d00995bec7e46a34bcd2dca0e9c5a88e0fc8c43843d6ae074c699276293fd8db2be48885155688428c2f5a6c6c91bd4a03cde2126205f9ebafe319d1b4f80277fe99211a09628ad840046eb9aa568ec71252ce9f69827b677d9c0d99546df5a48a8d253ac0036ddaf4d045a70f94ec54bf5f06296b2c2617f2b0ec0b8374dd28de269faf739b1e55ae1846f548fb6c0403c5ecee3cf9d1927e317f0d07e11aeba01c240fe17c6660f7cb32305af1eb6de4312fdea6990da4e9135dbc0b88ad0ae0847e1576f3c2711b785b846c7a4b823688e4218596caed583a90dc46bb9b27e00e4c1110b65f77e602f043a8441563667691c07162e52a53cd76e2d74dcaaa2983bf2e8f02cc30b05bd4f9ac731931c59f9ebc038fafb09fbc886f4c4191352206bb49adaef9d74bd08a5b780ff0fa301343f5ea81d36912eccb0ff24bbf0be6a8283ebdeca79cfb22639da38c9c639c4bd66fe5a75f0414fcc1455702856e6fc58344bf02998e17e967183ae920b7e04f58aa09145d6da79b65efcd18ec55bb9cfd53914f80d73c2b08bb754ac63e4c82d44b72376a544d97394b7c99678758b15cb94e71f9fccf674b29ed5afdce452959be5af510d57f9e5395a576eaa1fa7ba9aa4122a779727071fa485c005b447760410dee20b7c2299b4a0d5d9e5e4e038a19c87806c3fb875ea5bd7f47d034d7d5fec4bf132b04e47574172d392ea7b371516190ab81c67b45fef6332848a51b6c7dba90c410a44e9a88ac082fe296a7435e7d2ddfc645d5aebbc29620525757dad1b0222159d658c7225d02374ee6af479fcf1aa28cd91b", + "sha3_256_hash_of_signature": "2c52928e23f3da7a35e3dab0800d2a40e4f0357f7a7cd34fcb0f4d465c56d38f" + }, + { + "key_generation_seed": "a18a366a5ecacae4732dc9e954333ead153203013bac4e3c50bee15269f983fb", + "sha3_256_hash_of_public_key": "55282381329eb7b0e3e29a33461c01d046708357551d76e103c82e23925276ca", + "sha3_256_hash_of_secret_key": "8da1a7382fcfa02ecb682e7c11f47170b86b3a44bf85f813fc5a49a6e39f5a3d", + "message": "e82f5acc7c1a326d430475357629d568ea3d0dbe131114781d5bf8daa32fde9f3cecd288acd14445678c5ea6d3afafce48ea3957a6af8d8f23f78d84130fb6419f706eadd430cc85aff48283f15602265059abb075e011e3941834ebe70787cdd55f1e604c6b86f761d94c4f5e525791333df6d43869d6f36b212a8f35583d38a21d0947cbe26fbe6a36e189c73137f2f2d89f48566d04d2dd9125d2ea4e0b2a7e5c1e9d2ea036cfadcf7bb28f6df3b7d6395230c9d39d1e7558ea25340252708be23ec6c0c9a0946c5c5af0fe037c254d1a5b2b70b8f916cf37945bef76bdfdfb19a0daac5a83a6357e986b3155cff31024121634c3700ca99e5ecef1f2e411c6621fed6092c1ab59860271ac7f431e568075d59f71aa18096195f30bbeb1a6bac20e034f83c72be0536315879f1d1b7f31d38c12dd8e97819b4803d02becd436b61d1296ceb78ebf857e34087ec8ae8395269b5b0770b3423b39638910d2a3ddfec8502389fd8b5b09ffd10caad1a5c86e7e39629ab09a4abcdd00fbb9821f92e7dd24dda83d1d9762f52a89bed6c20648ea04fbad4233e5920ae83ffec28fdb5e432929a41db782b2cea8feb40cad0b27903050b650477e5d9443a536ecdfdac673952810596f1985427359d9e4797cabccd2fa0c0a2394d853b4e6f8e150b3e3ab5136cf476605ff5ffa9067c0fe58a143b50b18b09256657cf091132d449a6e7ee79aa870e9dbe46bf840edcb983f585ec2856c059808e72b8c901a25d6afd5372f168d533052a6d26418e035d87d0bf818adea19915047c8d824a425a8c7915756673e0f5fccb1b4fe7c1fdfce505f7e18f023fdd32a605906ec48e0fa755b6d87e47711e158d672c5fb4cd3b8d1d13fe9eece58453987cfcdd87b621b870f3aa27e73b6fb7fc0a6757893b978c63b7723c49d1005a1e5b1a4d60c4a2fef392df7ef97f149b499164455633fa485bdf92f804a47c8703d124522d73887a2b032f10f45343993ffb009d69e80fb54b6999a5bdb2760f8bcca648f3c52bfa1d887ae49862db4cbccc7213acbfdc48a57c3da1f1ebbea828182432aa1c593c3e5591c825e5706a5f9503311e91ec3d8f4a9554c3df915b5fbe0516a7a5597ecf8862a8df286ada96c90c9f2783f7f947a18ebbc64c1baf24b29f77521a9ebe09becffdb902efcd024046fd3e6182bf0c84bd3a0a5410eedbabfc60114e5db28b0943d79f58f766e2edb16759850d4cc3a9a57ae073cf6f3b24d36a4365e2bc64674259170b6d11dff63d0deed085b6321c45f218e09351aa0d4155189cc98de5627a03396a067ab3fea2c133062e3823fb1cafa5d592070c8e82abe812979dbdcb6d2e595f33830ad0e8e2f9e6cdc4d9c74b8026ead1815de36772769c4e00806f79950a40c979c14a4bdbfdb79df1de01fdfcaaebc93ddbad62ba166843a121d2b144559064e9de9e310dfc93d624c1061bad3195d6c9f46db64c65a31e90371f9b644e2a15e01c262395269a9ae83f50776f852903f86e5518bd008cf1b35e78f910d48c0b7bbaaad5dff2375c55d56b8f65b922229d5f494edccd2d676361619fedfe6bf0bfd7e4c77fc459f181120c4430c409ba89d2e5a8c36cc6200497611d9d705da6ae1aca4e16b389d632a982e017e1dad95dffbc7a7d7191e7b8fa1c0ed", + "sha3_256_hash_of_signature": "50a5c9089e1552ebebae132c3b09444f726655fcfb3f8c538cf0317df66775f4" + }, + { + "key_generation_seed": "585e714d565aa66078bc2b12699f1e86c6ff30a1abc8cbd19563bcddd2f1f6d2", + "sha3_256_hash_of_public_key": "d38469473dcd509e4c31b06e880c636359b4537e91dce86b15bc1b1af1dcf8af", + "sha3_256_hash_of_secret_key": "2814aeafe977703c78b8de9210165dd44e9a2807da101f95c2f616aa20d13eab", + "message": "743e5d96b9b4c1469e7ad2b3703f711faf60ca335358ff3efc8fcff02cd020a443243b4169f9123351b6c36762b85be5e5eddf8d4b43d82caa615788406a31cdf4f7087d42db21ae48a069aa23a8f6d20a1c0762f973e526f011dec737e986cc324724bc5336d0362525757410e21046a12ac54f2237e68da036a5c1389e46a53ed8c21774906948d4c9e14f40519c54dbd02b7a4acaabd24ffd7f6ca4d6d582ef48940296d2893415e811fe7ef0801b35f1c594e6fea2c293869bbd45618b6f04fc26b55d55a0ae99445aea12f851b7e58a49cc6a0044f28e3eb838cfa6bac5df53b0db78be2ca2bea1bf2deffebd673a783c91a6c9ee710b12042ec2863a9b52eada5b0d32101bba8338f7c75cdae7b7fd6797b25f96abd53a24a7647a1c91610306ffc72a8da4d46b1778146a98bd59cea3173d41d5a53f9a7f9e282b5fda1afb062d8afb63cb19b0e76df782feb9f7fd50902133529cfdd7c51af297895ef6e1871afd4c3de93defa8fcf1fe67bd27b7eeb0cf37a6a8e09af1203922bd9b62672d4756519cd09dd9271ecd0285f92030a9fc81c09bf2fae86f5f50596c628e0be673571cbc2fd76c563e113004529b234fb50e9e3d6d1f814cb8e5b5cc3ea365d0bc7602b146cc0361397d9bee9246fba3a724c462e177d27836093ec009741abfa28379aebcf5ef09bbce00ce449fec3a3302fb9ad0f010ca338363539da545f159fbcd3d6a0482454023587a324f5132fb6f4ca602fab2cf6cd59104427264cc9ede8d10cd9dd7fa6133e65693dbf744443ae920994226e21d98634bc7f0710dbc37c18203efa5adb467b523322e21e4e686b6b85b00cb501ed84153baecd4d6cac9d1183e38b510f7b1dbbe5995bcb717529b83fbbe969dfd8de21183762fcded692b16502834fe8e7a7c46f84acdcd2c9975098cf0cde8ac0efafa449dc26840180dcd9353a2f1b06962677c808b07345e8abe95b8d24f21d751a4edcfa0e02ff077de64e6b992e8c8822682dcc7f03ca7582fe7c74e0a9822a02d888fdde1fc9e73c2ededdf32001e918771e5f511ef8f88ac19b76fac0c812f56938f814d712d99269d7802e47634e541b54e00f9eaf78a421506a88b4bf7332dfc7d79e8c41835031fb449507d19d5a8a512a5c527c95b6f21ee3e41fa43591dd9bd2e4293701bdafb624e0ea290da4b7a173003867c4cc3fd814e117b4eee283c58f5fb33d653e410f68c8962155b8c4fbc13bb750a0343737d1fab36ebc618a6a7c8e6f93855cb24937b01c438fa713d334df335d0745582f680627d8b94cbc25f0d12e3b1c27a3ed72e2558b800c19dc6b719b961e0fee43bfc34e999027ca1969aba4c45fdab9af01b955e948de951f5a1088beda43ac930fe99d8cbb3473475c444f43e928e1a44966265b38fadf9b1183700a95a81f85ea43e5c61dd9b2d67701c95583e8e3f15083717e1722d764b6e624505347c30e5e70163ed9a046c504ff534956e911294d2b9097bbeef8740377ef0d6c4cc8086422902bf63556ce6da8e33e68fcfb42707c00693a995d17680b76293194db217eb5a928303dcf1814e4a881b057baf2553ac4faac8e4bf23fd4074154cd4ae189ff7e204eedb8edd594cdc21b5b7d73a712b511d068f4d217c0f91f9d84c524d973d67aa741eb13fe922afabf79cd2396181143783030fd2d0cfefc877934d8037a4c32ae8e15b50a6fa4269", + "sha3_256_hash_of_signature": "d2b808492a75531ecc2a52cec39d130373f61cdfc05753bcb0ba8b3a22eb5ec6" + }, + { + "key_generation_seed": "662cf70d3d5e95a9c6a33bd7c6abf0e8cd23ab2d2d9420878c4835de14a6c606", + "sha3_256_hash_of_public_key": "7c90160811d16235077b2b7667b067dc6bbf2021dc91d3ac35abea809766bf10", + "sha3_256_hash_of_secret_key": "ed4bfe40160bc08b38ba0abeafb0571184cc33a5fe07f5b4ed6ca18dc76d74f2", + "message": "3382e87ba70ea986a044b0cba2eafc3316c1ac95a5f16f6368c210dbeadfae6cf2382ddf5078ad594cde3bd1a837c517b1a20a2099d938df6aa02b6c0e62fe6147c904bcf3ede51ddda60de7887dfeb2866db402d23e5934a74c9ce4852d4b2f53cc9bcdda312964a548f6f7c8320af1d1bdba7fd32ec6c86bc3fcb4205ed3db092fdcad9ac4d2b8575883e13f69d8c16cb18d1b9284b31823ece917c905c5c8b9d180c1bd87975871014f773fb57d402b8fe16ee312692665824cf0bce4509326a31957319364cd421e9b21bbc1dff663ed850858a2450c2ffe64b65e009a3999ce4504ba5313ba0ee4a8843349c30fa6e59fd3aceca130a37c04f9b64722608768973996112684b64d0c87bf95e5dd60661935831a6a1a9575ebcb2f64a15296be788c775d80523d6bb4267d91b0c71ba5f90ddf1933de898e79fc7e39d0a3d146f185214468da50aeb47402ab542e52ceb768a70cb1f749e4164cf20e549b674ce965ffbb98d874d34b5b7851e575e6c1e4de9c170a10dab84940af055a951260b0119f5acba320b55cdce4f16346905a2073cd9fefba95734e4f4dfdb7a33f292d45698831f1d3e9fbf56d9692c14a8f9887265cbb4441ab331d977e3a68a1bc9f406ae0fb1c6e91205670641b9868e2a987baceee2364fdb089a63b53976d600bd7a8ae88a02872e46927269d281cefa385c98ccdfa6609394943fac32237368c6203aafabde072054ab5a14a91391d5a943f4ed4a4407f275ccfd15fd28f1ae0eb6edcc6612e3436572919e4dfb57c049bd77b344d8e04152863efd4fae8fe3a7230aeaaaf82870820085f4b3eb5215111b6b8952cf2ff468b3d10f3af849f16e190e9560f40b05e6e2204591b58a850e2710f7043aee2a44a6d4a108ceedeb2d216e51102dd08751925de6a7f67bca1980f0789b34e2f86729621f2285c5d3a036cd87c76102e9d607c37ccdac8062ceb961053f3195b5abd88bc64fc65f8be34166841683f1eed291938f75dfdb3af4fd2aa98ce95382acfb5d5dfe6ef243c8a0b19b80584fc0cd533e38bd485d1c52e0eb5bff90c0a947d9b9095ac1c0ce9754eabfc860990206b981235c7b612db61c9fdefc0f14dbf68a8a0ea4986cdc4aabad6c218559e11cceecd804eb98446fb33eae47c0388bd8972ddac02ce807b707d6d188cb31a1d76d44323e93dac4f8ecf77e7896c052ef16009ce4d1147df84fd5785d95d77310783f9aeff1dda693f4bed26457ed82a1cea19d9c4919257e3050b25a7d1ce7561740ddac3fd93a607c79875e050e40498bfbcca95bdb3d0fe639dc7cea80e3dab3ad73a4265f012451c1bcc2fda1e1aebb7fb18407f31e7496e2a18d2c686b47120688240a2fb134a3c314d4cb422811e850524684ec485e061f7365494a6403af170da461a3bc32ffaf9143d5e9b17b2285c56977aecaf880cdd34f26120dac4c950198233a50654efaca6ea97333d2bbc024a5e668821d20333df0b712510100aecab6b484ccb7814178f851a3e6ba0b76f16c4685d5ac8ba48558d382abecbdcf0b919c1acae46ebeb5011dd0b3c22b539810720cfbe4cbadb111e100c09c811e724a67c66a1b89eed1e7218861f55a4dc55e236c6e3521dcb374437a14e8000dbebf0f7f9bf409af952888675c11326d9e3e8a8828bf50caecff96075cf29446cada373529d310660cbd60c042c143e1736fe7afaf6fbe42791a8db01ec0475145257fe2df766d4ea972b14ae5110b8f8f42d659383e9bd76", + "sha3_256_hash_of_signature": "74abe1521c4b57e64e7855414764e169367b153da01a1d595e1a72269d05cc5f" + }, + { + "key_generation_seed": "1924a71628292aa3d2d34ea72e2bfc2520864205f54ec6f19f7714733aa34cc9", + "sha3_256_hash_of_public_key": "7f342bc60580f39ccf6fc4257c8a9f1fdcc87dfaa9ecf731680ec9300b04d822", + "sha3_256_hash_of_secret_key": "62b8ec05186bd853662abc8c2f71f6294c6edf519547727885bf959be1844434", + "message": "67109894c579974373ca0054ed5f7c373b7aeb810721c3d9cefa02eb244ef6b17507300370adb24ae0173c6d114c51e05f822a770318033c082b6502f70012283eda2a9dc0a1381f145470e5d3729d201773d2aa63c18885a92c962bcd3628835391d70dc36273dfaa4966f65ad40eb51fb4b416a8d0b1ddf39cb932ec4503bea23e3d9d3b4501db426c6ad99c28d415fb565f62eb5c22bb043c8cafc42ebd1c7190dd32a5b14b571644471453740c081f3e3305f9ae70a5bd505874382ec0f6e2188563e763bb8d1bb8b16587ae25a6252f51e4ad02d0483c4a6e8aa2849c44629cf4b7c6dd6a5fecdab0f9b2f0b35e306c7532b64bd5a3ce67a0247d97024aafe5cbc13e375aa69b8287bba9ddc9aaac2bcf41a71e373ee36b13df9f829bbee8f48802dd9e03be42a5e290251bb130e0e2abcc4e096dd0f264e5d29f8c2388a0c3010e78f2a03f5ba1be13aa5e50f2ba67a031ce3f787754b8276ea1af62bc5fb4dd9a9b9bb84217a37eb9fc7aafb517337b30454200d6aae491e50d5007eac2150f60f640a5c4624ce6d8112119413731322bad9762bcf72349ee38e2a41102bc5461d72033072a90e82d105e6fcdaed9c223a4142cd55920196d7b1b9278c84b67a2e35bde3c9ceebb8e9007ba8758bd35c875dd5fa0a8fdaaaa9a09629b9df69afaab456e105dabf2ac5834b8d223b0a406e0d1295c876c447e8e09c93fb09ed1b3ef6e1f3b7fcb029f576a45a12620567e05f218bc3753109dd29ae0ade1370c0f871ab5ad8a9dbaa277fb869ee552e8733e73886d6dfeace6b35e481f37a516ebe191daa6f83e4ff453cf9cc9ddea8ee507af0e62ef3cb8c22949cb828e21c6aaf3fa9ac301e2257b0a054ff0a237f527d53eb757820af637ffc9f983a2b5aff0b4cc493e610314432c9c2f0ff73c4240d520d1d73721b429ce41807b7424b14f5eb1cd23d5562263fe1d58cb1d52e5175414800cb090242e240c3a7acad4c84dbd8abc2731fa2b1d9820da60fdb6baa7ea849b6a146e07af7fc201b3a98e5194bb5826945faca3690209e5726f070a71ee07ae76adb7e6199fccc81c8af7a463633a58873b4f7e65f522fda409979de41cf54f659e66cd5950a3a3e01570526c46417a00ec2e8821dc380abfa21384d141d259cbb9722f267e46272adc5cc4bce382b554226996f4a6a1605287276c18a48c8ff1a92ecd2815ca5452fd6157fc27532680022993535549bf9ab064052e6db4e9f83b5d0d885b94a90f59e67b9df0c321eb0f95ac07007e4ee33ba89aabeeeea01fd1172eca4e31fb02c507ffe43cd0d6c8570769a180e68a70bd344b4c992e7d3a6bfb96ac4d69c2d4f5efaca1d348dc1988de44b30da76babc307a88124f96f26737a85fe6047e7e485c7e4b6b99b575faedc9baca3e080e2b074cffce1f716c6a1d08234c45706d2883c6e5a001d02596cfe5b260de6134c75df3ac8bcf1919759e15576ca147cebe041d04e369bde70cc64157aeda311c8da520eae907c33e30dd89013e24b7b02e66c9f285bf7d5c3fd65bae24ab20d40addb451ab4bc4b9772d0b9039461bca8d3d2a4d71a2e6bfbe7f02325fd571fcae1fb47f855612f382188a5fa3d61c3e8e59ef016db0149c52e1c7dc84030e6c93c4f32da6ce5f3b8196affde834d2adc26cfa05940055401891519386bcd33d85584d74b2f16d8e19556c272aee8397a1741effc283dbad317740c1b67f8f4b7d2d1edd68d6615eac3f8e3cd26ac4f8058667fb388b19c654711b5b2eda75a9ab55174157cbe08c186a3d0963bb3011a9567bd499ad2a8", + "sha3_256_hash_of_signature": "ae9f4aa3a5d0fb8ee8c4c6d4c79dc3cd1f0ebd98232bf860d046325b44b7a534" + }, + { + "key_generation_seed": "ef7ba21809ae7e0bc3230b6061c5fee206d805572cf1345198e1ef22a8fe7322", + "sha3_256_hash_of_public_key": "b67404279058bc0232837aa84558703f88d536a403a1298c203f701374151a77", + "sha3_256_hash_of_secret_key": "1650cdede4d048187e2c11f49b6eb86a979d9c491ccd1eaa1e2c8718e3255741", + "message": "061934748c6758ecdeddf3a2df78574a470621496ce3f12e5e4555febccc1a46a772fcbadeba8b2eb5231b5b15deda5a38076c737e5d091a8ca8482f84ec4a20a51ddda391088f2c3926f8e1d8b77dd0abd606e9ac25a17a86a5c75adc215c5030355c4a1b307c1cc80a3bc4a7d4b4044fd35d173a2c7c081318f707828a3438dabe0836c2d6c14e1643f05ef8405531d5594411ae4dac6f3992279cae379d7c1762b122037301d3ffe8efd1beb4e027e055527d485d0871f2013e7b25cc26531c2ca6ddb98b31f0ac2c3bdf400a0bae942c9d4c4003f9952b67af67e85f572edc3345a84b6dc3cebbaadb7e3c876ab2da16ed0eacf4858033bf5a4f739f9e083a345c2bb5d8611dae90d25ac45d8b3d39b4de584cbeaccc6f5b6e61524349b50e818bb6b03c7e5b86795d49324ce6b1603791f20b3500a1b8ade82359263470d777b35dba38276096445842ba5d5e960fb2ab58730f970a15aa42d9737c33be700127a7ce7cade024d3abca59ca49f9a7edf44db62ccc07a595016868aa97a140178dc92530eff864c24954464ba886db7d74be7b540baaf807f1aebd014680ff4a51e16e1391e32069ee823f3d23db72244d657233578cb7d29a33e6ec31df1fdd43b51742cc30efc54be83149177e7bcde4450dcd142eb2cb745f8865dfd99dc84ab92750f1cfb0f3944e4e4eaa41261a1e8c58d9b230add792dce20d2612823c0ff9f82e04b61e48dbb83f1a6dd5cc7f92bcd0a37ab3053803d1188029aa1fed9ba04f4c961588c9ad2ba7ef1cfbc50fa69b799898eb0dfe9668260ca5680f91a10d2bef8f108ab28fcab693ecdb942070d2b9b8bbb22609c8395c23d7482c31b69b0f555b7c079d3defaa5fb302ed92619c058adf334e845eb1c6edd903c0de2aedd3d9830943f8bcc5954b65df37c901a17ef13fa75b0f2c8c1d2e38681874aebfe90b463f2cc7831958fdc0de0446991eb3c3612cc00188dfc1078fe458d2e5b80efa7bfce800c6b4ca0e570fa5858859633551da28f36f1ff418a9b7ad18aa89b4612f9d676d5fd98bce6f144cd7458ca9f2bc732a36a4d186ea290a009a870da3c1f60617d56ea7554062367121f3e5e569503aa573b172c6278dde5aa4ccda79d9d8faf41c6c9040c1d1d3cb78b41ffa8a0180395439f0d1b72e42471a9100973ab3bc7aec559d94d2d6402374ba5a584de168395a156324e1e4149abd35c72ae0f79863cb59ee6ba22145e36e0d85d3caf8a427d38c96ce489cd0aea20d7960608c074ce3cd0494b6d6d5ec8895f0f03ce78982ad8fd6784bcf16825286c51325662f34726ba66d3a91eeb598124d6755da090ef863fa31ccd5b08909a3279a35cfdce24d2ba16f42ad280b029a0e27137a671c862b0e6f73ff4a1de320c4daffb5cd4ac3522ef1c10e8a918005535f355ce6366b43a757938594366831dbf7ee72f311be4953edd1ea1c598960745d3dbb7f1e2d882cc063bc0791d18c6376a8497f2f91389a13aa96dab78feca081d761479848a5b4cc2e3d015f343b9000583e95e785a45a06842d7c6c0fe9ac4d70f085503d7ac954516953c497635ac8b7698bb784f73fe6e7f9d0ab9473e828168df4ec142cc1fe18fa067525915adf0764e44292a0316ef3c0a443683c92c4661409589eabd7b4dbd43f54317ae0e3d1c69c35a7868991fa0bc2f83430d89821b91a08ddc2d314a717f5bc6f3d89daf163af73e10c61630139e3feda723feb2edffe6c7f364fba22e6aab75e267065b5e7575946c56265743816b2cf12a106ae21921e3e92bfb7ff80e105468f8409d6698e8660b5b05f3f4bb19a0bd4be3569d24f51795752be74c429aeca5be737de8c01", + "sha3_256_hash_of_signature": "ff07d9ddfe912c9858a0cbd580ae3912e5d39177a39d1104dac9560c3d7681eb" + }, + { + "key_generation_seed": "cb0b305fb54e1cb23b63ec1f6f4689137e5048d095fb3eadc854c852ca86be93", + "sha3_256_hash_of_public_key": "595136dfc53f7037fd8e7b637376d428c20fc3b18bbea43e8bd9d7a967d8c9bc", + "sha3_256_hash_of_secret_key": "480f88f3fd72c0070100315fac271f9ea2569b0e11cd7fc4b2b3e2a61d500ebf", + "message": "ae2638d944822298959f47b2173de7d1e58aaa622296ad4a4cb67ec7ead8220ac2f171605ba2d08af3d6ff5849566eaf96209e9e00cc28eb9a517cf5061545aad24cce143a2ee1ab7cfa259ad9c01860b33b0036f2cb3a5086861212f408c5f055d226ccc77cc884452b2670d89548ec1c6e98fb311df03979cabf725e78956af185447287bca2517f554e9f25e19d93790318efc5d2602fabf262e5c7fc307e5a991e0122e332a803ac4a91b318b30d79394248521190d2be326037a89fe918d139f763dc8daa2c3bbce53f04809f0d97303f2f1b88b572b3086acaf38eef36b4c0791b4918204b0e1e923bce9e3bb1e7baa07135b176e266af174d5df26c44842ceac4ae4c1cff05557da3db8651261be78d766699b1891cb825fa9a418c45bb9f7f2d347f3f92f9529ca6db94e2ffcc69337fb3690f556c5a44cbbd9d79f60aff063de68b14bd2f4b7e8cdf94f6c2f40219d27f71e8ab3d4d6872a5d4b82eaf8e3943a6d425ed04fbc5c7596ae929ad680b245e3d6a7c5ccd7fdfa1d14ef0f72b9baaef05b7b84adc02913ddbc76d5fe80de30527ffad1825ccba34f8587c5b0291471d6957ad99c5fbcf3669b4ae5930c8af68305c2d3e84e714cb9049a9560a3c94aeb95a252f69b68f755dc0e0aab52dd054b670a275bd2bad7ff8ec0cde6224e9a0eb537e95dab992c382d6b03fa045da402ce7c5b55138fb400d9e86afe30923afee82c4528d1b38ce16d33beb47a96c18428d919ba98c9782806d6f4a40b52f7f0989337c724be24e9a5430cfea470d02ea36ca479faead94a74049898d1f1be53d5ab8cc0cdd5438a7c55827131de264aecd18e5f5f2f9fd60e8d2d6f55beb27eb77aeeac2a15432a5f1467483be6073243d0165a6c242fe1bd7b7aa701a0827f286ecb51e4c2626dcbe95466bc94a7e2a09ab334fee3959ca31974b6286e2a2051653341623cf3aca65637df657280b6025db0c0377ec09e6e32010f0f59711a30496695d23728319dfd0ab5f3aa69025276e68808130659d912a53693584188e310b1cacc41af4b19fad8da95d4b35e2569053f553a9dfcbb8fdee1455dfa0e4f5e94324c86a24288ae27f3576ae15fbc8bed49bfd8521d77a61fb523badf0e3cee53799016c6ee4e1e5defc19c7717a5c41ed8fa6bf0e5811baea76676de03767a607735c2a48bede511012eaf1f79e4d2c3566042ff2c63bb82fbb399ce20e1f268d3844bb473ad7366ef86d064c5ba080fc0c01bdd2ad343c5367d80d2a058cf40725268cd34123c219d9109780335611b008ee3f8848ea9d174d7b96bd2fd9a04fa2b550dcf0b301d64c0764299d317dcd0ca05718a1ac008d86fea330095e81567e83bde31a0d635098d7b86176ce6cc4025e8628c73b394d9a45b09b64bfd3a424162b16e1adaa1ab60006847c6d5ca5733237a330147cfe6b9170d7b88834bb79f1fddefcc0ebb1d4fef326e28c41c919607bf12ad112807bf8582933ddb096f1f3e2bcd6bcbd844da317cea2a7688a5fbba14d84c537814ec2b171ade28acf83ea481631b968c26f8d2bf2c5af7d61a93378e1e23fc756e2f0ee79199475ab4ba1fbc55d9adc2b05888b2910049bca98defefe96cdcb67ca9d4aa5bbfc6ca0ecbb78bf29035d158de2a1708d98beb85c70ad1c64b39b387516073e2fe85bd9efa25cb048c224e0ef76547dca67fd66485a97eb5e56c06c78ffa08ec1c9c6f2380912a2585cbcba2cd702cd2b51022f63ec920412989bd743a8a8beb07241e3e8eb38ca14cd400c83dbfa6fc8e04f58529007a1477e9613291af877692e4ca9ae118a1902ae7b4ae7dc2e992a6495cd19df32ce64131a8d8c41969a8bae1d870dd5f1360ba9278d5b76e746faf99d526199e87a4b1d3a5c48a33989f103cfb2", + "sha3_256_hash_of_signature": "4b9dcea61dfc65dae4069c8f026950992388243095a4b493a35f7efe31240946" + }, + { + "key_generation_seed": "f92ffa3a36f43f9177763ad320fd651d9357c6d99f09549fe6af12943b58be90", + "sha3_256_hash_of_public_key": "e90c3b6ee521c420843c664ba7196607204cfdd6c3bc8b5e8d90765914fe7f56", + "sha3_256_hash_of_secret_key": "3aad9fb703e0138dd789099b7a8a1529b3ab3a05b56429403a98273955d7ce18", + "message": "9d84e1dd28c513987d5587a4427853762b7d7af668ff9ec2e90211d6cf5c0de6c7e54b298c1a6c67ea9a693cedc4fca1a6adc2c6dd0e5bbcee7266b9c6ac8fa8af5e50078a6151f938161f1feacde4d8079b5a9d563423258cf3ae9e47d8e75740314f2ffa63865a8b30743f773a53e1aedeac45caae01993b75c8116fb0b431631ac001aa8bd02e5b83de627af0ccb3a3d86f66a7e5fb658f9226df31095780a6e8262a247d70f4e7c971d108567ffbd7fed0e16b7ffddd93f5764c3e02a61998c32146564d46589538b2e071af86a26321a3523354f4f0c396b863fc8e9e2e3a173901d0d178a9d2828d0e0974b72cedfb17937d6054f185a81d4f853787e6c3681a74fe25faa6c256a9f9e9a9253f98b9ae4b8fa0068dc28bc7e8d5785cfad20f7ddd643dae6a2ddb02713c9cafc2eb2fd18efdeced05cc24913061bdc38e932db5e8181fc0d3de26a94e2138800b3c01e07e83b3b0be187edc75da576af1cc7b7122367effd6ebf05f4c2eeb0ab6e9f91201a4237910a87de9fef777981d48fba28ab8d64d76380911f2a6621335dfa96b331ae8b3242ea1f2a260260244196b0b9596c411218a17d0a58d3b5735b9ad7b6259655cf6e2d0fe5b37d0a0b02e67951f5d3fb277b6e1ec87528b08229ab0ebd895cba2d075a47cc8100e9dd17de7d951bf0a68d710aac21c8226d8ca95ac49fcbe9d493a8d3c7f93fa61685be57ff422fad036304f317a3dbcfee7a4610c8c1ddaa79e37c19d6414f47230e01ef1cd5c7c2ffc319a29ae6a9c95b06c603f2cfc1d1fc914b036cda6cf9a876946983b06123c2e5c7d09bc190647cdc0512f35db9e214c77d3d7d0234c3f2590941236a367700f9c04d3afb949dca2067571bf28e78ed35fc026bd801c4afee9bf31c97580953950d2e81ee6426e78d6f8134ed19707473f0874367c86c9be170be63405a9bf7c46a420724b6ccff9c21b015e21bb02c5a7aeabca873b46571530de56e47288c3424da398517abb6502a9a6a65d4983d97e479941c44cf0136d225991226f70837e2a7d1e9cb1226f40bf59d52c66549bf8e360096954f5875c466160a0c75a252e5fe6b8f1841fe210bf08520ce74d77b69692086ef50bb64732f19d1a49e5800f077700553290635d418168a6b9e3ae980112afb9d58a18b94f972845c309e86fec7e456191d8760a1c2106036e44c5c9a5f2cfbc67d741e8e937e99ed7820ab0787e39c385356ef0f05cd3e31c44115a8892224197b1d1f554d5098b72058fad49c665f716a266cb4db6204666e1dc07b6cfde0ea00345661e0f94a5025d2ec98483cf482058d2eddb018cec11d91eb46b63971ab29367db46137cd7690d5782e3a3ddc8cabd545fc1aad8a9a0a39542aec55cc3d58a5bb5e4a559db1fcd2932eff6e81c8b8e5ad5b4e0424a444bc55d96df63c8971a5890310fe19dff8acba72d96fd3f32d67d41a2f3d0b343489c7fdee7556012c2d88e2ba9d512b71e7d04f92e6be3a9386565271d755bed752c853e4539f95c3287a275004f76b9a93837c6efc6760be4a39b8aa92c7605ac369472fb29e11acad98fc91b1b9bb3505638d4d46a3ae3c10c8dc115c35725f06649bfb00ba1ef214b9f2fe98be2da99ab23e7b9f014f5c5d0248a9e0e088ac175c8048c6beb5108da59dc234e9edfbe603ba912bea22505c2a9eaae766ff55aac8392aea5c722df25bc6c9fcf9b0275df71206a4e5290fc5e71d79928e357400dcb04efd7cc9bd0b86e04bfed9bdbce5787e40fcd6041adda615b5ecf03c30ab9b2809e3514e9ac87226c55f259c5f157945b0073431715e1740dcb319edddd1b5f2763f0439cc0d6ed5867d9d98c227ca3008f30d1b2aea40dc73ff8289e4a21586eff519520f888e7e2f6d29a269c12607d13d398f437cd7f0a07c94ee1e1e3d8518d0c97be1e250d79c5ae1709ad8a638f55", + "sha3_256_hash_of_signature": "64339629236a47a85645f8c720275c0d306cd65e73a222d424f37c036b92d7f8" + }, + { + "key_generation_seed": "5d3cce926a795abc5f6632cabff8bf66275dcc7e4a4ab3b8399d23e62a28bd16", + "sha3_256_hash_of_public_key": "7f8c1f8e8bb90dea94a0c0be8b45a7aaff27bf86b4ea86338d304c9c69fdf136", + "sha3_256_hash_of_secret_key": "6ea341ac626a138179f02368c03951e415efd4f8bdb4908b24418af9087d3c8c", + "message": "af2860129c08a1a9c7a7bb3120b3e40afa1a4a09050c8483e7511fabf3285544d4ce3f41401dab8c17da547f6777a72519f6eeaac83016fa0e0fb0b33329dd02ab8eb1f291758074ebb5b7c4c102b75ba422821e6755b37b914d689d84808a89cf88f69a446f489a260ba03ca52a4aa14e8bcf4bfe5134dd2918a88d67329b9badc6ada4a3071fd21cfc45235fa0a1b82d91c5877f10ae087464251c8899732aa7fc8f6c0a5beaf4fa41e64ca97932925a06e218272500249577705804c6dd9f0f61dee6aae096be0ae5e67923137933fe4d61e9a88dfd5b3bd75aeeaf5018a5153985e2837ad1aad5eed91620d935eb9982dd2364b5413f490bf251fc783503fa146300e6adae0682e0597c3839c645dbe855919bb1cb80c3dc6e233909017bb31f5adaee05ce442eef594fc15fec3a2b4b81ecaad1340b0677f27009290ab3ab8788556389047f63c2ce9390658e151ca85baae45ed2fe12b6667967f6b772ee683ac2e7347c7b0efa332b3354b5043cb86200f8e4249f68030844d00a86faa7b79a4129ad676d1e9d58828a1af4c6bd68c29cc23002e0a0313500ba717b8756d4a18e41e381df8d7a999a153876db876ca4a508486a4f331cac9cb3e7c416c6329713cab76e1c8b63a8cad46f8eb1e65116f89a3b4eb8faa14a73097ca71aea3220be7fb7fe64919893930445d962c309e23332e4b3ed8ca768ef0ed46eaab199827ad628a1bc20ccd9f61bef67f7fcb017300ebc7493a7ccdaedbfca5f91e80b80decbfd9ead9bf22fe16b563512c7383d34801c504202d7a0e19821ec8495016362edac165904d2bbac484de1d4112c3a3e6ea56a78785b7caf2a44b5bc8becbc50bf4b521c1d086086feb009c06acb8fa0f53e7654fb02ad7898e35e5f3a7dcfc50124ba1f30178c707f4d36e4e7758c4cf82747753cc30a836311794a6a9017f53abd17a1c9647ab38ba56aac83c1812dee8a5a75c5cc958780a3e9c3c1f39729bd365948f7fcd8104cf09660060fbad2be9b8d8e5bdd22286eb0bfd4010681ae7928d0fc008e21c8f877d97b5b9c7a06c02530fbc6a9d6fcedfedf68a9682177757cdddffa6cb9086b8330e61851e2761d84da37635ea8441e3b23fd165ccea562b0a3616b30ee5fae00f76d6801b22f2215d80829e01db2c0743e3074cf26c96b0eddf97d79fb9c7ffe9b5cdb891f9e61fefe7e1cbd28fe25b7858921c8c99c45a84b50a8233037dacc20beeebb9b22089ddaf2ebf0698498da694f75ed2463d09ba2c757a986b8ca556cdf46cbcdf288c078041d497242f66411f47f35a21918855f105f24686076fa21bc1283f17245a7122a848b4bc10d996b2c5161fce0336b2ec747a4a07fa9851ac5423d1efc4b524e795b2e4bffd1c5cd21f5fec954824dcc53bc3883a7f571a9323dfdd2682c4a4c54e8862f347c9a8897779170b257ad26d90121dde722a3f214a44cf6c5a5ddb2452a2471ebe7fc8d0ef7f1edc7920cb42a71e4db49a0168d51843f47d17bade50dcb340e5f7b7e5b6a6c3afe0fb26b5ea172a4011eee838e5634e521483c6edbe9994b0658406ed8f4998c7b4e869845cd16cc4368da3bc1b025a6ffafbf540133c372d452dd831dcad39d61cced0a0ad193fa9886eac749001e3bead5a7962275fc62298a1bd054f4bd97acab2bbfdc355c73509d98b6de5b4cd774bdcaf1398532bb3db56524cc047abde6880c3b282fce0fb2ad7e4c5f7bc138b48d194e8c8036df4b9f3949e912afe5d2734662f27583193d0fba2b73c1a0d012db853bbbe4383f6c391f3220e1b5761c337a054fc9fdf09c01864b87324a90c776efbf5d34a68dee38ebaaccbb61b4c79a58cc848184f605d43cf9d40be90c1fbcf6735270132b59a636b16ed28111246270af32ea2cb7a42a084005aebb6161002e65b37217361bc269f5ed12f7d50613c82934a6d1d98d1308ac82827b7504f3fd351e0aca1c62843c9219023fd092692ba4b83be198ea", + "sha3_256_hash_of_signature": "b3a89e2df9e64cf30b8897bded4f9ffb2578603bea422b2fd29cd3aec56e4ee6" + }, + { + "key_generation_seed": "ba2386ba92aa89049c64ecfe60fddbe136815d3874527414b63ed32215f2e06f", + "sha3_256_hash_of_public_key": "5f9eb2cf29aaf90ddd9a567b770fd02c88022c6f56e5cb5418df2f014edde37a", + "sha3_256_hash_of_secret_key": "9fb142bc7addddfc19c0ac664cecb24b99054810173f8f44c993431bc676d4b4", + "message": "eca4505d43235f274d902464f4e763312bd11060f908621a063409eb42faa6bb5e20facd87b8ff41767c20f69b1f7e05d5f3a957f48dea57dcc91824fa48da6ddbde7e3327a0a8d46a47606eda01e67cea1f29bdc5fba446de60541dbed6f73d1fc5f49bd77d45285d3d8ca93f6df25aeef9324bedb40e800acb49794ab05e6d0aeb11a5994fba36dabb9559cd93cf522174061c116cf31874a18c46689fb8c075079dfaf73ea0ea7faadd47ad8ef68c06af9738b41be771020fedb79ca3d0165427b58e547105fcf82a12b67579d1d3aab29968817068732cdbc5a2e9e8d55d17468d03f38d564f5ac6efe1538e4a680e9e15e35ab54d07b6b58ec9ea7815ccf29f4f880cbf1946f39556bdc2bbc78a5134fa7a086ddc146ad9d503a4ca837e0823bf0728453f6b053788c69eff8d11acdf5f07282a75cbd17f2aed58e39d862ff056df17178625234ca7e03d22aaafc4c07e3fb08f4297b511b10579934d2761fbb600c9454ac05fff80cfb93de3b9e0ddd0ab1e494de477da2b5635e48d5bed5ce359e66a3ac845826be2b4bbfa6d825373bb2a4e93aa417648d1cea755aa4978784d6d9489f6738b4da03faedc659408d9395c934af774749a498b1406522351f86838865f53cb0157247484fd37ea59ba72ff3226aff1eee353abd34ddd63fcc89387b947027e04a6f4ecca1ee5f6bd1ca758aa4f796fe839338164b58d8e5d71e6d5cdeef6b279ef15a7bad873b12f7c5b3e2817c37bf00802d2534d425d52d0bd5935bf8658e5bd39b5268cc45d0f27cee5a57300f497e77af5268970782030e6928281379cb14bb56d2acd963d189c078c7a60e98a782f9483ece7b4871a061277186a01e878087381704bd72c63c32cbf2470a561c22a5dd3a1988b7ed0d274182e1b075af277920b362d612dc7ed82057ebfe51a3ca5a9a9a45de015c460be6a48cf67c820813048a1cea0fc3d7307f802b4fb7e523e7c8555fa56dcf66237f176d3d973c47f55af93fc4bc92b98b7de89829b1471dff53b649cb03b719db58daf824daa2de570df6314dcaf5b705557f9d783559277a754f3cd5b783d5a577ebe4a065d320284b01f71540f1986bcd443cf4fd480dbe06ef7710387cb5185deacb5c2a612bca275950b8988f247c4b773d8983d87f47d60f5bf80e6e7baedeb14b5ffbc46893a81c63f99f511d3e24fa8f7b1ba66a7db0c1d9acc6b5010ad725bdc2282d8a24018c975c8b12ed3326f48194d4ff93ebf051204cd224ea39f27d63fe07cfd0162358b412dbfd4715ad049ee5a31638d3111af2db7952f3a973646612712a607ea35826249d14cbde4380d8bc986067b1cc27503449fb128767986a406585c3d40daca75c27bd36117d2487bae82cf639ed1fa016add279d109b8cdae59eb31e1f006cb7af000a267e8582e55375cf6f06d1a47be9bfa21c8428045b9df96808ad74d054820a4d0873257eb318a3dc9b6d9585d973e26d435345b4d699a952c3092eeddd975fb59474212080d03ec489c695f19cba4d1cab1ae8d2e2c730b06e657d33722d24222ff7b613b6e8608e8a6003e11c80239ff431b5d8fa52b84b867a581798833590524c7b84eaf6cda9ca94c5ab8ef55a1262eec5c37467807c89ff7d075606a3902e7247e9c6646839c18493584d33db65d6dfc0f23e68c9d13fd57faf4836c28926693dc3ee372de27a9d3e4ab4229425ef48cc410f1792a51c9f6fa5316a1d9a7c99979884ef350b4882f6045921ca88d4e44b435c69c1aac11660971c2a3f6480c79e6e146c0b5cd2371bf5e7486ad7d0be88d62a2ae8f0d73c17cbac86ff6bda55a880b182a5237498e9cb343a9cd82d7784b72473d222e688d13cb81b2908bba854b9624a11dbe8cee9c3825c1bfba476b4d23d0b0c325f1c498a65a3589ea8e8df8dd9030b279ede30443cf80367ceea4a122dc8329e5ad42491cf57ef47ae2b15f9c54120966b95acd727a4a2b686b00626bc808f43d82d20deebca79b074a7bff38d2531ab2f726ac7087236eb3fb4bec8a2d4207dc84c", + "sha3_256_hash_of_signature": "ab010ab9f3cccf67189fa587c8963253777af151fc8b7138c0db4aa0bf635da2" + }, + { + "key_generation_seed": "b4e1af25e8dc6934ba391a89984a358702bdd36838babebd982638703f20eef8", + "sha3_256_hash_of_public_key": "2008712ac41bfc96e296c5532bd335cd75af682ae3841fbf5b184a4054971449", + "sha3_256_hash_of_secret_key": "1706f09929bd016860c443df770e41169b092e60ebf24cd64203ad4766225a5b", + "message": "96e2865a0e602ea4e3c5657a7f761a6f771007989ff885261f5638c14c1bf80aade34cb956d2b5fa1ce38fde831423201d3692e8e6f40e68a68c085dbe3c4cd8e35394f74072f44de98a74e42c9176a86ac06bed8c0ca937db4c3bf92371106b7a68ea8fde1d1e082ccf522a397401ad0f8da6c82bf76eab8afe101c7ff023a0fcf015b40ada0073363e7cb25260c18662d651222a4ccf1b290ee6f7b111b9a963211d67d7674b499449f760352feeb9fb7265a5f2f7f20c0174802c7f48226d92620d3e009e85b104230c21ba2fb0012dac4bdf9fd184e09cb3e593eb1f3eeb418a8bf3173e6cb91fd8080c7e80dbe6730833a4a9f22c52716731c7cea4f70cde0f81d2d9aafb6b60820598a7f6aa1b963b7686528e6e7885ae085c3d26c4acbf9fc15080d972ca841175b343e59fed79ae3cb4dbb4f0d7d463bd3e0c4b2090139145b8d7db5db10abfa51dc909c5cf7809030d72a5090cdc765eecade2b365f719127548ca601ae0d21e402e18050acaed30ee13cddadacc9373a87a218787b585319a7e66fbb13851f7ad0d2bbc1efe6efe4f7ed248d844f58b6a5a21fa9295e0044982af6286de296550f72b5e416373f1dac006687ded1e7d40961e5177c207579f25e77be808a6ba33dce8a2a6f88e97ae98ecfbee5296d4a170e3574d9ba592a384cb0545bcfc32b3831c0b736ab77440722299f192dcad519523995f71f2983ba87aad2261e6e01c19dccae00f8d6914501d1ac3d4aff0c12fa125ecdca34dcdd8407f0045f8e8be0763e19eb007ed4dae36e30afb07f8daa7431b72f4a0a8017b3fde27123ac3e8ee575f8be310f68f81b696db1fe63ccb8d32b899b209b2205956d209bd6e48166bbb4372a607e83c47698db5ac8f9b40d05f38efc4a4a1309d999d5ce1e1a5828d56eda4666995897c8e6362d0b5054f04bccf79d03852d1003c80ccd55e9f4578d8bb2c8e220a4d7a4e2190024c85c718654ccf174ac96c1bc50ea49f961ee7697c88e6bb718679f1d1f1118376b31a4b8c0471f6d7aefc5ab426515d1b2cf0eae66246b3c4132a63c63d7e33eb9df8d8807215d58f46ee832ad3ec893d74e00c73510b9625f62d4eb5b500eecdbc7d088d3d318077a4a0f7d64adb13220232c08da75d23ca7b20cb109c972b7c159863991c32508339558b9383ddfe7e7dda740e5bed0ebd14ed300c634db01f359f81a7133669183eb187c17a2c8ab855bfce73e34a1f59adb0ec39ec0c7573ad3620a819333ee79d5e09cb8449f91923ef4c5e21549eb7f56075c014e1c3ad2805e682f07ba8aa265745cb600a460069678745fb9638f6709d62d2dad8defdd5a4d0c2ae7401292bd1da5f40d4cf5d59a403932ffb677237ad74691cae29fa31b955172efc5e83c225f2dc0430ab0c909a97bfb468ae182ecf91e9026de819f3440fbe69b9de26f812ff3f3ce8037f124ab368b1153c1cc127d140f754c525d4799e1a19d93b90460e6518f0b6936dc6310b7e9e6534b595e00225978214ee5aeb12a6f45b5c73fe86771818843ff7a6b88379c37165d9dad48affd6fbabd11b1fb90aa5a78918b317c5f9b2ced6b9647f130da9f91e1b1ceb84f6e1618248f06d654e159f71033072f1517064bd96a5c138402771abe7f39f53a798c2423b748eb7f310485d6376722e204fa33b9740e7fa68364289a677c5c78a19a7707d2549bf9329334478c64351fea1634388acd4be57e4abe9374a0e999b770cd81b1bf4a8ff300c297b116ceda1a4a1c1bd5a2275581a0589a46142139fc596a1406d16293076527cdf9aea2d0919f9678423b7d95b153dd1d9d62b72a12f6491a36604d19e7bb83c476d232769425557d3480623d40b7ac27c0f67d4ed5ca4d487be915a68352dcb03a3929a4bb795248ebe2fbe0612833d9305a0a31d195718bac193fc59b880042a7f61358104a919c7e7c210f02a856b8b1057dd8527fd4ae1ea81f9e1bf7c614ed8a312c95154873f86632cbd60c65176f13cac695bb4c23675331058397d6e96e4f9deeb859e3937553d94bede3c2b9a5ebf00964a49ab294bccee09e5a97381d2375941aa775a47f726e9", + "sha3_256_hash_of_signature": "333abc31baa5866527f56c0b7be16844684519e276046bd4e30f881ba04cea1e" + }, + { + "key_generation_seed": "a62875a3a6d305e120dc7975962552126cd844554857c2943872a4e524a6eeb5", + "sha3_256_hash_of_public_key": "ee7aea3ffb4783b6e8ab93cf190389a8d4b892c0a42515b9332ce101c93962ae", + "sha3_256_hash_of_secret_key": "c3c0edf520a8fe494b7a649e8281e92f8bbac951638c0a7f9f902fc620780539", + "message": "047e2d484d798b3829ca6037d6c1588a2349de09c5ddfbec987652cfda01454ed791dbffa3d9da13a35230adbe1b39b042e3c70589658a03f75447c1cf3970dc10fe5a4a9e980f2a33b642b42e5e66e9ac4e7a56888fcd72913a79489b5b163bd37b8c3c8d242ffeb37d0c1ece21034be9e3685798c2ebc6b809defc02c6f0c2a3ad70ec0bad12d57add63ec3584ca98e680267fa514b34de4147c9d901b59914d49ce9e0f885855ed0ce7973f3307b675408f90b51c6a4d38a414d970eec989cc7900d7723e19acc4ef743f6d39eb1b563b8c13d42c0056b6c49732854925b606467f7bc662d17b924fc65e9c3cdc2ae73ff73040011a152b05ed7f96b2ff4cc39a22484af72812ef02b08ef4dcb64c8936e74549afdd5d876027fe2b431e61e52e8793888473f4c1e5c1bed2c4aef8e5e300a735b302474fc6f54869984f1a62dae29c7c9a0ccdecaa55fe137ba14b5c5c121e0c5eb33b035e01f3415529e0826b27498d7a71b0c086bacd140c02a5948aa54799d0dd0ffd384c7e68578247fa28d205b18adac94f7d3c8acb7daf71aee347b577d97ee8e7e865cf4fc1c16640ad1e9d0192aa13ae81a71118408e145b6121abb75b4bffd1d403057d4ad5cc730452475a7f067690bb81e81e17ba8dbc31059969b20d387ba59ca8ce499e59a65c8583f29cd539f4f75ddcc68c7bbbc43c849802d8347143e2fe78c1ab6d7ab6ba9917301c88386b294aac995c24ad680a8c3bdd7aebef21e84f5a1909a2d83a8dfe46a75f4b2b47614cd39bf3ca3460de9bb5c37eb7349a17ab32214d031ce927806fa394470f407673b0cdc3d9a7e3749f09ca895d464a4269682ce6ddcb8fa0ec2f05372c73dc3d06fa6f58090efbbc6d619a7a565d4efe441ad7e018a7f5e1384b88eb4506fc54e0ab0a8b9ee3641760ffc08f6bda78c12396473d1243baaf6ae10316213115441c0b65c7e475b4e1578d066a47d9c6e92fa32d0f2c365fd15f5a2e88a81691f039dc642ecedb6652d08acbe64625b46083ce758fa96c142eb34477e065aea04a45ff4fcc3e3d146acd7041f5f7e4c6b26c8205be7b66db46da55556ce02b48af55a4710bb28b8ce102cb15c1a4af59d9a17a2dda6e2d1e96987f6aa9f4216d8d5e5cbff7e2cb775e83a776063a4aaf937bf0ec84149ec1a7ee21f735d21625e85831b80dc11ebf04f30b13e3a7e4d4784c5f8c61c679e0b6863958f42ed31deaffb4c272a3731c1407445ca7673d225eb6509469dc6c1f0af43eb00f18b3a210aa57d51169f2a9fc251bb338ed4e9ddb19282dce871211d26482e13a8d533dee00d36ff5cea98dea72d9f0b32dc398a3d5537a3373058faaa3926c127a1ec739faf3d57cc1a05d578074a3a72c3f2b1692c2ba1f1ffed943e7bfcbf1e664c4f52f7bf8d86174ca8910c290c06804a7748db21008ac43e653d7fd7e0c982eda9356f68ddec26473956dff281f7b767010c57f4ad09a05063a6b3ce078dd32f3de1f40526c06a2d60e36e2c70502d5bebfd2f3bfcacf8720cde1657b9892406baa3df01e59313eb655b6a545331eba01bcdb9c99e4ad7fef7438ae8715fbe589a2f99cb9ca34b9610b3ce5be38fcf979240698174348417420aab069b8ad5f646f82958a136dc9f2f81e601056bb4ab5e10f4ebc4a00e18924c51d0fd104078471c6805c49d92c78c832ec3f10d8966e19add3d3b4516e12daf4f63fe6bbd228062db743d1f867800854f7bb7ffc2caa0d01a0bb683e368673a8e664bbaa17a8c0c04bcff05246f9c4f3020510a992ef26fd0933bbfde9d042862dffd33a6465f590a2287d8154777a89724fc3df9f2f1b1ed8765e7c7b761ca4781006822065703ade07a6e874e70928e1aba29ee490690d24f6e73d96b85fb53abfd1c1fde439279e08fa232043b2344b267cfe5901c60e7ca14b0c85edcfa2ab90f341821d2b4e25fe23129f2432db932f23b5957706a433b308fb918d1c8d81eeb399babe95e7229ad41f30460cf28671a4508b0bd1c61f48cdc23587bb9bdc6f565e76c86547cb71396661bec8c7fc2223751f765c91c45c674c36b49aedef3df2537f888904b507edcd89155d40cb81dda74376bc9cdcaff8a368f1086c99ede25526bc53f95f4017", + "sha3_256_hash_of_signature": "a3427935ea45bb659b14fd61ecfbf9a77333e813b8e1e78003782c3110a8698b" + }, + { + "key_generation_seed": "76ae71ded1f9e73af77a2feae4eef80f87414dfb7580fb4ae0325bff20d74a5d", + "sha3_256_hash_of_public_key": "a0896864123b996811456e9c4047e68798056f5434130bab580c37e6ae22bb4c", + "sha3_256_hash_of_secret_key": "66f34fd9493e7d5f66a1d4dd79628f2541eef3724081bc99a66721f821d3deb7", + "message": "6a58aa820275a2f43d0f05dd0ee484af42b665ffb8f21db322abd256a5c753bc8ff6a2c71467922e09726655f1a7218e736752065c871221c0b9dee6a9d56b78a1c3b7357774396f6980226dca1f91ba828e06bbf324d5cce8d584d9d298261c7149899fc9f74d501e920f22aa34706a79213e35914dbf57b9642a42ef0d8226e31adf89d18c5f3163adecc79172c95650d764e3729edaa08c207d930c26df8ee1291c1cf889283b70af00c0489175f799273c837b281a5d1284e4447ed72598efae23b523274644da19bc0359ba59e5be9e5828ff587c335e136c1d789257864d2648ef9c03d1c4b9809dd07ceabd865254d3d8d597587d71e374fc2dde89c22c2330e8904f6b53f637348434a21aceab9892d5df8ff84cc58229782bed739bfb13448896f7b1064b499087f7547cfc0a49272c2a670a9431b1b5a07284b6749ef834510a3ec0c61a43d5d0eb48c8f487947c4fccefcc49deccb6111d617407c76a1b4a849c9a190310711b102f142f9e9cbb29f46447265e2c8ddb9174b780eb4a51003fb68483a265f2475d5bf6ece18af0cf31bf24cdd56583e777c4340086917b78068dfd380466f43d020e285ceed97a467db96bfaec22d80b4a6ec0dbb98cfc44436a41cadc85a90b214f00990d7b7010bbe4ac94809a0450c9abee5aa4037a44b0b4debd264120e762086b8d6f17afd37086c93a8a368be97e0f7546af16d731c21878063e38df3dcf3ade6dd2daa43c198f49b5d9ff5362333f29ec2f13cbb90dbe4e703edae9a4f7334a1c5ac60d5972c4af2ba61b63c93bf719854e615d16ba4f704c55260a8838679815fa59be08c4243cacc1a584cc1b4e777fcdc6e5a167c4cc9093749ace4836ae058be89cca3221a3f63f07089006e4c44e40653bf262945a640d8c2a24e7cc3529e4be76286c86ca2089cb8d4684508d1fab81eae7d8c731b65a22700bf9009a3190f5ed837ec22f9112383422027aed838f16a7740cf79ec101865d320e380d4aba745acc8eed376dc5b3aabe58debc35f8e983c92906aa2e3d8fbbe237325302e2a23cb1312ea7f532d64e79b9815996d28e0183eb728a37e19cb219987576c142f4b2f66ac6c7c77028ed59a8df27f78acd3910ddfceb88888b4a604e5d07ae1b53ea6df6ec2163ddc4bab422d2438ffa543b22441e50e4087fde4bee6d79d90a2f72548ddc41c5ae07dcc87666ea3c4b89a0b14afe03b585e7ca507e5f29997f2368b0c68c6ab6e344c082bd06ae922cd8089634918d9132df9cbd665a4149c59bf76b0e94f66481766fd79054aa80c02e0ae04a6e2be090582171b2a9af455cd9fc302ca9d1ec837ee26e0e4d0ac8f0692cb9abac979b58ca92e5194ebe46b520125bd0b3ed1ac2bd817d3510e33cfd17058f865dbc64e9b99352b6caf10f0a5a47449bf927a8eba06d34c80d77a0b00b88b25a4c8747aadbb11ba15adf9c959b05c4371cd8439fe5028e004a2e1d2f21190466fc7fd56e9ba0599a0eedd98246aeb4b85994787b7604cb52f5515b42c2fbd4b5e9e372a36cc4e66483dd884dfe42aaa5ee7fab200d8ec6e3556dde0f9e9c7346f9967f8f3cebe1e4d1cd8e6046e5e94bbc74ad3d51db0dc704f4a4025383f0391b9da37bca8ec59e807593a4f040fbb186607280967e5048cab92215dc783d9045f7a0922008628c771778661e97e9f88ea84bdaa8ba61126f71d193a2a564e3acde7adf2c0b3d5b022eb6e0c629782b0025c9079d4545d88aa2ba27d10c5dcbcfb7cf648939155066518878cc54a4f611aac21bd3a1ec628d3352f049915fca55234b9146ece5f78fbe7cffb35695363202edb9ec3501a93b4b6fc81b3dfdb5245feec8aa54195262c2467e15506b7d42a7ff61d75998722d0208bbfea05ce7d2e66900a9b34f44c2a21257c220c03f9d6d7f0312a36f5c12da20fb5290d5cfbc1dec7d05c44820885c479063ca88783c5aa128829417ec4dd41cf83a1d991df2efdfefe375e93f0371695e353ef737f4a75106211a5f70c82b4f360abcd078c9e829c82a6b7a36d22b8d1f6e3101ba009c759fc83999d52e29b387a8dc1658a43ec4c4d9330a4ed2138e035ebeae6343a76a82849e37141fce34e9a41eb5ef88bbb9257017ad8696c3847fd77ae103a082ed1a05de9420984c147aff927e1950244912079bdbe5cc07", + "sha3_256_hash_of_signature": "226a3ca4cd1c83601530a0d4deb13510c53ec22a831c623f99a44451c0859fb2" + }, + { + "key_generation_seed": "a8f65be046001a6814f537915be3f03f3670e1169e4aaa6d7e726174acaec77c", + "sha3_256_hash_of_public_key": "3a9a23d372b6089f26c685a4a9e897479a2dbee96e25a81e2aa92e0c54c9d8b6", + "sha3_256_hash_of_secret_key": "71be0a804cad11b090ed10c0521d2010a93b657f06d130d6b305e82e0e7f2085", + "message": "139ba17ed7b476dbb1cdfe3c42b3a57af5bbcb3be19ed04d6c3072fdfe917ecb9272d59ee89ef83522531d83aff8b9934a8423315c350d1481a4b02980dc29e1cb83b76623869649ac40ef297b153b679c327bb251c6e6bc169c48aba2a439f9ea24ef94656a415c3e86d7bcb43cb3717d54d773f1937dc8b0e02d4e6abbb1c83fe73f1b221c9a359e454c19de5e71ea4cb8c560eabf1da133ff20d81785d2ecd935b99f24840761446c324df81484c5c05045c0949df8d0f10f942e1b5b79074b358c25b6ec2b0b42df65d998b666cf1bc568e7d737f22ff541807be95ed85a9980e940e24d2c506bb0f9bee32effd85a2017de694f61bcc2b292595c97ff4c2145e48af8f0f3d71763b4db433ed7bdb8dbf8643475fb2b9155f0cc6a0048c5546900792bc01eba4b06c83a0c447ea0cf05410de55acb8e5521829c89bfbc084cd86e7ca3d701283b70f78e1ce9c3888ad2689e0ef5593d656285066f319e155f86c0a71256484f42a0c40e7cf13af0cf77c6d1cc7231a48538e9060a7863b774c9cc65e321e45aacc002c0170eddd18cc1424159d46bf99d08a28d2dea8917d28d91a1d6c409d945a5eea19413a1adca40de9458fa6bdf1e5308ef9e67e1e90e9d92bf19b5351fc49dff0a31e035038aaec651c0f20f276e4ef0ee35c14bb625eb34205516d95abeaa06a7a3bb3af2f12236406689bfab11e65fc63ebc5b944818dd1d53c0e7b88ce7aebae581d995ae7d8423778dfe20d6cea7ac0b1b4efe2b9d571de77bd8f71e89d9f6a2dc89103b73625887ab376bd12ce89a65e6280515a44a80d6c32799669260167da0a214ad0fb803930ab1952d93360b54433ce8220b29339dcf2702581e88952a5a1549dba11f4ccdb6fefd6d24522f3207796c8d5ba9d1582f888f2500964f2b975aed5d5af83409ff9720edcf5ce3fe9b6b586b08de21956e7970d8dc28f6208a80f5378ecbc506333a1d98c58eb0e2eb0cdece0f5d16a069ffd742d1e589f546c4f2ea3da0a56f984cfd93f5f2912fb1d068f2bd7c1b5e979abcc62e3a0164445398f5c0208e82b99aed1200d36289b1fdbbf03e43995341aed3ad712cc7c7530c751b40b765073ee4e4cdd411ae543ad5e2793f294320e9791ab35ae1697f23ebfa0280b8041859909b0089c101d7cc429408fabd2e073fca7f2c2886031e9f6a32f2b596a799967ba8a47e87dcc8854d45ddb6de39160600eb4235f4e3424d75ddc8ccf041aa05b25b5a3811540ea5b77cd8d7d611a63bef5c26d57475b28e961645aee0b9c8d47954faf634017787a21a671493e7c5f1a4c553e0a68ddd726db1ded4321dc735332fefdf2a84c22097ab3552f878e304598ec40eb349e1c1ae416f94112a2cf8e8702a4c3bde2f58245166550fc238e153d10f90652518b1d84ccd3ed836f150f1ff103976e743137da5a97a61276dfb0c11d071b240069582265a9cae4987b6c6b017dcd1594024d7b1336ff141e59936ec4ce5410e1b73ba6fb42d35f8999225cb1a135260967f4f6ef2172d53fa6ab6d1a2e3174b46c24bc103baf69c2128f093aeceebe8753eb352e2804ee64ae5140df1acdacd8f225b3c9a61264245b8e5cf759cddd75e25e2d790ffae8421515e0cd6f279d0080a3f80bb2e0729c0d2626b6ace31ce20bcda490c7660d04d1d82e6403000578926c52d8f9a4be7103d64e0f03e8f148bb2236781ec30f6d8bc827c107fcc40f26ddad485e6135bdc3bb331be139a07891717b692e23312d0e5b1c41f30c3b4b4700effb481a835ab54340269fff365ff87f58245621acfd83b7fcc6ff108132d8966f9836544354f7e216fbbb851f390dce8a72362f0454730b90d35ab3859763aee35668310fd501c7501f4599563006aaee9b636b676f3dbb6787317885b0f4a64171bf19cbf2ea7a625e1563032c196e1292d82c7484817dbf78d8e9e478fdc4c92cbef48d4cb4f0e6dcdca6682dc0a56c3e45ea0350d9ff88073748305fd7df3a3be8c055cb1c55167560d5c99345ba80c21ce791c4a511e384a02833b78e8aa02b1b877a9b8d806978519d716c611df54ae8ea2691540e87c6e79eb006569e02745021bdc7852e1fa4177e2c3ec89257618b38719cb07b0ba68f600236167f019694959c2ab6fb39d5890cb176f6acc3b9656e495c07027e3d4de781f48c1f1a8aa1b41449689e191e495ff3f263ddaaa8de0df6f1a4aa3ef1f5edfe437bb74ba", + "sha3_256_hash_of_signature": "2eb8312ddc3a46dd1d0cb32abbefcfbf521d179197331953dd5a1b67c4792977" + }, + { + "key_generation_seed": "802e08c14f6e3446bbf7f4666c8ddf7755dc718c3e02b7865ff33e9d8290abec", + "sha3_256_hash_of_public_key": "51b530562b9bed7e73eecaa55165f13d9be3d31382daefc8aabaf3b39ea6a676", + "sha3_256_hash_of_secret_key": "b517db89a0bd001a4a49086e89c5e33d8a7d0cccb4398c119c4a7a147f2f5e80", + "message": "edd4da833528b0511534f77857ffd16eafb1a2ac87e6844612dbb104b9f32025b7f54e993d65ce85a061b6ac6d70a15bb42bbbbb6e2e21aea55bb8a556120eb15ef35fd9774fc7b5c2894b747d3e4965b77dd8d5b26f38d413662783dcd332765b4de534d08d6514ca9dc6ed7f2bdb4b5c437178710b04491708836cf2cca08f28582107d27ac305ede6030b1f8aadc4a1d29ad16cb4d739d8f813d47da715cad6b5cde24ea95dff4415b527dd900442d9ed1ca712c58b206d6e79f8aefb882013358bc578638225be79b58fb677277f072aebcf8ccd6ab61a9d98a3b260e60aa625d78058fae6028e4c5562a0f3473c3ad530bc4471228f27502a8f8fe2d1f72022103c3a2dea363e68248ed8693b3b066b495561cf4468e8ebf32b454e54df1766468ad3831d56ef7eb9c231e999c4cc3a6b0ebbf2c4f22820e256f67497427f53ad22d42c9293dc8682d0be3517b63c6e871910adbb3406b6b3b1cad980aae47bf9686e80b6e5df2daccceaf9506b4667271779d00b4c1065951e21f2acf6cf3cccb8a633d1114ce9d531d94420e4ae496086638f031c0baab5722a41a66788d3885efc7fe1c3db54bc69e35b7489a0237a37afe5194b5f424f792cc1d696098bcf327d87ebc50429a95ed82105c4328d0095a9775589fdb6c262fa51ffee4d99c6d1a68fa661d1b6a0a2e0693d73b39218a6895bd83fc1d54831b7df146fe7bd2a91b979018787b9904285a35922e22a7f1761bea541eaf21d74e3a2f3c6f2247b042379ca4c553fd9256dd0c63e4c9dea60912d02fbe4ce7762069a86cde02a4e1e311b2afde435da0816aca659bd8c0650c1f118c0ea3622d72a5e96132f8b0ff8458c757648bd46e58195faa0fc4ff8fa44238e35a25c9807b6229000ee560d8e085f27375c2f659baa5fde302b9529bf4699505c28de33ab5dc2b8c02967947cd24c6a599acb5c2d1e7d6bf3bccea0253fbe11d8043fed532aafc9ee1151243bb80b92be239bc4fd1d1caff502951205f2e6393b704e67141e1218963f664fe0759c15e6c0a1b40602a73990f040502867a9eddbd4db0e554aea4bb9597949d5fb32c2e3af92cf7816bedad5ede1b769c823cabdefca1d1b85213c79eb03e065146b58e3bfbe80b4d4683b65ad1e0611372729b99a0b93934d52dde40c19fed5a2b3dc3030e0b5f26b66474a5cca6d741ab294bbba6be516105c08bdbabc97bdec2141d035bf6c3a71553d6f6350229ca2626b8b0b56a24f2d6eece436ecb77a70d747b6a6f830578b4792de533879b174353424e7d0eadf6bd5a74b36a4e6ea7e39a4215559557bce7a00faaf0d1f81016f913a10f3c9f406c7cb53282ca8fd5fe4f5fabb96f891583e0507912ba02709764694296a5248c340a1b9ec3db0f926f438ca96fecd40c4ad8daed9b8a29691601835fe14283762236ef2135443307e5f0082d1c2180ae96ed0dd99a6e9172088e8b94aa2952ba5e128b202b2cbc1966e69b6e6384820d9ab624bc71788ea84b4adfcfaa2efa1ddaa8855d1db3f58eef2d54fe11a8a5d78ed46b58460e6f2fba6cb70640700a4520aa1a2a9b336aefb17cde8ac78d67f194662642a0107ce38b74d731380a72ad4a0a068f09e0878e521f15ce8134780c3fd0cab2dc2473448654f88bf1fe2020901b90c0ed670866b1bc337881292fba885fe2bfef6fe74765ca12372c8cbd698ac41a4c337374587db15affb511d8c224f1743498d7173897ff5b8d070b89592bebe053d5c10dce67ca8542781ae749f3a42fad7e4a2004a565f81d5faecf11115c270155fb8af6aeda138b9c71458d6d2ff63441130ee9107c39260469521e020d2b42cb5a51098027f23890dae8b28bf722af9aba6224e02feb47e40112ccb164e8cf174bc9ac4c11af9b482df9c9f7f5f1b826428c21be395eb1f07de511e8258c84f5f035f4787ace18c190808efe99fcb455a54d366dde2e230b575ed5a4a75d57c9a38dde3d91d0d1a1c4de7f277caf23e0c5dd8e3b693dbc66b6bf1679b0af74a2b9065b64cf0978115cc456af685b22d85135727a8aad96338611dc109b36c85a92e4a0180aadd1d25c5b3d4c681a44bacb953e50f994fcf5281366cdec0cc50976074d91840b5079180cf643184adcf9e4ccb44328e7bb9eb2bd06dbb7a757c35ec3dcf795a5e05ed250159ec453a1692426f624cc0737f691e475804f155e44293151e42d3c0f115ecee53c6eeef69788f7e8e5c422bb102237499f2638244c0c080b3639a49ffc1730ebb0cfd8a46", + "sha3_256_hash_of_signature": "27892a0d5cb4d37e2ecdc331fb856f1afd1eac55858dc6b7da75e7a4eff2ab97" + }, + { + "key_generation_seed": "23d7a85a824df3d904a511281a973c979f67f5bfaf3ab0546e85d0597f91120f", + "sha3_256_hash_of_public_key": "a5460b75b407b8228d734759c76b3bb297693600b8d6edf4fab31348673f3385", + "sha3_256_hash_of_secret_key": "8444c446e7189fff011a76fc83e3c95b1789e1184f6dff0a7cddf050323bfb5c", + "message": "d868ec985f946f3c31b6cfe4811ba530eacd0ed061ec383c203b2481ac697b8b88bc0f72b635027e443ab1f54478440de16e596d30a0f1252e0af54c0f382bbf5655bea8c6b9a2f6382d003cc7e4d4f223f8e35ec87cc543ead52e0e1ed956cfb32e8075715c07ca4817c4b8dace68c8b0da459271746be41d6102b3fa5e49aee8d443e78ad3246d0b9bccf6ab7cb7cf72b8a847ca16b435f0618594400037179441f3bf524231f747d920e86506e84c61d4d038d42e82d52d97abff896c1db1c646807156324f7b68db620ee435c7b8c9ac8b193b7c892565c3631e297495bd3b59293f9a9cea5e29e23a242b81dd05c8dc9dd669424573298c85870b109c7b593bf864b56895d81386466ca5cb6071005781fb214f1eae9672d0d16351a627a3faac49be4e13d552340328323cdcb4703bbe07c2a39d75d7737d5c1bd04355b8694432dfb7cb4f1901550c7d6f41080c0f6a2cc49d63a69243d137a78260c06e7a53aaf4f4b086e0220ebc5361a6a78c9b2ec09c2ea4ec45a41065b4b2daa866d9babd71c8e6cb378595f068edb258b2ad1f420b304e5924ebe273ad6d00684f75b6a31dc5290a37d0f9a848b1fc4a67dd9a4fb1f9b4c6cd45e87fab4a09129c9ab95c44703b75b54c9ef9e825928aca56527d79b338c5ac639d0265010f3c085d2b09aef0e4f55d080fb5ff79f13e8e4e8db020f4c095140d46a93f2e4811bfbc1393ec24f6b7ef31f13623df0360b1e335fc42098ca1efcd0306c5fecce942f6e299ac9ed81054fe452d3f63991da42d5680eef749c02fcba78db5f4f7c734c6b4d99af79711a0bab723c24364ac85700242878cca93465f286d5f7adad7f68f1d38cd6c6e0575a36f1e5521e420d348d947e745c2355fb5fb0f12dc6fb5e9435cf8e552c174a617151af8d5e7d469ad5cd741e16eb88ea6d7c5806b08571697d22a525c2e30dff608c921b955d2a990d9466829385de0a81875be564942ae740d15ac0af46a876426ebbe481738be19be06f174d975ae8dfb52a94af9a77e56267c0bb62169165ace155041406caf507146a02fb760629cc4c0e7d29108cb7c779455a3ef359bb6198ac75e16148998c16c9410dff2dae5f3c79da61d371992d4a151ba91dae8814c81eea4f78d23871326bafaa349c8eb57231b590f1ac13f599df5b39df36455f05e53cdc4d025410e8f8f8bb74854fefe0c4f790f58434309d36c1e7f3935d4f896368c91af95ec2df292ae3166b83976abd95089b05b461d4e9171cbb4747f3cd9bab04e5a3b98095754021229b4b820ebde63e463f2ee479fbfd83cacc61878773b129cd4b3e9afbaedb27c7fedec2f2d405b99933fe2c203d9949c567a7752aef8a7788d2375900e70315823daccd4f2a674196835c35ef813826b310346abb16b0145cd70fd0a04611ed5ad0b8ddfca6eba6b93445038c3dd23d3d15e8899f9c889af417e5662d538e466447e514a8897c21fe0be2ef18948b66eb04051c0bc961fa485422a66d649dfa86d4b3dd504a89919a9928ef96fd467713dccc1f19ee69ce3935f0416d9c5752b7dcf9272d2db86c3eb6f4897d94ddbef7c483fcc66232e535a8b0a5aa4bd443493fe539a32d433d9e89f7758db5b0606a96455b39f92aa788fbbe43cec8f1d36fea3adfd0353ea5532b49a7286381d985e018e6534005f605bf67ab4aaafdcc499ac0882fcd9d90bd88053cfdadaf466e536f2ffa7f18b3dc254e42fffc777e0339181473e2b7fc844b687eccc0eb543a54211084b1ec06b0d9eb0a0c96b88d6585f414873c13ef7002af2d47d5859a23d12a7d401ffd4bcf642db96c70fdad0cb03a6098437795bc9c7c6c804a26225eaa53f52747f01db4e62471a21dbc1ded9c4de2508812ab11f61f6364fcfeed445ffba549e45e641a80fb4b58ee20677c7d6cf0526dbf4e26d9e5afac5429b4474dffe709d09d766542d65e668d59c836bdfd0f78b846bc412f29da00291871d94bb5e6557d833c8db3d9beb37888c3a70684adc6b063fec3d847c42e0ce20e05482db165ffac5d1f2c661b9db6d19fb3e8909587351b25f2c225cb26bb137bc52d04ad8157f7d634f29a3623b4eb53b4ef9a78945280bca8c5e1882fae373eac69ea366e2f13a9fea75a6b7eb5cd4d9eb14f68a231bac780f84200146ce7795282952382e2393f0c2a99de830d3aa517dac4ac97f2aad3f7f8e3b49b22b078e3708c9cdd1b2a2a129656066c0030d747edd646384611d4eccc5b0b9df4852af7bfa94f6dd7584f6285ca2ea7ed3f8decb534e6d31d7165c609fd9ad235f5af8e4e8e58fd3d248d822c202", + "sha3_256_hash_of_signature": "a9ca57f779aaa4d8cf49943408a3840202b7444dd015d81cc391aa53ce24d409" + }, + { + "key_generation_seed": "771cbb7c9fbd9fc5db93e3e4de6c034e58be9bade93748c42297142124696234", + "sha3_256_hash_of_public_key": "048239a516780f2ec569c426744457250f39a11fc1d402e644cdf2ca937c6c35", + "sha3_256_hash_of_secret_key": "f84276120d00fc58dc6b61bec373ceecde15f3faa3551c19a518725f4111eb4f", + "message": "4beaf8cc3a7c393932cd37a2cd8ed790f05e4038adf1287e2acdcc0bed9bdbf92ce44aae95caf4eb142b858e1421610eafc47de566182835bdacd4c836f19bd686d53c3834efd928487a2ab3402c2e3ab3af97aa802b05223ca6927722c3bd1fe3f8c20f93c3951f907314896cd21cb99306fd7e5b6176945c2898b10c1df62fbb2680752cabc8980b5a0430be39d34bb7de9544bcccbfabab709c11bfff5c958c8763d8d5830235b49ead26c834e63c3f3f2d6ba944fd2688f6350ec99daf4cccc42c6be1cb19dd46514d71cb6e887dba80edb580b27f1142a20ea0d497e0336d55f1ffd4bb3d4b3521f0a01c7bb09258971d1ed4a98ec052b24776623d7b9a83c818795e3989eaeba8c9142a97afce855cc6ac0aba15f0546684ab5c2f48b23bb72a88b6af2ba9c73881103cb6fa99e3b03119eab03bc3b9bc365efcd7b9f49a8bab6a34a00aa8f2c88d7bebba808bd97111ebb192d82ad244e18bca732fe6f72fde5bd533e4bccd3f50332dad3a4169ea85c324d165413f10888ac3b21b91de09fcbb9b636ed00faaa669abf6429b78c3c04f239722f31fb0b1a20cb1a6b553908070ac13521df66772a6036e6695cf66b9a90e2111e499bcbf5dcd19744f43deb943445248a5e84f168e7bfea2dc4e1d0a87fb4140eb7c72d2dfcc27923206054cec870888a79938dacbaacf1f122b22ab5c9701d777bcf9809cebc9b7aac52468134fc4a92c2baa9b8c0f6249130a50337f460a42cb5364a5e7408caef8d12ba6934ab645de9832818f9db71f5eb0b158de6a76619e75245b56020e1664d8faf1c1782de4a688d4055e07d842410600e9454e28676d44357853ffa7740200c91eafa16bca21d0006f47fe8159a733e0e91549df434ef316e1df9bb97da6a2c2e2f20a65b3c00041a903270cbb55ae2432aee25c71ce73bc2322ccb8e5bd0e24820616a890b0851d825d79411c14948dcdf48776d72565422056fe75765e50736c82f71270bbcf229a7b7a45dc88aadf4f84238c896dab889e16c17db7be551ab24873fda82f102d0fcfc139c9febe9fa99819cef0e2684dfc5c843a6d496d8a595d33c51e1fde9a84059c7bc596d32d53e2fe046f23fefa51d13f9c28e227f5e24429b851addbf578922aeb0c5a61bbb666d11d127ba45c9e6378c70d75643de776483582e034e81fae0a3f029c47fb192cfa018ce1f68261d77cfc9e05ef19438e47f3de9a68c8dc09d07b1bdc6ced69592623750f72ec2fb8c5ca981dfb84b4bf0734377ee9dd8ef5ddcd96f438d30ab78f402ebff2163d43345ee8ca119f3208e21aa3a2185de967b475b9abfbc86465275f9a634fc22015e94a298e9c204e9786cb1ff14a5e99f942d42ab5df51ad09654083df0259aa1c26a760ccfdf4a276600c5fd3a54f210b20731941eb48a79435f1f86c45f8181d9758a1835721b87d36c725878375febcb8d48ed2ce8892db50965753a98f4e7110281db40ed64dd8eb51ab9ce41042589152d8cd5876ff30536f8955172a7a8f5c3f5ffd22c9954903136f781f0574f45f909bdf1657fc1cdcb9c4689f41e462c8d39108b10d78b6892c8775fdeb139258f8130bd1d2a1c72b5026506409f9862aa8729b35c652074494feb84a553cefbeed19d6ee94758e800f5fcbcaec19b6a00f33eb237aaa6fc0b3a08c1d8829c180bf95e7d05f919a929933b7a032cd20ace82aa5a45e5b2fb09812f36974b5eda1b387feb13bd49ac374f821341282c8fe2fb0cc5c075356833ff8cc6b648729a4298ecd73bd0ec73957077ac65722d0be23c1536b8db7b0506dae47c0070564e7d7f9444f47b22c679eb8aca4826f974a42043863e498e5301ea162c4e96684acc5ca26ccd083541bc4c1d2fd690e51f07fb08337450a204b0f4f2c17785e037424fd6e78746764584d5f19255496df1e524bff0aac31bde9254429565278a39ece4627c023edf18bc21bb523d44efc259742dee9ff7159d5f700d957ccbb505a88c2037629402c2a322d17647e430777b184ff7b4e8d6b94724abc36a5ccfac08e2479e8310bcb7a617a25fac6efd10d0a07248f7d4597f14309b8064fe3bc4a4479f905e832210d49363d1e5d58176dec9abcc0c5132fd6eccead2b05b56c96ecbbeb0b803e43db2f982ad9efe1e2a49649ed8e42707970c93615d54a3e673559b996e48a3b73143ba0884e918888156ca78f793dff990fd721de0c0b7916a5ced736e31292c5af062d7ccd83fe653294fac8c50cf6ba37b37d5a9bfd1e3b92d1825c1be0795f9b257cdab91ce99c0c51bdfcd6c0ab5a3bc6e30f884ecb4f1f61a3259cd279205b2c21cddb196360061758e67b1c3724f5cb6311eb4fb92e6c0d71e6d1ea45", + "sha3_256_hash_of_signature": "0e7783d4a0a2177fe1ddd693eea9cfc7f4221f96766ea1600ef052b7f261570d" + }, + { + "key_generation_seed": "fa812d8cc3a9631a0239474eb93ad3a2a3480f2d973d3324228ef92a3b043163", + "sha3_256_hash_of_public_key": "7c61bd252c317b44e07429187367d03494e47a90dc3d04d1f8c19a4bd708ca5b", + "sha3_256_hash_of_secret_key": "f598737cde45dd2723fe5501d177be0fae321ba2382f672173298d4de2c10fe0", + "message": "0bf9a7c0f63cdcf3f850ed7c5db6191eeefe29e498a19f9d89be4698821abd72edc34317b4f8ec2736dc83c24ac195bd55aff00e797a83dffadc7970fe53304f16f5dd92e6ec362b9e283e41ebf121fb2fa2a3f60124ef3ebf836ae51fdd55ca9f59b085ddd660724c072b86041b50a3a446cdb20a45ba65380adf007e005df2d9aa16a9d22b11dcf6f0b1964f04f45441a923691a15d80dc85003b9ae281f2b5983dd1a04d80a4d9c4372d9820bbfae3af7735e7c71e9f085c0a6e4bc107d9e4ba222b38fb236b2cc3a19dd6067beac460383ff2bcc771a7f1aaf092fc72c292fc1d5c6fc6b9715f1e1272eb22f8e0b33a2830e31bd6c531677902f6a95cabc3e9c1ae36f77037a785fea355137a581fc14e6bd5f1f7ad1a5dd19dedd448b47b558c22dd0fcbf296a812a726e7d1b57f4688d3f577104cfb15fc63c27f7b6051c7aed7d645186fca63ad9c2d68bff442466eff76bcf0e398d2bf54c2ca4cc614839e9bca48ab2cc53865803710a98d313aff1ddd06a65680eb83c640052db807eb2f38ed0cc211128044d331fec3e6b0b2f3b675c631fdade62c16d1719278413ea3f8e54ba34ede7e73f3d94802d2f9cb9794d257c46679a3f00015945903190b97071f8fb55f8696253aa3f39b3fad344fb88224f5313b43889b768171895f7aabeff25e21e525ea01a996c764a3acf12bffed08f3f751f5cc094b50b325f8b62c7a5b3256964d48543690538e634e5730354358534b65eddd44a526bb4b15e2042b6210f503eee06d00d615ccad10d73cdcbf5264b526674d85c0ed31ba5ee584f21fe6d13f883ace4b094768865e43099e54671240e8e2af8a7d7d22335b3974ce860e7238a7c1ca8a009eb51c8636f0659189ac8ef01c871e9008957cece0a367b63bd2852bde8690bd74c6d956435d0ab82f94a90cd00fc840dfc7036b84d51f1ff5076ca0974db6cf25af42ef7dc8c30c2b04ceb2510e86ffc510bf4c931639478fd1520ad571fa17958ccf8e37f5f6360030300ede3a33871e9582808bda2233996c5005fd0c23d99261f570ad9027767f6fc96d18ba98e8ddfc2b79ac12cda5f2367b4bb6b99a3e07b59882e49a92aece85339bbb18ab9644d20a3b2a795240492ce4eaf09d9ef728fb82b1de7b64b5d391251ffb0699335ced8c7ce642ff1a79f04c3ea0dc37ea101188361afad236eb218cfbd1d0ebd784ce27dcba0266ddeb87b59b66a4f75bb44665643fa358dd3d0b69b49f45a752b5c410e2299a62be4b57b32b0924a069a8e8c15d754cc34debb0d967e70693a6ffa58cf7099c2c2458b437c7b205cc7e815f6cb494080f9eaf3017e5ff918558dde415ff72e954ebc2ed4c20c8ece38cc916060d22e582d54f74c6c181c2601400110a683f4a365e45ff1387bce4e152a740136bb762b03a99fb68f6ab42620b2e3c00fa8d150944230a6330409b27e4aad1693e2c3dd12216c4e2ddbc5e9cba68b8b5417a7b2edae7eb67d25f4edecbb087f93dc9c927c33076b1c71a2b83b33870d602562ed378805a690dd2a427d86c2c46ba4741f3defeb91a05eace975c836e52868cffe52ca92f97de94768161a3e953bab6a28016782909ec53c02f35184aa9ccbd5b793b525204b72deb63e104376893b9452c3f2c492f423cbef1ec87c85788cf3073ffbbcd67ff79bd038672943ae4bc68da131dba8d7b41c83b4e9cfb6931987b270c74919bbd40612f823114e4bb148671f1aa62bd2bdfcc8b0b24010ec112e883aec9746d0f5de467addaf51f8c070a359108b1f91643071438f098233ad9a94d0faa665a39291a98d14a861905ecde4755d00e690429c57580dcb6d51bb6186ce72ebb1fa8413892cafb8713e89775013e546fda30aeb8af9f7155c08b25810c80ccaa5e700c124cff59fa32e0293adadbcc7b1a99f67e66b28da614c5a4ccd706afd05388c65ebce07a543d3dc1e5a5d1f307f675728d4c629a04e9e455b4da35236c677f26edc622c1fbf29568d509ea0690af4cb5dbb4e418b6162888e43b458774a31324bfd5ee8d2152e4ad43a3007d7d4af5fda172c2779837ad3a09e135de953ce966727a7183bf77adfc76430666b526692991d3c9db5bb377552a7801c548aa63f6931d3ee91b875cdbcbb7441a4ff81f86762332d7192fbc2f7b69a58db6ccd3558047f1940a1cacd6fa28a000b9795a2860394bf05f0120e6d85f96b1fe9de14e3ed66a31d747924b6ff2620778e0714aeb34b79a5d935a0306e55c36506a292c5dc568403551907e49a43a6263d2915108916f1e27cf3529d1b7bd1544af83a7cbe58547f192a93ce5c5bc6d652405ffcb95345f522b2d34e8ee0960bb85537a46121bd9a408d283a125eaa745bbab04e2231c19ae95e13901c69e5c9c4d70b104478f4a70d64f81269a8", + "sha3_256_hash_of_signature": "30bceb8348bf00cb59b9c1ab281df1012f4163d3dd3633c58b44027309c410e5" + }, + { + "key_generation_seed": "c660b84d558a7e6b4eac47c7b62135668e0ef0fbf74d514eaa3d0d428014282a", + "sha3_256_hash_of_public_key": "d9497159f12826279b2bf2e5fc1e7b2f56d73ba2a4e101082e44aeb2025b7ea9", + "sha3_256_hash_of_secret_key": "f78d9161ba001dd88b657aebd087a1617e31917860e0fc7f2c6e3085a8985685", + "message": "dbfc582ae98d8fd326fae96a1849efe729a1173339d90c48c3a2b867135f1dff5b497d05fd55130694b5f9c62d136647d767ae682a0f05c670ceecc03475ffd39e0bd4e45b720d9d7e8dd04e69c969627682ad83f48609f6e66d0be99064988e4654e3913b7caf1475622e211bc247b98e5baba1b804e2bf651713197d8a610cc111ba5fd98a053408ad155dcb756d28a283bf3b20e6f3785dd5f105f8d7d9f2956064860b097c675630edee1f17e2eb0b26b6c20e260f9a5915d63f1be2c74fb0b37013244481a2d0c581c4ee12516e0fd4701e9835c8526a490cb39e99fae07c40236808f9605a63a5106c19517c3711ca4b9e8eddc77b242575d904dbe64223cf14a8e39feeda9d6c5f9cd0d0719a7eb5efa71453636f78cab8262636ff1e136c787e38a43faf02699c1f260ec45b068edbeebbb8a0e08ce282bf47d27a33216856f0c59e743deb13397656ff17fc4b3c694b189c35e516be719cda6542260d1301df93a5d93ee118f7cb0ac94d0364c9ea66718a4bc7f3d7acffa60afb7100f7d97e98dffe167d1d8e46c912d41ea057362c13b078cb1d9c443c1a57ac18c4566f5f5388f47a40ca49cdaaf34bd4c9a597ffbf7ab20d7ce88dd76a639e09ada323c588b08140e9350268c1ff76079093a05ccf5e1613a70e6e37cd257875049a767332e5f7420f319f9ac78f97c0c4fa40b1eef8c8b48045c78f73584590fe41f9f274dea838de75dade66d04e9d9308cb0a9948320d28d9ca8f1f51e39ff3de20fd5a2a267d127c317acd51fb779e597a8dc7359d920548b8bcad761c6b8012304e12628a2652d12a8161e538c20d582bf567e9c2b46b4cfe2d2da31120c6df50df45c80513aa9eee9f2613a221aa1d23f861c7f26aac7813b7ed7278eb420a5c44f2a5879a2f1f9f11e14602762e3389b152c014ea9ddc9ddde9ed1d6f74e7526f690ef37e71d448342c012e032c00e480a699ade617434c12da0e69139d0d9036743b9e2b9134b5086fcb96b193330ace8e4f77148ad0f532e72e1792795080b54d7172fb9af1972d00ae24d0b3d86528675b3bc8c7b80598d855b95a77667ad0f671f00039c08cc99f5644bb006ba9356b9c02bc935212c43490c741b0845cd7b4247592374aeaa1b589e670ac62777293870963b5132dcc27088f5da5b831fa570766fa81c2a07b88bbd45b81992edfd2a7fe934219b1f648dd8a414fa03eafcd39e72bdf7d4f6b9c1f31a0a67df03f6709f2be0e7d1b1690c92ce7b8c6b1054270d796b16d6e445d24cb11229cb0f92dd81190a37838951ad28be2aeee6c5f63da60a911ae0a24b1d05ef2f814fb30aae8ca3bd9f01d4fabe5b279142af948b0e6bbccf7560107c161c816a0d8e61dd908445079baafb78c14f68b8b2bb241fb03c237a4cb250911142d0b460acc75e6b0f58bf28546a4779ea7342238826f636a510cc9cffee8bb0292a58a07694c05672b560b26158a8566d01d0eea0773e81f3f84376b29ce375fc56a0689a7ca5ce94b91814b62cbb61ea2efca0ce6712a941d612b0f700c56b46d464c2aaab3f64a89caa8561a1dab2869d79da1720274d031946c4c7715fb9c243dc95cca7aecff55eba4044467eb922e93f57e3e39b93876a03936dffdd2af48d055c6c188f2f229812ec94f3fbdf7d7db62e4274dc91718710eec2ce034aef266207c5ccba21552d6fb8ddbee8e931067010594a9e0cb37250f67281c0a369965367424d454cdd05d3c8f35a15f76b4c8c3fee42f4c9cad68849837ded3be58730b94ae3a5f9146f90e03b4c0836381b3f9ccb5de6bd2455d241be9132eb6d4937ff27663f4cadaa9cda193919f4cb0d0f727f6c7b26e831c3ac8decc234d79d1b3bd28305e3012a3733ad718fdab7dd1a6400bc47f47d20f627d2449dbff10e37a62299e22e408a28a806d403cbee19aff6fa9b1814b35b9573adc86f829a08893cfae4a0212293447d3086e21bba28049f3ed383519917b169e8a1b7dd64cefe0da643a97950a205cbff6bd9334180556e84199f0b60738715cd69aad7c882430578f6fba4579d908f863ca54d0b9862eea6abed31301d183cf465b1a256cbd597a629307a8a890f11c23dbff895b932e9cd2f5f06a4183d6f2d61117126fcd2ce2b86bb44a9a5b402e3eedbe4ed1df11716e91a2302cb72d8f0dae132e16311c80dca041694af1ef63f659959fcaa133d9e5668f94d0489311af3bad379de17793bb3ee8a284529a72cdec474b3a82d92c6cb21c63017f262e0d7dd47aa5c58f5e23f8a37f00d5438717f05bb974f18a5d3e1ca054ea053c30b34fbfaee88bc0195f061ac32f5b71b2a8a3ed4b8bc4edab40a6396c052dce72e10768526c00610e96df38aa70938cf844cf445d8e2bf73c4f32a742812d8c1db53afc6b6c0a4bc67c3cf7579702312d6c89bf14e9585d2c624d07feb4b5b57f8e4c5cfda69a5e922cc1e9", + "sha3_256_hash_of_signature": "503afdf9c1b778a10e86bbd15864bdb1d8247651f0000297ed0f0797789e34a4" + }, + { + "key_generation_seed": "929f309ab3f90cdd9c21eb77a7ca762ca3afcacbfe3e67b056290835694ba3d8", + "sha3_256_hash_of_public_key": "862133d03cef6768ce17c62d629812f5e535560c8278014cca74313eb084e929", + "sha3_256_hash_of_secret_key": "4939fd1deee09c1a16a5728b7f21b01954a470eb78e4db48f940f0663539dc33", + "message": "6103e5b22f934203b5ca87337095c9a19267afb9695d309beb8a557bb7cc90332c4a03e1d416d397b945b607268f545928104cffd71b02864e010b666cfcb68b762fa5ec839b5aefd0407419441b38e6d881bd5218df73c675df101bf2c53d90ff86d4a3c7db19ec9cac044e0467a36337aaeec32217faf86cbd7bc2b663421754cff1200a8a66e18f812868bc8d1c8ca495e6462da4b8b96d4167f040f04927a7c27ad35cf174d42684ed55ac80d14cbe4cc2570642ddec4f44880d967e9af77ee27d0d3dbaec9067fb6fc957ac4a136c1d564e17f59ac4938d43fb9050d810989907125c47fcea6c162c723e79f68339cd1b3bf596988bd6e215271385cd50616868c6bf40fdc34bd30e5a00773e2c039723f2ac3a3fa45f4ce870841762d7435bd6ccc5fd3d58fe059ee455a806fde89155c84797fbb73691a1fc6921859e99066a3239e31f28d1a46100db1917621d9e61473cf1e71f9850b584b459d5690941e676a7dd56796313ed9abdbe03dc75afc1430dba27fe0f8df48ef7c339f462af1a6d30a5f8b480dfbbe860c4c0bc136393c8fa0875af454273c3cfdba7eea44eef1a4060136948cd98b9d2c19aea4934f3455f31dd15be6545134f17a195b6bc409159c0975e592a15e86ca4943ccacf4b46719a072db8c629b67768f1956f8158f179a0b645320489dee404c8d0c4e786cff39b324053f102c118e7d51173cec0fdd017f213b2b07ac6b2c7dec04172dd5396a020edfb74ed86fc31952d241a7c3d139def543d90976aa70599792e73cf73ad0bd4a359bf60dfb2ce96a784d8de5e23a95e831ca6ffba6b187bc5f29a7757185ec06ac882572ec6283a1875b54fe4f295e1970bf311dbabaf9f894d3364d68f529c4ef9030ab934bcb09459d5aac61919946fd28df1ac85876f979e8b8528e9bbe69f03deef136eea6a8fc86f31bd64285c8c9f49adf53a8baa7867ce52e72dc4a63929df3ba2662dc77d71f88d8af42b8d67ad54884ee11f5a6b3b794f7d5610909b0b740937587cf475da903159994a262b6f32a3d1723fdaae65e636b71cb0ef0a744f359bf08ac8231ed2970ce8c451266f703da3b57f85aceed4c1c174c50d9c226f028e972ac124faa6f60518699cb4c499220ea51a538f9ede67d0e98e1bf8fb4b24b1d8ef50a28a93e20076f8fb812cdab04871d331ff434ba66dd4577b18dc3f471b3e96a174b58a7ac2470eb8463a71ffcba2d064470fd2d4e15f9491db09df3e3ba376a3ddcc437312be5848db3b9079f2ae046798473bb970d725e1d7c6fdf405ae387dd7cc1735a7fc27d1a476592a514b87c9017e1e5d37e338f37916f3c72c5f2af75185b88694d4e8e0a93fbf20ce81a7a0c10d55737b6473fbd92bbb39febc6167336beb9c235997796b9c0dc18c353e80305175bb412acc29e647813d0003f727ed0577a7c14bcf67173da569320e887bdc8f5ad27fd8864261e802a6753c6f9bac844b5900ed0d4274c0e6ede42367079188b10bed5999501164fa4c5a818ed6ee229c3e0e0f7804b19eaf5d1132be1d7fc18be834c842b21f8ddb11f8cfaac10d2e124981ed698ee7caca211c5624f09c62e1d451429048b55ed0f8a714bb77a0d4b40f0a446eddfb27602b7bf894805c4aad9252658f6b21a05dc0cf6a3acdc227fa867a4e5b1db63a14de26a79aacf1900a7b7d867c15cfd1daa712f2a1e2a6c7b31b121465539cd0164e3ccf79a978b543ae9602996448c6f68069d044fc958911ef40b0b9afc78ed014d94571f6771ea5e2306a7cac32c135fec0bbf1dca3cb0b57daa239c01671718017c907048e0d19515cbf430d4b3b4ff4fc9a391d15a38b39c4e528fac04ebd3dc69144c98afa75102d21ff961bad2e1f25562af92554814405c4ec08dae4a0cd28be592c9c9bf997cc0fe31502dd541000d4640d59654d26ca2a17ba4cab0518ee097c05b2984ffc56e8182368e216768e0d07e17fb64003e95194d04c6e00e08386084febb6cbc841e8f3fe2a069c45554bc502c27591ca3c1dc9e6b1694ba2c1bc0713c1cf738db22ffeeb7443d72d5bdb975d192976a58ab33db58f5dae497a0b24011e15e3256ff124dd99af6fc300d1fecdcee18dd4fbf25e901125d4e80efa8e2a211701b74fd992e63376996994e054cc00e7e1de7db8e7d2898a735ec4920dbefaaea66b456cf6a12324c5d56762313a627b3523ab1e2c1c82e4fbab136ae4395fcf2672a58011d96bbdcf2a7478305756d66b30a4ac44e48b18a5964aa89f14187ea114084d52b4ba77755ba04c34777409bdb782b7b645e93b4db284525e2f9c9c38d73b475dde2251277a2e6c3183d5dea78414e22cc8fb4b2c7efa797cd4a87ac81d3242ec8d2c2efd6bcfd69c39f14b0b365f3151a96f75454a3a1400c76a4390fe9f2e7a22a0cfa687a5bef1c905d3a893b0dfd35bda184f25e62fddc2a52b6a67e76f550abe4cc8d1d63cc8631e4cc315e46d3015c3b8636b92b8d07075d401c654fb4a", + "sha3_256_hash_of_signature": "fd34c94e6bda8f05cbd87282de38524070460d4ff24e3b98c5580130f2027922" + }, + { + "key_generation_seed": "dae1eba78ad1568590348088aae88c1abeb59626ef65991cd76ab81198e52837", + "sha3_256_hash_of_public_key": "4a0c7d56995cbfece207247dd03ee58619db23a2bc3e312bc5c399a60464ac89", + "sha3_256_hash_of_secret_key": "6955f1467934ed2c6ca55ad49c83860935fd12adafab3034f98df5a2546bd44a", + "message": "3eac87b3d642ceaa3dc904ac3c4245cb2a260e4b74d0394d33d4b71024144180a727f80b092305f31b2526998edf6f98e46933fdaf0e8709e98d54f13c2701c58bbe35292fd3334c5e03d345a9a2ea1e01b2c4573567ff1ff3ba7406a16f5a5805edd760ac78a3ab8602e415f67c7cea5b36421c79f83cbb14fa775448a832a4b28851ce215c11dcbaee652cdd7342b6b1204727479e6208fb556cf08bf7ee230f32659e829ce4fbce0955d01d36624bbac18c1d25a3e187722f8f74c88b56e518cf0e78b3b0eac56d8f13c4afc4da3613a41ccc2b0b0e2ebbfe5799e479f81335360d483596e9ae926751ec9b956555f271c2ccd85f0f6c1bbb2c326c29b5ddf6b5c4c11f8eed15c0143993feb626543e92ce4d66c0bd28c79ed1ecb793a3091d6b9ab510b0d41aa42d70c2d8f26ea0b826c8c375e1dd89b3e2a48fe5d88a462deac33bac35aa32ebc010af7e47b77ad23653d747760914e0ca12864cd401787efd96f30d82d8907dc68578067703dd19b2377df319eb540e8ae78b2be86bee1c915ff3b2f4b25c0ac22ccf89bd85371961944d8a4e6d20e2d3e9df3a07d3bf6986898786f0667545275fac3eb0f069b457d8ebbe5f60125f94756db04ea203451a0de160cbce2a34650d92f200448b097691a61361ac487fbc3c82b2bd7c1acca02031311971c3cf69ba459a0b640a702db4467973713a6f2466560ffac0592d64ff1d4a935220826eb559cfe0144ea4b8e54eaf67ddf91988dd4b3749c865008c0c1cf98bbf76d929b85c8c426c15fa56706984e0f2e90658fa3cc33ec9fc700976870c94035ecf9a0534b18d07f55923663835416e40235cc2550bd9822f0912cf101f86039830ad9102aa4a3b6777edec5ebe621082fcf81a1c6a528f0324ec9d39fa80b6e87d6366e7edaa0e14337d6708f7c3d2fb1978f4f5cd594fd35b267f9cd09370d3366dce286ccb9647a1944f8d8be63e5ef8f6108cc5e9afe9127da84e1913439ec35a4e17f7782df042dc2f7c5cad8a659db282e61763539b56c2afa0f2b507d549ec8c9e76c7db306380cd7b46c9699b6db8be06cca15e8e83763137b06bff02de2738a46c61b70edf4f394d54d0453dabf689fb6ba41616bc589cb9847224e74f919b6e03672ec6a52584fe81456d6e648dd6f0f9b068eb72241f067bf6b891a498a9a59356c735e10efb37b3ecf47cc5620a35442dd81e25d2c6db0e9e871301add193d628b30e3b4345751bc17e0b5b05af758a653de7bed3763303ffe1af05e407f296c736ca6f4c348b25718c7a814bd0730affc057842af3d9b9adb12fccd740add16218aa57e43835821a2bcd70f1027f3042d4a92f10d0a1fb8323e87869bfa8da24da75f8743fa3038c24fedc0c987065421bf4b300be3ed3f6d6d590968d3ee32a8f5e20ea6168756aa18bb78b6aa48c299c36d0e78b6f84cacab5946c69179e461f4c2dd201d8032a29ec6c52942ac37d9c76ab4a401c9aff96284e1e9e39bff6d912ca33b6118067605ea65d7f611dd963f4f75f97346fffd1df84c79ccba06804b3017775d8c0bf614fcf4d824709557937b22e1805a0a961ecf226f26e3706362bf6d8d1dd30be7eeda481a64961641dc57b9f0211f8ee43578e4c2b6507114dfff3c3f884586bfd1278d117f7c6014fd5980cdf1e2fd1f34ccad170842b9e819c22fab9890ae265c3bb6946fccfe218544d00a6ba5bef5224eae24002b6e83e0b35e98c2322be2eb3d8234be8b048c54e40782c9a24d7a8b461ec05f38a94aaef3da3b46d0d85b0d949cf1089408189ff97c56c7dee50a004aead82c15c7c0d0965f3c65a9a715a65d29cd3614954ebd91eeb4e74f862fbc944c56f2edec4d344f92e8154708ad0f5575880503ef0f107a9a9db99bae82357c16578f3e6cbdf9b427da88dc322d11c6ab2a6ae6f5179c94454e09df5caa6a519a4c1903c8f2925639e12af793695f256bf0e55e0d45b73880358f09719ed89a4a1a07868bfbf16095a20035d5d4f99fda19ddae3e21cb98308f4508b5cee706c27898f03a2bf14f29acbf055e4ab0713a7b6fc1a7853efd36e1290e69587fec15d492a66b9a4fea6e2bcde61e02fe18e06f59a2f4e06f177b14ce4c1cf1a8d1f49c554a8a4c68b9937b4c230320c80753d4b071bab2deda89c9181820336f1e766e447ea1c44e15cbb7c002c1813d2c1726db0e4de289466077da9610e5f3aa313b1b01dd79a4056a8bbe9d843ce5b0439325ffdfe91fdaddec6cb86d5cebb68d8f9c0ed237a4648c412780acff48fd9ce817ea70d950dcb989ea6b11fd87ea4f30347a27488c5c15be7fd6d1280fea3a7c022f8d9881fac93176db2025b4c7914a51099893a791bf5be851f325347484ca6ed51b2ba71548a6046ea7ec85b31a9967e7d119d2ca3a51c1e14d5a3eef0d41bdd615da01d45979007a1997de281bc340c3203d5bc0075b1aa38873a9dbb9d18e6e26971e70b54e41e2c8c91d2e60fbf85435c1ebc4893c45a201b1d2391549f52a1ca3e0440adfb746fbbf0d9933f9fa0220b3e04ebebb29d2a9ac1", + "sha3_256_hash_of_signature": "0e6a3b07efcda9620f19270e4b70e1a88e3f69bc3d37c1b117258b90608c42d4" + }, + { + "key_generation_seed": "15ed428927a7eb0c7c2dc7a98cfbb77bdd773fa8747b8232a6ec4b87cd7dbce1", + "sha3_256_hash_of_public_key": "267da5ee0a9b425ff1c795c4ff26d96096bdcd5ca451c4b6d6378a9ce2eca555", + "sha3_256_hash_of_secret_key": "b41185db83385a3b42205d27121323e7a80def4ced095de63d1d703d42fa207d", + "message": "baa4a41e4b68fe333ffa5ee97fd3de18f0eece8eb83e46a8e3505e2ef8aea2c4040ba3809a764b681ec7449f41a2463651a8cc6def0e4a058eb843ef016e5cba8d55f925e66524be55cb98fc3169082e52e0d6cc3600c4e8a560b6d448a72ccc95620101323f98b43e28d6357414185ecb0263c7bb94e7f86146661fc897844cf52873114d39123260893def13516f982783b927864b61b56d3a8e5b4705da3a95f6d12a6637c9ced02f07b4aa0b08b4924103036c2a93b31c91ebb6c5b77de090ebf60a04191eb6ce9cc9b550f5b0c9104b74d15358854181c0c5640fc74caee14fed6577fd75eeca14070b6d02a9a421247a5bb262d6e62b04649e75bbd3ed8e72752289fa7c1a68096dd96a4bac8a2dc27c44881dd2416387d74a005680a3d229d562d3daaf8dc37b4c87cc86a8c991e9327cdd43ba930cdd8d1e44aefb084b51111965c5dfb0ee2f09112b070cbfc545119aba823eb3f65f26bcc025b39f79be42c0396c5fc9fc924ef1b7ee9ddb71b6e69b579c0a64c5b020206cd3515b8d5f4ff29378b9580d282f7e5eceeb5ce9c09a7b334e62151100cd658dfffa66f4091231bea6c9de8129ec4f5fbe8be0ff4bc93367dc69d9e38c177b23afba5c27fee3e2b73c0037dd7c419c854df7c2412349bab43869469e80527c3ad3a7103152f9e0b03353a596002ff54aba8b14ac393ee52eb5564d63bc2738d571fa3c255abd20102bb299441b00eb988f3a5cfb238ef8c49963b4ae8877e6b317e208821510bf446ce6b06c33717c91c460924248382159198f09d0f5a25c1611b2d39cc6d2ed149fdf0e09a0b0b2bb77067182e386f5f6a55b68808dad98e5ceb0fdfae6a0315845acc7b9c172b0e82190a5eb7c58de4f86d883292a883045c62d6a1b3c886c345aa6158276efa6b93ab2188e47abdd25d332146e980e1b1e043cf63ee35a5aa01ab6cc62f77699dca16fa30e3632dc5ccd3253d01e547746c78021ac307f0ef1a0119ad11504803edad933150981c4d9fd181835c507651dc92a86737e3afd0eb4ddef6182872fbd31bfc6d8427c2f4d3a39bcbe6b5120b8cf2af5dc59949c92d10b1c6a96810564dd335e0755f9de25ec26c102355688c38250df8f96e105136855c8de4bdcd86df03f92977da16908caeeb4056f4a5f751a57ba057ac0309f1c107e594cf3c31544e4f1d93fb9ae7e1a2451e7082cf0c850990ee71ade0498f6a3852dc4fc128bfdb8abdda3d759c8d4f83fed8509cde5eed38410fb9f0a5f30ea45c9270ba2395df645aaee03f56158685a0ba65de3d2c5209a7ef4bdd4bbe0cdc966dd1bdf1fe0be06c7115f7ccd80f8012e5d17955ae0c9e4220076882f30dc5e391295994b9f809c09dbed8ccdfc89669f40492944ff20948080a4ed66ad8166b613ab2f4414762ae493ea6661950e8e56b3758a77cdbcfbf24fbbbf20eacd5cbf8815899a1c3fd20b1d04920025885388012d9c58ea842db9530b7ada901ab9ce46a12700687bde07fb99bf66d0c775218b8454c936f03558b899b59361a0c664081ce8a7858ddbc5e7c5480280411c9acf4d1ec45035d97524e9e44f963532ca5067609540c1bcb5627f99d5c61cb9a6d400f0ba0a74e45ddab5a4e8a765dcf2f3684e3a2661a78ac069fa38163ad9f9713eb45c841c6617697cf8a72c54b550dbe9c22b04d579b09aab0ef4ee8b70ca563f81ef9700c07761c944926f9a76a8c3eee1cf7e7524d65908c47c35b0453dc10db5b75123a5b26b9612c0ae18816a71f34638798dfca21f5073ce771500034f9a71feb8b621356c430b4d47cb1b59ad4677b5c679188d8861beaf52558165f691f65a692e8cb8d24abb74b8885edebbe52fb13dac16e3a8ebc4ef192fd10d71898e93547c7a09f8642aa3b4faae23e48bfa809c5989d3462aa50fd4e5c4095542c45e5600926c2decb4d18bb43b7274239a8dfa3d9de1bb9ca099dfe56dedfc9e120867efcda10b48f7e630506aa606d76e4537036127fa05fffb8b8703cdc8de70a78d014872111a431f393345d74e8866d9a9a633923072e93dbf47c54c4b205c60e67d5155b76f51ab49acc7435525605dd43a10c88a03e08e257c68937bf2984be63d40f8a60589d909f8f09688a77da15dc7b4853339f235b1bd60aa845b4db6b699325885c49df9c40781cc56fabea6201e2f8a9352c28ce321b9441422807e9c81c8f1ec85d240c9f1c8ecc4ff06d6e3682dea3e6cf92f2b74c2165af247ce0f5ab84460693254b523498a57e7442977f51f1c2f649bdf756e7f43ae543f5d8e692820f8a06322667a7fa9c1a5b10199a69ccea22c74e172fed43e550c68c337ecc5e6aad9f7eb997a7e619d47df73cb917a705c3cde5ff344f6fbcfaecce6b734e09a385fe54b224a880704d774581074c59eb0a3b42c59b8ba4518e764c5a532f6655dd839862af716903a118433ce0809376a88e88fa847b4d1c63ee393267b15c1e42a91dc6107cde990ec9ecc7c1066e9480e90a22907c51af47da837438a90cc07de8121691bd73802d5d09d18a2d8b38a28948735110891d1b559a73445838f359a6fb90a3cab887486cc9d95cba35b55693c890830d2", + "sha3_256_hash_of_signature": "3f209444a610e368590181dbd8b893cf8d52415812f2284c687abfb4063101ca" + }, + { + "key_generation_seed": "ba7e359b1f669783521ad35edabe97141a816c2fabf0ad0e001e21f73ccf7736", + "sha3_256_hash_of_public_key": "541161a8f9575d6b9cde9ef632ea4d711b05149b1a1524c2843f029c1951abd5", + "sha3_256_hash_of_secret_key": "7b62c93534046e6e7527fb12ef51301221d19cf30520d44e260f4ad75014238e", + "message": "0707ea05515798829f42a4cbddb4a95c5750879e0a584ab503f778015f83bebf6d63c3b48a4f478ef01091403ddc5a9662e39707dbc8502acf50f3e06ed0199cc647ea155feef503be045bea4035c07c4cceda306b8187185bd06c14220f2b7401229969c1cff8c36d499d5a725fa1ce7b44d71e6c0e4e750766183883d838dae4f00b140e0afccb0e72f935018a6314232dc632c5ad3c26919d1a7925bf0f665ca0223439518143486ce92650dd145fdb2e97e0d5bc9d6806f442fe90c9c1f52992e670db2603ad885fa42b3d8bea4e470b7f76a367aaa506e931890b6e4607f59e87a7a5fbf3991eeaee47cfbbfe3cbe028e67bb645d37a7be5e7cba6d7955cd62d1d8db0d9772ea0185c25bc1ad40a09d3e7e9caba72bdc3a6ef3c40c7ed6208854157914a80b5c66a6dec2317fb5a529421c03cca6fc0a3b3d51556e8dee7c1ebfba924fe2ebce8a46be96e761aa6749c0a9a2b2fc49b42ca47663ea3395df22de20947db14fc1fad03805955d67f8473baefe2c1e22bdcc7bb988db0dde4e83e26a16f10b93bd9cfdba77b9302edba0c9afba7369a023ef763c55484f7425f842111cae27e07a511a725f25d422d933f2ec201bffe3291411ac3cd6e91018c95074c18fc780a73945b148154987854cfa1cf1199bcd03519c8f34774453df90b71fea6734dea7191ee2a5735f7a191f527642d53c844b087e9346b07edd0b78c36f83445825e60a13c424f72530e05f75da8d33957faff004deb549985790956a0e7d9b256298d56bc6206f1e4e1e958fe298641a277a2c8b6b9b7660dbf689ad7e1a19cbd965cbeaa4a0d30741586290576996ae668ecbab4f06f2a1d542e32c5d3f042e7e29a41bf86bae29e7029d997876cfb23b10986a45ca029739b2446a29c55561aee8ffb187961e6e7401d726af6d8a5c816b2ceaa9a1c9b780ddcc4f0e4003542b193ae26ec687f8c51451d2d5387d9c3b9eb95981df2de069fe741cd5c15f6d1b12c5b9b94230aba33bf46dce8ac7e26896edcb4f87272c32d19e72c313738855c02c6f46f1162be0a3ed2e76704b16169689bf532ead7ae7f2b26f4d9b22712662beea1f46748fa4c27d1d825d3fe493b5b3b513617c81d21a0912d329c5a4e3a90ef5a29a4e3137d1ce3eee99c42d034e61593a4076ef124bd6bcf8fc911fc9f6077d82c2980c2adb955939441bc9e81bdf9d6996ce578114c01f9ba096d6ea40f4e0fbb18b3e3d25e7f6d6cb670ad26f604368acb6190667b7b7ed3c1a1da04e42ae0087852834b91aa072ad51c0193e5299481221bc9083118f7b5503559f1e2d9e22a8d57932cd0b59509e7d7f459e20ebf4c1d0df71472340e64992c0485d593714d6b469547616dfeafc95089689931e79944204a6d0a47a565dc325f3be19fd44bb6cd4bf2b1d4a78c883154d70705e121b833a4a7e7e80fcdca03f52c1f831ab0d989ac5dbb5cd83babcb3ee74b69681818dc05e33234775123f552cfc7c7bb0b98c937957a2c4e86e3d775468a7cb8d33756ed7489d04dbe52eaa2737efbc4c4d0f55b5a841e1453763e611bac358fad0b5778c6015d97cc42ca9fecc66cf844dfe55587c200da5250b3a419791f57d3a4f672551be885dfe2aa8637d6c890ee8e1063e782fd7e2cb356bf47b6eb93a155d8d64c9f6cca3971c5a7facc3c052a2aa9fb286750f76933261aff5ce408bda8382af8535145f432f78b3b25a768b5da2a211d1d07ab557cabc7a139f66edbb744aa76e0fbf22092e31c92cafc624ee1dc6732f27e8e7632c6eee2d1f5c85b52d712c884b36c91da383f0de9e06e5ef63d7b7a692e5e91ba1a1d9298e26694faad9ef262f117df8115e2e877197a8069a96210ce65d45e6aa7011654acfafda810cccc20c1985d54483dae12b29d7ecf66376968b52fbd727cbae7c9e3dbfee7391d985228aca9eb8ef98fae32bd24552a6b34baa581dbb03676a3a4546e10efcef269b18e1172f560fa0f0344149543551e079c1745bc0425b5233b7d7dc32f751d321638edb1cee56df0359eb6d9863cf3e341a56060c8ef8486014f956c39b751ae239a493a017b2fa5210d374ba83df5d799b7cd92987febb0b2cdb3ee42a61381304c5eae2add4777011c3279bbcd1edd6f91ff72b3c353ac35da8fa843dc5561d3cdb507730e8bef20cf09b0ddc36d47f4c10d82652dc2937d889f83b1ddc30e52b244250d19eea9cf7a3b5d931e2e25b64a0a81b2c4fe933a17beac2e10fd888d07f994e4f2583d204da126533f5e36b62486a00ccc317c4381a8fe11d36c43e71be108e22a98f53729f05a5e0aa38d512423db4bc1d6bfae9117383acf94ae2a737f6b8070858beaf08e365ca84925f8bebaeef5af77eb73a9d3648aaa6493cebddb95149f0dafacf129fc321e558084a44cca4b429d664d90dd90f2a04818b48d135952746ceca76f99b947a33a3bf7c535b187c1971af4fcb1eac841be7e96f429dd38127b52facc2dd6512d8d019e0080cadbf7078fc67e9af170a2a00f70f407b0a7ff469e2f6ea165f8b43eef1779a115089de9abe6b78c93e4b8e3b018686d16ce8ebc88cbc1d571372a3996c9e5967c035f9da6e200e7ecfd1cf7158563f36a3aac3cd8acf52a4eee29dceb03fa3272a671cfc9b", + "sha3_256_hash_of_signature": "2f301b4ebd616e28850aebb4145fb262c3d93e81d8692b698971a72e034b7a80" + }, + { + "key_generation_seed": "9daef95c8d5a61d3a3a267fefb9f37d6e677d7ba26a3a5bfdbda8c281be89ccb", + "sha3_256_hash_of_public_key": "25b61a5242ec7c664db74a1ffc5b51ec909f570b9a93b5073cb881f3792c018b", + "sha3_256_hash_of_secret_key": "05de0be907ba4850066eba137319b8f59d6004b0251f33dbd5542fdefaf35335", + "message": "f3ea695264936d537d86e545e132131442c2973d19b37f8c911e3ecef4a13a8b1edf5e5968a6198d26205ffe6b76cb14e353b5e2c9de1bd44ab9bd55862ba1a479833335725ef52601810c778da4a32c497ccfa43f91c72a1499e8d295ae7cdb43f1ca05f0d4a31b30d9a69cab8288640f3f9e081e2c98cc8351c7eb9954d428da4bb374b346a83eff5aa3f455f2bb3fc922f901bbe5695e3ab9892a93beef90fc150b3bb47f6965c229f7dcc3100a4101840417a0e2547f9d42ab27216254a2898368bfc60e7d407271c213233b6913c8e48df10967757bfaf5b5e2a284b8f67c70537c97583786b5185b45e2e36bd8b5443e98601f772829176c4d66f44a81aae7c13f539490640bfc40b83e1c75305b06be60e18a0ab568859435b715e15ba1ee4de73e04e1b09dd15350ae423c131706f057255e9fa8fa3f9e3ade7435a6451f7a2aad0c0fe0f444c4a247dcbaa49e7c926dd52a33d3737b4439c1d40f861720e37bd25366eb5f34bf4b552160f3eb80ca8fb19304e1e4143090f8e965daeff17551a3931905b5cd991c6bc5af5be808073893a47fbfeec0940ef5e7d2f2ee199847e1a4bea447bec40f86f6fdaebece6ff0f66e04193355c9576dd4aab2d796cfee5d432b1d32e13b8903a06ffd3aecb00c169a3af8389848cec724f647c6ba8dc3134ca18586db3e4138601a16df8873a490f23c4d27fd9c3d4fabf2bdcba4af3f0793e7b591198100ec97602d9ba572409ea49d7c8edc646335fd4494577720ea7cdf3b4266fc201de4bc204c0d35cfb55010bfac68ca0df3ac936c9fd2a9c532b8e3461d25362efa37da159b64670060cab833eca799fcf1342c7ee1b80bde05abad08b9ee8908d50cd0d433dda0b120d1980f690acad9c072502ab537ef71b691917a76d3098c27fdc6fad1f1b29e307e17c87d9fa6a06cf8cef6568d9e4e005feefcb5f41a46d91e31b41268367d636c4478921e690d5d57e99da3448773d51b673109cfd3a58cc50c127f34f4963fced6c216e60ea0952317fbfe88807bff4223624f6126104cb46c8d39ee228bb4fc0002287e346e5ace43e2caec07a22203fe3c4aa9008a94f7075f6e449fb89905bb955fa0023608c494f7b73d2aa4e2b0a8a7e3caa889b6b6a6640f7222ef969d46ff6794bd97c5363921461bacda17f2781e14419436e37610e52e3b7b7bf9c1a4b1d80876030f9a8981daa4f06a432dba739db988bed5de7f38378ec1f7d8a46b305896ca0caa5d8ad74002863c6ff91ef25ae96450936509efa93f94718e895a82b4616a965af004038e0897a6563dbc91eb5a6172adba052250d06d210bcf5a250246fc3482e57fcd9901104c5ad58eeffac2860a4da9d2c308552efbda2d4275f3f3651e9935a0e42869b9263fc7ea71079e604a4ec6dc61cef6ac6cc06194def432c1f7cd9edfb0c4b448dae3c2a685bc818b2a90e17a4c1caaa5fc2632f720e764e2b8da314224498119a0d94cf5dce24176421c2736575672b361119ec7c766265768cd9ff1957a17779c11244c1cc82d72d4e3c87107885f71c56da2bc41008b0bc1375c12b3b2a80071ec03e377a93bfb227bd560edd5e5d88f46f7ff9831f05bf262f01f62278d3dc13f4f0ceca0509091c25d20666d8d3527975ca3495f6843b46b5d5b6f5c650e981defb3943963e14f00a0f78ce785a21634c46b531b4f2ac5ad0f03d92372c334ce963e514a1891716eb5d5bb1b67834994eda492719032e2a4f961ddd6d2002d8f52798c45a9da8145bfd191e97d1fba1b395858b0fc7d5f5a54e69fb3780635f70a763e44075075580778676e6b9705b40f40210e597b5aa1aa77bcc3be5005159a4b68cbdc6ad8674495e0df65a6decabafb993cc49c082d358db1e5b3a8af2fcb0049a15bf521986ad84148135cdb185fddca6802c2ade9ea2e82047725d73f51e072ccd799d696d7530f61b16e9b4727c58cb0f552b188f9b451be543bd809b63d66bcdbaeb7aa917be6aef05df559b3aeaf65d5ea12e852d1370efd6197f970f52292f27923a10d01aeb652a9a44573c137257b49d130f1da48e532b3e33d4854b995534380b4549511b39a99145af5abe0ccd3a9dbaf673efc115cb75a9a5a806679907bb525a2bd4507977329eb4c985b3575de6533fc5d62358c21af3dbdd20deefd7c417c77d37dc2a098a8fa48f7944b7ec6f929387ba11e3516c9ea681238650416ffb97ea343d5f227badfdd509b94c1451c54f85e4539a8f70dbb5efbb10b2d82a16fd0c997c603b8983ceb840a7c3b61918d8a97766bb8442c3b9ef2d324e28dc19748417d32f642874a8927688c74bf4f6f6724015c4dd50eb83b85f613fa20938f5c895f88830a40c9799c212b2dfb453ba0bc534f75cedaf7a016f6744cb4f5269fbf0284eb90cf1023918078024c3b125cd9c7501224050b4d20b585472b42a0f494513ed131bcd8f75e223317f56b37ca48780750de0bc81c74a3388c94d93a65719122e9d533274811b76965265d7b2f91ebe3c5924ed2d4dd5e327a6e7546aa2605e4c78d0208db7a7f678caadfb32e6bcf8c77fc7810f7d1d5d50e26d1a0da03b8afcf99904b2b3198670462451925381f0bc404c51f2f18fa7e2c1e8b0c6cf97a9a65e575373996c3e9da15a18d15c93548377677dd713c9828dc4e4ee823a241377c65a2948bd29447bfbe", + "sha3_256_hash_of_signature": "f99838c0e2745b0017ff11310a3f229142b2a5b79d3535531b5e72e126a77034" + }, + { + "key_generation_seed": "0531b4105cb209585f9fbc29caa57e64c2d40f0829931a42caf7701717d9096e", + "sha3_256_hash_of_public_key": "5be646b8f46c02821022f9ea23c36021a92ee1622740f7ccab194b23fd5c2c25", + "sha3_256_hash_of_secret_key": "b1e780ca998b2ddca3f35b1d843b19427ab02beb8f37ca799c579db1f0d8a6cc", + "message": "437e0f77bd0e14d704be86135119f39a0a65650c762852e2694ad9bf2ea45c7ee59df915f5aac128309847e944127294566ffb193d0361dd7111d32b06dba60a12e053f424ddd70674e902e409bc6f5891cb9a76108322cdec1491d3d89a74cedd855bb0791dd6da371a75ae979593b5159fbe9ddacf88506e6a184547e2a7395a46fbaaaf286eb7780b789fed86f257e5036a3555e777b909243695ce89957df492c80050457afd84aad9f8918099ab00fd7ad3528a3d0afe5b52300053575b839572d4d7ce43c255bbf5f16948d40bcc2e63714487afd3638601adf47a324482ecc99fb88574538809227f8c0a5fa7f20a0b2fefda38e6a665550e44b8d5630290a4815621a5dd74a2108ca946241c48661eb087240788808bf676b145442b2de4c35e1a6b8cb1e97e54cb729202d8827a0d4994c6d7f3f406ed273b00b6590006af069d69173b5ea8237b87705f362288ac3a50bbe7e70eb15df6ed820d66290f57a87e51b2c5777c9c95c2a76ecf2e296a7c295bfe029bbe681b32a6d9f16d11c7ca2750e2f8877af5ddb616d8a820de998b0b2af5b0c2c5641f498c99971932327ec2c73c0ef4058d9f33683f60553ad2962370afc6725743c86e591d7d7c20944479daca5e92d66a33ca0c862dc60dfeb5ec3c6e7de356f6e43f06b1431358285398f8885176d60cba218217dc7afe4ad876d0890648052a56812bc3f8a9e6c49f9d70b0a032924b891a9410bbe2f214c842bbf0511ef9017744a0dbdbd500a4189b471930e25216d2588cf8ba39aae7623966cc62d6c4ecc8b00b0613d912e60adf613c8f55b778efb93a513a776c64e8dc943e6272c0eab4004b4b05ce9bce9ce2f2b86fd8429e9a72cb16ec3ded285339edfcd122150f4e7310f669b1dd4cd7e76d282d10314e8abf61d53bf343f3ebf9968e1be8f3785581f675bfc28c893729cf67345d0f7c11d6e7d6da0bff255bf706c986704a3b9c6fa0602c6dc108a59cca70f624b08e4f5393e597459bea4aaaa463a3b08de147e10de6b75a0d87bb79ba9a71e7f5999c8972ba992228b60912aa2d7a32703ba8bc02f774430a2b590911d48d3866396f1d71f19ca90ebd5277743a984e2156cb57de88ebe91bcc09ccb5c687cbcd4e48e4ee110f4075a21f9a051700b0c2698fcd6a5a73372ca366a230a9abd153e4dcab7a33a8226f8458c5892098bc0a95619880156548f300c40bdef81e8c1d8bd03031c690b7c3c000ce99675adb4b94752ea22bc9e0278d0a53a2a19363a9388bb8d6c24a45b5dedd8f7482e9c29603ff182f25856fbeee2b41b88b352f99db5f33d8eab1a1a1fede60ea6cfb7478db7540d3a286e88117503c4d0a2c13d32afe3f1a31d1af9ee60eab8fe06248cfffc7bb438b77d94b5644805cc276f19268dd1ffefbab3c796923288638da1c15e014723a84f8c2dd9f55f7adc2adc13fa7cdc29baf48ca438c882da5f7caa792b7cd984bb11ec4b681b332edfd4ab4c132b08bfb688f81baa3fec5a079e2182c282a3ebe2ad5e4c59090bbb989e6a07d85d604f5ffde0587add29a5175ce65d29fb9fde3e8b49eda1d88ee8dd64fa1498d33ebaf4a847ee9fedd3376af46c1552a150014c11ddfc5047929e2415d3f9d81186a685a1caf2f004de777760f0567e880866320a7b42e61cc994719ddc81e28525e50195ffe4e0467d9a9182b75ef57dfee926d7744485a55e07d1bcd1c9b9b12a60460bff016e9834848665f132e2ff87805e00154c7d9853dbca43d005bb197eeda3d2d9249a621efc4177415bb103893c82eeb0aeea056b40e98b5fe65527432ff33ce3e09fe1288a6e2641011721279253800abc4b73f65b15b434bd34a573e77a94729a78c92f0e791570a416a0876db39a8fda8696fb12e7fa3bb11e7838054e4195164b9676dd03327810ccff9586217aa3d50e7d3ebdb1ae1bf6889df316047cbb278ce8c9741798452a38e48a7138e1fba286b497fdb8b1e7bf6145c5f29ecf6d5430f8e550314db3cf48f27897f312c6d9d6357a880b721e5148da7f789238ce411f952695f4a878756bde311bb4e62f10c2f9939b8530ef70d3fb431655aeca2ad36bb5df0582a07f53f1df8e0325e635d5a5e795c130106502a081f2fc52a9d97c5daaf174f13d2de1ea0f8860f08f4fd5b571e1ab1e84437f3c82bf19b96e46513c316bdcf994bc26fb8461f90594e08e6d4a032c1da38481a1ad7bfb7d5270255bff23ce035535cf478216e6d2e62e147ad93357d62636b1ae42c4e8433bb94ca91d0f8ec265f2793514543aa86b786d9760be5c77aad5a8449a7dbe92391eaafc305c1267a68e6acf0f044fc144d82c917992748b9232dec4e33ec97534f2bf60b56edbff675f0343c9c78e8a8d0529a78e2eed9f998b360360352009f01905c1a4815a36b111cad8e5b34688b99216171d4f57283cd669dc05995bb8d94ecbd3e7b662c4a603bd85251f2ba35fb6ca492c2b3e996fe66a1eb904ccd61b0900e7dedcf136f50e4c3ad5fc312a2de4b3e51f355d01763692c0722c700a544e681a316a1d261fad727e557398e500f15df33883abe9d1ba645936891f5a91ff6c8a7b9b6fe5062718542df4fc4ba50d7f513945482381adc42d5a9d444ca211232615306d7241fc49f08912bacbafbb056c018ad4d6021d99fd720ed6548a5a29daefdce868d71a1ba72d9f998a3f89fcfe526493582c4c8af5c1be065ea29f6155428dbc955b745df", + "sha3_256_hash_of_signature": "57f1e109eb89a75450bf653b0d7a495cf817bf10c310b1c3eeb926ba076ef138" + }, + { + "key_generation_seed": "7f8515aa82dbc9ec8cf1ded5ab58ec0d08cf686e25a8c01fb1109a3c68d19e48", + "sha3_256_hash_of_public_key": "0d0a353ea3b9a2a6e920638575cb663c56e2a7ee5b29987175dcc9ce0a0a7a00", + "sha3_256_hash_of_secret_key": "1a462772d5d7a7a39c9ae43e43a434029eb8dbe772d2e2cf3d83bc035e049e8d", + "message": "e4e3edcd70c4bbed033f402ceedc2c265dca10b2de0db00d454c3ae1a0d00c97e1dc8c6804b1777ed21ddf5145b9f9348a931c128a8fb03827f653c37cd95859868dde356ace682f627fb69fcd97757bbe8bd5a260a293d2acf0bfa2c0a3548fe25a2ba1a21f95123d592b40c20a927fdb615e69878e8d7c98d261dc01958a088599d3f9bb5e14002192fc7de417b1074b3f7b52cd2a699091fd9dc3c5929e51cc0259d2255caf0e444ec11257b759978bd4a7c8e2ce8473325b7498681102de6ffe9764334d862e379d9f2ebf9b312fa75d7a50e08b94bd43eef78722d423928fb8e26fda85a345eeed0326a5d694e4729154a9997b269407b7d03818025eeb2ba96580626dfdb3bfbfce100c508170d8150e4980d5d386761f4e8311339b47852acc2a0a01dad90d3978de6536547d4f203ceffaa652e4f2f28639bc3ff83c485c28edc0bbe21d17b8ecaf3794d64c36ffe7f07e8a906cab8e7fc9067ca4bf9b074c7fb01ef99a05d7c0f35d889a63afe5ff18023bf77f8a3da0c3cecea0e538a6dab5c54f3a0d83151595ad3ec4c45132ec2f22f652ea5dd930e692a7c0d7c23de84314caa7c017ad50d430fef42de557073ddba6caa4a787c92e6e28368943cad0974edaeb7addf991cce20bf51c5a898cf0a2104abb810bd4937d23e5d43490a3194b8a109b745e0a365efa59199b43835682e996794f16c5cb874c88d9697b189ac54a1ba1f459623c1563cba7689ebb32dc4fa0bf30e064d119d40c36301a653a4f959c97873003cff7e8e030a137bafe0a60ad08e4f692dc107e68ab40edd0c384875b8525aa0a5ec3aceafe557ec76db5283672f9751afe1166d53542d216186a3def4dfa94e57bffbebd6f4afec3c0f3f40f651a1251a9ab39c262d42313e9f22879645589ea54fe894ac005115a43dd806b2c8be6222dd9f02189d4221a9dde99ecb8c3ef4171776268c12adc37e4ca92eef09d2d1803db1fe917521662ba7ec0c07292c7e2130eca4eeffe53ee0ceaaaff6f4ccfd42186611afee79bc651b1adbad08458592d69fbeec708c7537925658babbe7e9867915c6a728eaf41b0af2effe55207c01652891c373f7a14409d05fe9e26c2e72d688047de9a0954516b85ed6a3230b6b0ea9c5f086720c26efbf8b7f5c5d14651d54c4ea181a707c562239cfc08b2e09a2941d04d587b90134d8f670f734578534138cd9cb7ec04437a768fe65fc5b3fbe818db423a2208e485669082b422ab1257c2529cbf7ba4cb30fa27b7f702418c2ef9c3bf7cde53661df716449c6337c54542eadc5209a0e030ad6577deeacc6be1813db24bec035cee6aee93749d524222535a0277600f8e4f4beb473093c5a00b6666cb319dff131ae4f004eeb1bf71e5d274e3dfbfa246dada9d6f548907091045fccf79b363e695ad54c2f791861ce04874ee8c3375612de820cede04e4472bc3dc19abbb91c42a1c3d7b467837570e7d20a2ca6405deccff1aec03e0558076e988619cb0cda9cc87a12367bd486b676a4f71d40b88ab4e7fa750350dadd1a8f12b70864792d3cc1804be8b7cb9dda532182c32582015c1788b43054b7010229f46bd39000440e7f5d22e4d52eed85b204b344680426aef51f0ce0551feb9672dbf391a9ad363ed090837cac1e721878e65af9ba92a0ee7c7979925fba9f4e452eb4fe3af03b9eff0526ff0a331ac0b8cd27a0c49e5019b7025c3c9870c900a7fb31ff834e04b87db77c4d6dae4c3fee741e923704ee5f294d8f881833e9137158d1ee0fbfcb4637acb814a2a5346607bbcd6bc916235f7875334f2b75a7ea7b8b8ddcdf46c0b8007c9b3a014ec6e634d4173cafb1dd09cb9ed4a123151f4f2631d4bee1520c10c15afeb17198009c2b254c1ff0becafbf69be8c7dbbfc7e8f3f1ef05ff6a7945ff79ed6c317609b9238670dea26d56d481f87ca171ccfd726cc0728c965d9bc38d376d707e6979908b19fdf7e74ecd2d0671ec338fd54ad6cc5f789e96018521882588f888d7d715104d65954dba8907c0b7ce3f2acb802ed49ddf1416c29e8d685c5ad879464819e1d53fdac741f71e31ac0c17b6c8932a4a00e7164cf8bbfec36ebbd30392145b292d355fb304a88a638f991f6f89a398b09f1de4f0b29866029bee75a12d724a52736f2b9f49937f0e51b0f2e1bd2c1bc9325bbd1061e0f7685aca02da735d8fc39646e0b2453bb9690ed1c4853a757ea9dc2f4eb4b5adbcfcbfb0cd2587f61a24b77ca0d6cfcff47a98c7098b986d4fbd0e46ef0d1f9df842f4473c43912ab49f4117c8214a42f3083936c7e8a38b294ba081296a393dcaaddcd0d340ac62511e47da6591836553eedb466da6285359ee831a952e6c7ae3b943636124e43224d527b7d394511cf31c50ec1d3e7a20e49850905d504f1aae477830e3bda50430ebd47fdbb0bf537d8d479cb799b0429c3f6591328299a09f45cf9c6d30d5c1c9203b9521d807875d7fb2c2cfaa688414497122161b1b4f159b66c0834e111da4f82d5252367fd2dbfdc079333fc51ab0d34ecebbe786f984852a596be620ec6cf84ed596425b90316a13b39e5ebfa19b319bf0fd1d6c812f29970fb1ffe948bc0d2e057b1dea15445d71b5f728c72dd0c69e277c58f031f90932994ac5a177926dcc1c570ac1b4b099ed66abf7dde5a5d77d08ef1ad7c6ffe018f56efb07c737f33038846247eeee147e4a5995bdc3352b73f15fce5140410aae3f0af1764e5ad996d01608c5e6c6c96a20274ea7781b41fc532b01b52134fee28f501efd9cf", + "sha3_256_hash_of_signature": "25c2452d609597d56de575a02aa8f87957f3ddcc42ac89cbc42c35bf4b18e30c" + }, + { + "key_generation_seed": "5af3838060e0f83352a75a0ec4ace2ce8ba119bf89f34cb4d6b8e27007cae7fb", + "sha3_256_hash_of_public_key": "77a3cbfa7feaf54fc0dab9cc5d73ed01d32dbdfd84871199b956a691d40a44f0", + "sha3_256_hash_of_secret_key": "4929a85d39b5679eaa776061074ae7946432b00f6ddc0673017e7a369a708c75", + "message": "84c603d1b5549c46964ff2987a1f533b4ced94e67d576a3b0bf1c8bd87a74ac7db640fc9f7ade44ff79b820846eb83367153f5ddddf9dfb7848a13d59436916efabb82dd61291447491d2ca04166fa8680e8e0e0dc98e79344534ca1cbddb531797a61c291606200107002091adfa927a763cf98cbbd631cfe890b0ed257afd34ac0c5280aa7c70bd0c945d78e6fda284cbb7b3ab636bdf17342f2ba28d707147f14d15173d9bc0b6d65fd1663c86971be1fa59da8325e1f3773bacc5b8d4158ef525fde6e96631c51ad142250252a8e5786cd621210df3e24cc0b4b60ac2f013d76db0c73df40efaa05a65383a8892276b3d69dd511937d55d914c3222a2386d1bec0a268e683716af4ab709d2d225b86229095e87fe70d69e6a34bb214529ca3f082c0f2709e77b86b00b4a04bccd343c862333b7c9163857b77e30551710ccc3a803323f5cd4eb5317cd2e6a24bfb77727e1c64d0ac47beea1cb35e5f2ff6024c06f2f391fee76f2e69537673fc0124e48e4e2242e84d8affee6803ce6edf3a954d2c54562b8b76a4edd91e24a8640afe67255605849053b60f558b43ddb9f8a04e987d15f6292962d10ad8f7b47188d12d1c9090c0fe8710dc3937c6939496884bde0bea979839837c61be4df5662c724610c7fcb4631a0a2083417be6a20f4eed094e2145bc72a83a6e147a655c481dcc906e63adc0244d95b6085fc096fbcce81eeb0497f48bb5ef827c0893e331795e3b301dc9f3a91dba9fbc838e044e2ad9859f1dc67e9bcc375442b4eb59714b5ebba87ac9a79c99ce74f8bc75740ddcce46c4b408b91dd7d4ad26b0fb1a4ab874f5504c40e7363838d22aec45c10d3cc2e233124a5cd8344249edf388e37ba43598f2c2cf56d444bcee04a335b154dfa3ca694db481cbaa59514098ce6e0e4138c0a543efafeda4aecc022c824259a06c3d57a70ea15a5dfc822449a27f58f9ef842dcbb636ce293684e1b331cd821594a12634e5594410b6c5e2306dc8bbe62c8b0f49f2f699a59efb14d3cad399f74ed893e1eb43fd770fd61e0c58e5d8cbc9435f4ad0892681a30df4885927130432186ad4be41f6fb7cfe660e23c5e55f60789b3e97c3b622599938b36bd1c0bcf6fdb7e4ee44c92b6a86ca2470bcdb8bab8df6079382ca314bf3a8b3c4286518c356018fd6f6fcdd9be9ad9c228f29135544e723a898f483e9d9ee843e75acb3feac447973d12461fee3d984f3b4f31645faea56852d356c96cd73a6f185e8cd56731e83fea145a2bf0c15adc634dd9e2ffc799b59a0712eb4d2618680c7493f50a9bbf3f7bde1025cd44afdaf4a8c42c9254b1b34aa8559e1cee9bde7b4da0fb3cb2289418110620e505b793b91f422fcf53adda8f7c96d55e26244e075d9a70004642712eac377ce18f88f2c8581694b8f621707dab6d292179b2a95aec5ad6e409d78253dcc05eccdb45683dfffb9c629afcfb0654725d650e4a283fd98e47f37aa9309e2933cc0393625dd81d4a02f9d5082644de02b6472d5d3aae110747e4f756973fdfce8ea5f997e30b11ebd50b45f6889d227d87d9184cbc6ed40e96def8b9236763c9999e21bfc1a74457ffe5e0dc2b16876fe04c2e0f0f47012a767a7ac18d71a7fd65f8647a7e1ae2d4d255492a18aa81d17d390e381b1722bc3c38bccea9d5e73231d0c6e1a96ccb47079e36c994e94af9a318d67b6408bb602a91d8e9ec6499deed0b51a9ae31d9774a1bef4c1de0e7a324545b2af9870cd733c2195c5ecde386d298c33d492937497ea5f0e05c377a4d755dea9d96c61fe82cf6299eb34b857217a2c6733fed64f5dac5f95a0ef2294eca844b96ceb5163363a31c58c88428152663ab0a2b310b1a9e9027ca8cc0db6dff528f9a421fa826a86acb4fd1d79c1ae6123c9e685ba66f5ff109fdff2497b1a50c2e4e7b4662fa11fbaa305a960ca70ff98e5290a8c3a27b4a3cf1705c6df4290fa64f3259fdede7a81cfde4214230dfb9efb20049e905833b5d48923c8ce2f8a104946fb3356154519d950998677c56c8b2c80471a6117b142e26c0345cdf0634e356d80c3be12f4ab89eb41dddcf98188ead2ff420eed3fd9287322f24c62b21f430d5f9b8592ce1cdc946616111c91c667006e47992fe2d5a2aad82f8dd1af3c1b8ba5326220645885cc94e8b2b76cbff7e161e994c0cb9e489b8a5662e9d420913af34433f5bab10ac72c5eeb9249f3c102e1762e862c13cc882d20be16834e54dcc323ea89a133f451b70087a8dcdc5b518eef087a571b570a7966f1c49bfcdc70ac05034d1dcc56edc2c0f57d1aaf16718c67d162ba330aa61a2875f90e2935752bff1ec28a79ead1ac18e70a833946ca6a15d8765e1a62aef46bed232eae89dbec278297b396cf611448c5fd4b36b95cdc54e3394c63b9b0969d6488ff1c700b390e7226f99a945306c6504958cd43cd3d63910a4324bb662a0e5db1622d90ce00e50ce7112193872aab5cee0b8d6fd42f26c2fb87fdf99062169c0be75c85109d4e209dc8a640fed3ec71ef3de8878b3d1729ff118f50f8a33361c6f707f6011454c5d744989ec1beb644fcf99cb2e7c3cd20e6f1656e07c3566c4de68593bcba0ee9f7bd2e272c3d47a3e03985456f18cafbebbc1de74964becabdf3e9bbb9a10b29bf3b458fd50f19d63a6231cb51cde3df46e4bb6318e81e10ad1674a053c8cfe1e72853fd60e6e642642cb825644d6734afb00329839f22ced734fa1421c4334e20f2ecc8bbc2652004203b3b639fbdcf5fda1423f08c3a1100655e4763b8d8356a151d702124d30fdd87b34ec4d34bbb3639464e44a693690e193329", + "sha3_256_hash_of_signature": "3130133753efee4e74b1538ef2db311ae84307050c1a860d502a3f38907f593c" + }, + { + "key_generation_seed": "b323d48b567f7effffd47a7c9abf0add5f11141737a8af62b56e042ee498ad6e", + "sha3_256_hash_of_public_key": "c942e6119dd2572dab3fffab13629e47a504f9941f0d3eb1b6f6c5ae9f452b3d", + "sha3_256_hash_of_secret_key": "48dac98b632250157fcb09a5831c74a2a0423b2e23c7f6eaa11387602a352678", + "message": "92d5feef68737ece61c6e0078d77fbae97b0b9235f40b97099c114b1586e107b5ed1308a8a2d20be41af129da2e0b38eaf02faef733c7a1d1a387bc55ef008530abc22697d0465aa3eb71f41ee72add236cea9a25995f3689c5a451e2f03915d96abea10d356d549d68048977587326523ccd71c05fd57bfb3c7a853f535beddeadfb84118f6548860f6ba536277ddd7ab42123e93381a385fa3e6cc023c1458a9f94822d93248f36c48fddc972b5d6494b26658440ffbc23b57363f3d82cce69fee4747a889e85343288d55d30fc54d2d0744744dba9977720e8edd2c0aca1fc51b0c6a3c68bb9bb8da0385db1ca4e9ce660cf7eb2382e5e95d2ae19def904a8651dfae53a4d0dc4d057ab1a506c3bd7e1d1ea3fc4623e7d7b410dcb312f037b7a5fde5e0e604fc33270faf1ffb6ecb3125ddfa5c49f25bbc98238c8ab1b903537cd67238995e81b814280a4ced61513d69a2178086d505f8dd1df7e11ce66ae33d4c982f94231957031a258e0ec745672a57a5ce76d1170111b8882a9eb5388094ebbd53ee9ea1fce4a275f9d7060c8da79018487b452817280c63b01b05efbf897387592e2bb3bb486fae0ab09f46d9f2e176de96c59992c10a14ec16eac36102b1d15541607075e67c842a888c87b268e9809148a323c423220dc31566b62f45cce1e2bc1b3bf43b87c998f00023890bce517271bec16efaa33f11611fde87f197852bc2e7a2b44f8c72a6f79b22f73be0611b81efe09253931545d2453939c46b6797cc5dc5a8f1aa3bd8456eeeb84ee76dbf2ebf32598750ed10670df422c7d7993acc55f657e6e1b3dfa1bd6c1cd55fae97e69d2f8f5af368f7da0a63b4065eb6d8f02b19a34600252fdffdf4ed8de2ea9cd2e74d63a6cef29bf02f92d346ecb9a61081ee5ac811f33aa5792f6a1af570a8b0846f3e6ef38452346dd637b19eca37bd1a6c42b20a5bede9a5de3c9f169d04d8c6cf5376d3404f0c21dead53da6c169f390eed7b5b54dbe47cce0b2ad1179ea8fc80fddc7281bd4fe31b9a26a00444af0b4d40a1b72be37501308906149dc6fc5cf02b6f60aff82b975fc8f146961ebccb4d126add524a9b33bb16f6a83c6f3727a72efa2bac116e493e07b2ca718a63fcac8e9d52a1b61479b4ee52a5ed30fabcea4d01a792a92676721286814f3b0f4e15e23ce0c5d59a0c3eb8573c0a2f66c25f2eb2fcff787324721004979be5eac505dfd39f5538e2c1b2cc12d20c1c5cd87299766361aeddbfff743693081842378744879e6e6371b3ffa9ddf34966fbf8dee91b7edf6eec3e4e2f410cb5351f847646c22ab594046ded63347d04a008fbf6ee9696c638ece73b39a269db239df36443868ad44d26a5c40fc92dffb008e436e5c18907f5b18b5e6c5900b41a9801db070d2db651187a4da7e2647ed3e9b6e9781627eb576bee8334374468760dd3b32985d42945d953d434bfd80d7f7ba537265ffcf27db0da1abdae89bbe94d98bc9ca197e41c0839728f964fe4ce30b8cc43cbdcdd9ccbe06fe99debc6f4024f3f00d43febcd62a1822a6d507337ee79d4517aa486870602d4f1c5368b0eaa1ff6c011a9a953aae58c75bbd3dc78d263a578c75cdb1ab324d71b9a065a9af3dab854189585c68d499ae8db887745e20ad9738705b9d2f5d429f12d6462e5e2ef9ffba53ce2f4e75449d2a7dbc3c818e61dc546175a6e0c10ae631df6b1eae6d134c08466ebf6eb5f8257aa10ef8c6f27f4295f7ebfd450629f3eb4e0f4be247ad7f5e80703b1247a4fc277311d69e5d62e0b0201a805cc4f1f807de99420d563a703493ad35a56b2b2dc237112f5ec21c70bf139a9ead8f7e921f086e001b4c449e42a0e3afcd5bc757040a2865d0e5adaf98e37e6f8a501ff39cef0bc364eecdffd03069b81f5e1978c397862fd56362835c059fcbe4d8e2a957fadd7d05bb195e21ad67b429621e1d6872de2d8bfdc91544f9e6ae8c164a23255ad0e00bcb21456f8fa6ae018f49605736c81a5ac0945e2d965f1493ed5befce512ae93ad91daf6f5a151d6c9856dfddd1f877945d932261ded67ac8231dc3ccd0b04dc1b02079c897601e363ffb9a3bcbbbdb0b0a375e69ee4a7135c094abdc237faa2e5f82d2556290adcf82adba8402c4fc9d0724f15bb87cd7a75a1a7bf826896d8ef63c7a2a3c371756af638706270652c376100ec42fa55196df332820d377760448d3e7adc42e9f5d8a7074bd0fa97433b0e2c501252de6939ab948552663a17dd7ff05430fa76e29f0519d650b86fbb19fbed097143fc242573e3e6fa4bd4a2ef6d9ce6932a066b4f9ff935ba9bc26fc2e5031c20ae30a52970a2df3504576108d5f26517f8577be61e6aa9d192ed62cf36aa641da0d274b1ed5ee864b549154eb4115658e6c60219cc5b2e22c49ce3ba76a85efb549117e1207f6df081d0761421262e352182239f1e34edbea4bcd8fa0027543824dd58a20324fd4cfe943aae5e361c367b22f587e2f9bee841e11875b026f12b9571512f72985f98f6d0c212df36a60975429173e317f6acf72e621f30654a6deaef9e9e455524bf07ffdf44642a1826f734d69f3eef4d52f26c06376c8f71dfb65a24a4c57d74b5976950af3a57b4248909524bec47d858c69041eed34e0ed3b111bbc117ab112bbf947d646ab3b7172f5fb726dbc53ae37956e29f5b6b1e3c90baf4e4fa544ff63815fdf4ac9a2a80ca0e8722383437b9a02f3ac538feda7a6d6c1635d3624a385d846e79e956dce483b89c346c1287a1a7293168d8a885feb6569ebdf3f47f8bbb50aa43941eb20001959af1b9b358aba13fd9bbc596ea42a9774a120af091d544e79c50686c26b4fea396bf1e4c25b8ee4929d75569a5fac521c77b", + "sha3_256_hash_of_signature": "0ee9fff3dc9683ce5ed1152e50fbf6f8095f24389089990b508ce5820fbb5b06" + }, + { + "key_generation_seed": "c1cf3107ea9b283419e27dc563ecce950bea78c048a3f49fb42128819959e51c", + "sha3_256_hash_of_public_key": "fdb36069806ad5b0b16ea9dff6fdb8920e3413351eb7b6250b62d01902c18039", + "sha3_256_hash_of_secret_key": "8a97654bf4dc6b75244f492b85e3f0afd7964b26bb29f8df78d86ed178a48065", + "message": "7f704cef1c510bc2cae9b70fd248c656226bd5686d366528f0d0befc0a8761ec640cd2da7979de5eebdf6127f29abb8607f8a3d3be05be25aace7fef3063df28e22a522fff0b6ff6a0c61f79b02a408e8e1c775ab80be6841e9f8a9d030ae5518e3ea8a4e31e416e087d47919593598fd58122a9e601a57ef02de183d56921811ae2253628125c24f93c84361c5ec99e7b16962bd96ca190c68f3aa9dd60ce3aa7610589813b4fb77a4688308d9bc72cbe918583e298e03ab95fc500209c14abeb3a43baa92dcb11cb523c4d17eb9c6697b56c8b61eda05bf5789166f839291cfe2997b7dd462eda69b0615f2ad82aac0a32f4b30fe8725849c144a9c07799d6ce9d293c25d8302161757b8c8c8d07032d914ea7dac275919a1dfa0d3348ec07fdc70266975722763ef85ec4af9e14288c9659907526566bb3f2dd5dafc0d422568ca3ae52486d3f2c18b667e5622ba7e52c56bf00f82af2108cb4949a09179544f30758b7fb98c49ea160720991b14e2858d648f0585ad1bb1d08294f029bfe936154e9d328df2e054004fc5c29070df9ee50dcd0981d2bfb3aa7d6f637c4ce457c0c66d27e2670107a2b85d1f026bd970ef3fb7e32c60218d5e43a06d9cd26289a937b4fbad2a831425728f3d0d30c6c602af4b14411e9b3c7cf0b4d630614a9e03ac30ba2b024d496da984d08854f1366012c2400a5c8268c2b126dea5aeba0de7c92be0af08ca22e02604a753702bdcd642bbfa0cc91bd8375657a957306a76b6f139621481b6f15cb57bee128954d30f552661f906d8ab42cf260f30f88993bb40c9679385f5c4639888973361216df3c60c57d9b250f64b7634c94dda3fd122713fd2405a7b71f476c263a781dce271e7d0665e45dcb27f7293de57312396c58c40e268f57ed856f536c8feb4b0060488de3c25949d2b7e64207576641b34920d04b46766aa2978d9352c2769d49f8599f3d0439c928532e0ee428a3773fa4d68e6052335c6d93368e321d750d296799faf87b82c640a6e995d18dda002887f141db8ece2584da2fddf848d38357d585cd619b1625a70a5d333561d6de856ed9908d1e377ef7be03b326594808be58f7fb3939e939b73f11dab3e572dba41d43a046b8d2bb521728222d5a77dc886ac6f328d9a531118156d791d64f5df8ff8be8dca32eabc3cb259b0f72b021ceb4db36a6cd2fd149437b251f81f7588ae921456bef1a79fe83447d80caddbf20895667ca0e493a4731eec901e03f66de284400a5558922ad53d4e0ff7bc6c61640ade0274c63d94e96bf6c642b790823109f53c3c27130a1ee38d448239187f5009373be328af866a9b8dd1bb735e8002296043c6ff641a432709148c707b900ecf46555d77644565d5998c096756f79b6f0e20850b8bf0528e78bf5fb4859bd655227873d289cce47feda8414d09ed7e8d380fc4d580c7f44b01521e829e7b0cb2d2f345c517b65e2d476687ec9a4c160a3ac0b01cbaa588644d799b125910812790f06c1ecb1f1e64d5ccf92ae5e8147c98b0cfad5626bab5115844198e8c2ac1df9a208fcd2d2891f4a29009f5b36d8e31383811a9493cf8e143b5ac8a14d48119cc16d2c6bf6826fc47d4b782ffc76b64401b8249777e32c1298606553dacf386a22809b599924a635796a1aec3cd8568064852e54c95ad887d7afe837f6ff676f69ee6288879f6d96193ad94a0418bbba2eed5355876f2c3497448a5f8f3f83b136703d9a38fbb62784cc233df448a5e88eb5f81a0be97a16fd4caba1d87a4bfb08e002eba548f662d496a1478bb7c26c69ca4c100aa6872a4945d703ca812bdba53ac86010aa1d2c53f29e46ad095936ff50db8805df4b08c9580aeece3a6ddd828e7b5d4dabcaf112a6e35ab3c28a6ddc4d98ad1063c2ed72caa50086e6b72090cc1f2afebec6751f27ef51dd8557e53d928535d82a220f62ba0645e3c2618f3424ea1a339a138c9b8e26b14bc32d1736a4193c0c72cc402c3eab58817335c1424bd6f38cfe16338611118b4100e4038d07dca041c72e485c5290f0dde601565dae9cdf657a4c7839d3ade72986af396e767430125786e219bc5736f16fef66b4014e5961cfb4cfec4cb2a32205a92dbf1399e2710395ba1240d48277c120526cd9e2352f7d04d89cc2754379ce80a2cd1ac765718b8ba61ebb8bc6d0d407022e7ac672065fc8503bf5bc4138520cae233ea997463d7c9e00bbd852f12ec17c6f1db1914446aa21e156d210094b699b4117b31eae6386dc0de1f55ccec09aa1eb38cde4602598d452732c5ef8b07c477e3e2dd470737eaa7357e2e8b74c31a117b519bdcef79b6b044148a10468e38b5a6b7b10d74c6130a60a268ed73dc9a25ed68af354758fa3f57ed3558da654caca7150a8e4449d0ef640184a7a33d00ba765b01c442e88d9b4257b93904ace04375679bfd8271a03073e34c4a1c0437c4009a9590cb98d0b5581dc83407f04a22c9b0246de38e1a13f9b1191493818783950548be562f940240cdecd4a50c94e406b1bae04b50a3a19e7923183e3fd356238c45ae6559193e0e846df0fc6878be6c963aa8c3508dc31f766a4b29c78d749c89985ab8f580dbdf7993a2261cc4bbe489c3bbb38c46739bd2516d3c64a93f10cf559db6a0ea3bafee8b43f696a5288c66509a57c642bbeafb40f4cd0649b4ce25b6fb2ef5529b73556051213bb39cc4f1dc8004b1588c8de836699c66ced567998523ad3ac303d9e13617ce6c1d2fc4c35b22a24504c51f64155f24d91d0e8785b40912b3dcedede71a6933b36bb514fdd1d3d843aaacf2c1e79a5216622c20036c9c999dac3a5a2d43fac3b23119927806f497b4048f561a2276fda0302423147d35579dd4411416f0f59273429ac0464ac49b230e29dc124115d18a045663d228bfdac9f57b0c5b4", + "sha3_256_hash_of_signature": "264941087d6d4578b17cbd4814506a470e1f9b39166f7efe4383824bc7addd82" + }, + { + "key_generation_seed": "a50fc40f0d9efa5d254943dc599f7dcc2f6d197a4d2666d5d69cfaccda560817", + "sha3_256_hash_of_public_key": "3cf1207a8f3db1e58e2ca2300a95616786fc9c22867dabc0fe9963a79b098a76", + "sha3_256_hash_of_secret_key": "2e207143990fa332f51ff6fe7fa7bc1ea4c6d5b30145977520f703e30a9fa7b0", + "message": "2e086fa0c4582e0c6ccb020f86a6107475985160bed201760d6489cb05b8d21452c81bd5d317f8857703daba24e968f3164c82a4a9751dd88742b72141734dc0b4a77cbe2ae1c287a396a2f5804519456cf1eae273a5c6361f52c35edce5ed7388d61d01ac040676522c9fd7b02a7deafdcb4169867efb69792210a7069287c5dc958d0953c36f84d9a26989dd3b726be8b94b41dcba1b5374123f55a6dbd6360698551c27d16baafbb0ecbe116b44f11425da45d7fe8aba91697d83b6896a06a7888c97a91406b81b3a5bc8b68a984750893114b4011b9c8beba6f5c2d7d9f2c7a27030555633a0f90e30753a04b1958141af7c1b95ba208da36f729673d20da0a83f913bec8049f8cd032d9f9dd94b2086c61643ab2cffddb2b9be0af996d642b7a0a31ce0eec8c61b343aba980fcdace9ced7be4c9048b356d41002eee0433428846ba4220efb7f493ff57b0c706282eee448cf7da9b17b32d0eb0016983175469aa5bba53489ec56ba3a92a70fda2390e3a5d8c038f496e7c3180c6971a39491eac10d828d44b3de2be64569b907005783e62710b9ad8eb8c9af4b04993d40d1ebf165efdec748fe9f6b334da6a30c568bcbad095998a47242ca16803fe1720fcab85233ad76ebde102a5d93ab98460494bc886bb04c05ae89e157967747f8c050b33cca52ed5e59050965523ec5c4eaf94cf2f2ee80c35aeedd14e65d937c92855d03fc76abaad57a21a42420819ebb9aeb65f031f9c4ba0ac2ea27289e941db89669a0620797091aea3ebfc2ac354e94d27894f444ff9e604c8bdf7d6c00df0e7fe9827171010445e737d0a5867636e3488eaacccfcbac1030c0dfab639ab45c5ac5435e2c5b8244e58c3a6bac81eea408020bfec66ef55fddc618083ed737f4dd3bb65474487caddf3aa2720a6931fc69533b6491dfc7e6e5fabf8103d05f870bfefddefa20822a68a710b517065bd2478ce080e5dea09effba3a136c1bc9d7d8088f736c363b30e2af2a6f2395ea8161cb64079340fa642c7763e3bf0623c968a16263cdfdf1b8334e427955e20c1ebce8c8cb136da8d002d8a9e5da3b1f56668c1c59e20dc3be026a43f40910d3a2b601d9d3ea2bf6d2c2781f976ba840fc986c8af0df84b8b0fb291d1310039d6914f8f7cc6b26cc33af94150253e8eb410344a64344a5a0c06e0f3aa23c68617c6f4659df79285782c89bea3091083a069ef8f048371cfa054de45e32c19a44db5d435bc8fef5570b68d80d5bf5dc06da13c36e3aea341ca9fe20047ac30683aa9d862306534ec93e79eff79fe22e3ba15e2ba3f59f7b8b9314dce31095d3015710c2927b54ba6f46d3981975229eed16c9b17813801c7d3cb3604de9b7a4f18c2f91b2b50c1f43e87198afbac718935db9cb96d9fe048d969635cb9f4dca659ab1612a698ce45336b8d9ff5468301bf05d04b3558d66e88de88427fe87e65d36d3c29fa3fb126f1f294e9bb391ee427001c34126c6622905514ce153682754d7fb1c985ae4da600aada1593a0a214332b310620b1b4e95bcbfd6eb8a241cbe848bab37462224994e0d2f3f4b521dca4a9a5ab10bee741c5919907afd2552d4aa300addf67cec2862420c8d1d8dfff60fdbe2d4a8d03c92e23bdb3400f5390ee4b141c5843b1e2c07c9afdbc70e3fc08e2840ebf3b0e5296e1ee44d12e68240fdf063c07bebf01c08586e8153068c1adc744a7b54f53b0fec3c752da9f6f989a1afea4adf1ad6ae926cabe4e0cb2cd864412daee377de559a38047f31e834a6ce56d4041ba709945f07e514f96d783f32b0efcc8b889faf2b6d217246ba7c07b687e028f23d2409bbc12d6ec0d94ad9697bab6395b7070b6feb2e907a119209c9b7d86af953ba7d2ea63982bcd794a5bac69407bb7cec5e027833b17420f146ae08f4b753bef6ca0922f3294cd2a670127f9d2a2ca78a30f62056a425cbb7074c9a55135bd06ce677abdf33b420f66cfdbe9461bfdf385a97439b3431cd29decd9b5e59ec3adaae879a4e8d5e28ca13e73fcdba51c828de271207a5deab373b1b6677a29acb87cbb01f10cd2c090ee66d472e8db61615a5ecb84a7ff0988dd0df9831bf43d732a12ec8cd50a86add12a5a2ea765744b05f73725ab8704eccb08bd74517f21054e58903481e7a724f7ff24c43d6cd23de84cd69c9e464e67003903c3858a6724247eb929716e170e2d2739aae10b88bc3fb8ffa849e385b4113e78c24de1673fc7e7285e6e3744f3843ac7be7ec16bf74215694ce467a2e859dd4facab86250fece28e0a6a31dd529d08566a6389b85c310c28a8dabbcca9cd6a631ef0473abfd6846d8326561cc9cb8181c1593d0f15efb8129af9e838af518477ce361640169d9731fc139881d452773f21a3e79e514ddaa513d7b9f3399c0c57d21eaa00d44a7f031b79cac9fc304e936e75a0cf8d204a6cc3c0fa7d037dd8acc3a33cf5718061fcd57ebd06a607fe0bb0204e687b2a17b1ff47da357b51a753076cb89422098d4f880f831842957e648c54adbfcc0e488a95581e709b5a5a129da7ec5b00ac9b18b80533f2dd1bd0f475a61db18fc0c4ea655f602b207b572234230c831b26cecb7bc3284797c4bed5a977c3bfbeafea3dbfc4257d4c2c5bb8689830ee157f3b5aa1eac09cfce0555880a074aeb86062a8ace19acdc1a25f8d0e454f50f119d12e707d103f3c1a502d4e358d563e53554395b5d386ad49363978afbca2f8b673a693acef70d1db4ceaa8fa580160924d4f18119be46c71e09fdee45efb14a74db1c688e99e24cb6025e73a3e7f0f7ea9c485274d2b6cf9784cbe39e388f9ccf1e2e8dbfa6db43355391a369def645f815424253abd0b6de9c0a0af156d9a4eb7474a2e5937f008134debc9fc7e54812967fcf5bce28fb5cd43f1aa240ba2e9cedd6f350d556db1658868091e6034d7e1ee5c6645d0a345d46c42e23c6821c360f5acd13f589", + "sha3_256_hash_of_signature": "79b84577b74f879486ccf888a56e7fb3b63c135bdf6e239c15d88714cfcf8518" + }, + { + "key_generation_seed": "4c0f0ef1ca8073a562d5414584edf268913d53d5fb39fa639e02e900891ea82c", + "sha3_256_hash_of_public_key": "0aac5e4eba66e5dd1be04cfe20663eaf88dc6c06ceee3dfd14932ce81e22e6a3", + "sha3_256_hash_of_secret_key": "86410f2a88721ca1b8efe276d6d872a20b771167906a6a63eafc430e16b3b845", + "message": "5180b7de9a84f651da10d334009b3d65582f3912d329fbad4ae39a9eec78943338c29db4f49ef41e3c50dabbb530e99113440383f20d5a3a8ae279a6201a0c84b003f6717c709c21ae893b6e412d87f8e0cee5a89e60a14ce975a4d42e4f43f4710fc9fa29e9b2afa93441ef5570123aa88aff009e2507a3e60a79cda25652e3ac3ac0c10a816bc04739b6fc758ff9ac467879bb67f270e4eab43f10a633e5932b8d6dcf23814de8643407b17b5e2a91b340f7bf6882db694de4dee4c480ce037b9f9a220acdce84b03746f307a6026531d712c0630e7de3add3a8516ba602d2463e3478008b3252b658fea54de41265b5c81e4e913ea0e2a63309497abf961ec40ac374adc0ff3c6fae9bfac5cc2df475885b0bc636702828489183cde1a2934f2d63828ad1f2b8cfaffa53151b0ffae6224df54c2ac47cc8844b76222c2a3b6e132071150049b6e46aa75dea28c13477980315fb64ce500bf0c6f633ae621d65b331ba96cfac162dd7897b8505257e228cb621bba9176a7afb3a2cc20d7804ddb3aae4b87ffafd3c8dc541d05624db02bd62491067ec1cdf73147014febcfa5b561756d5e7a13b88d1e7b2c0375e1d0de71ed20ca9cc4e6dacdc579f1ab024aae2a0bec9004e5dd81c046f00a2a4cb767c4eb240d205278cb863d1a61def16635c6a84c2406288410fa4b73b21077d8f7a4075a1ddca3d0d334725151e434bda80d3e73593338b07958d27337e32cde0010dfe5e58b99eb27a97dbd1c5e6f9a552a02726aad5a4aa63edc336d83e5870dbd514193367af2274804628b4eedfda3b2a155694e89f5a6798c5d6e036159c1f00d8dfb03d41940e775974b11c3fe4456e07b127ccb44e6fd6b2918f57a6523d7f77f32478d9f1bb539846793d4284e2907830e5ea76054802a266c85b122a389eaf4700629036716e2869c0fc9440856d562711e903a1853bc68582a95344b612e5cbc7c5b2aee23cce4161a75829b2048742fbd65abfe2397cc7d66023de34df4f2df8540cce9781ed6482d29ca4e906716c8cc9596b158eb51bab8c2e00253d6589a99b3d20fb494834b42bbffb80e7b0441e356b541f83877736985f6330ea459c007ce8bf18d84e78e36482d581dc7df97528ce15f68e604b4de62422b3aa76f3e7e5b33a49cba9d89fcf50deb65ee45173795393a50fd4c60cf6becba7e733513537d13f89fcf1c4d6437de0eae608fb11d68b9adc0c3a19a3565f6d62ba81a326ec334b239b212b87320c03a75c58dc8f828c4195ed9d7acddce493123e235d098e9dc60f5d3a625e1ff66f245e9977f9630a40d26e3afb6676f5122a88ce5507bd825757d9ccd53fe574fd0e6e728da355403ad664ffdeaaf636256fadc3283d6f15b297f79216833cf2c745c4c5e17d03260a69178f2216168bf8f00c9889e1e35540254f150c587a884cdfc9e5f7d379be474356c06943e416eb0697a1ae989ab4872d0bdf436d9ffaafec1631c9939fcecb84db2846f12ca395f506687b4a5638085bc6ef58fe8e2abe9f8d51f272ee855e2db84a89d348dd66950b8f43939db897c519fa302594fd1fbd6b6e94ca8ff63a7949432dc2d35c60803a570b1dac95ee0a60c62fd18b3319601ad29a156400d392dc9a14ff50af6752c1f6edc2acb7ecca71097b6e82227de429f1a29c5e38abea1c74de06e6788cb1790ae9f0e8ab35afe60b001f45971d42949263aa62519b0d630281a4c5788d5591b1ef5a003c58987e8665701e5b1c6063f93533094e96820f918c354903775ceb6675c4ce9cf940c4beb8845b4f5e1f642bf505821e5a23122e2d1adb82a63ad18cd1e4775a96ca9ef9493d75ff784a2d4a99f54dc3f87828bdff4b3a3d98fa5a29b62a85caaffbace4592a81bfaa5b8bae6606ad25a92a43140690a6003aa2d617fc707a53ec9d868e33596e098773942d798263f58fe5a1b23046cfa136ea35203b90bea2c5f0aaeb5ea8c24b8b8cba14cdee28f45d0278f193228484bcc7e08a75d0064d605d674aca9019a0a9aaecd6ac672cb8410fee4192e6dca7855fbb1c584cf288bacb40707d7e6f8ba2956f6d099f52bc7b0ad72b5a3ffc03c7b47086330244ea5d393c6b9f256fd82d5cb9436a469acc3f8fc237146895be148749f82d39b7ba4ce47715bb393a96ab471665529ab9e9958b12396c1ba7529dbf289184ff0f635c2ba9df301036c869d52d993463222b70ba778e81c8dc668de41c0356eef5c39f1bd42398bff30f959e115c6b386e73f0fe28a2665bd463c781da1c46d6d4ea284b152c8c12426dc9cc467809bfda6fbfbc0bb4793babbf6ad564d57ae9f5e2b7f651d6ed980f8b1174a126cc58b23c32ba73f5031b3fcabfe7bc360aae412d799cc14d8b252d9f9ec9005b7fca04a88cc8ae9f7aefca94137003d5764faa3c7c45670585c84f74c4ebd1f5ad1f97ea093595592fb90e3cab01f98f06e114f13de67cdc36f3ffb01c3d51ea643c25a3f6aa2c57690e42b98583d925ac7b06a349782a1d33c06bd05a82a7aa3dd679326d948d74a1861926b45db78d36070d3087aa9c5f4f42ca57ee9ce7035bd88a85ce1107c8e07e5ba3a62ecf012bc75fbf97c4c72331b55ab9a6effd78869f1cd3f330526f262f7dfcfa2b084b61e90772d5fce8f038c0f72554467192cc8a27f1f53c8714da1864815974b00991f466648478c5f9bf036dc4083d72e8d144ab10fd32408da7677729347febc79e48e7b87388d9b59aefc84b5b3b589fd91863811a6436ed76b43e657f7ee03eb796285a4d93be9aaad1e1a1e81687e42ec83f3dd059b78bb7f8ec70e6c831db5e90c6b3aa511f36507dbc8e7a77df0f5b9ef03bfefe9471de7c7fbe67b9922260d3703d95a5bfcbcb62d830e20c23c6cfddc210e47cb575957d8c3514a2ed4561c738928f210057896eaeb1499d4ddc70f44e30661e780aaf5c0a20c8553f40d7d3ff6d120511c1073510d04f2de544121ab851e98f666906367c21302eefb1aaa723f6a531c454eea0be7d50", + "sha3_256_hash_of_signature": "92e786ffa4849ad76f92331dc0b5ba9c75fcde4859ee0004e5abc7c20806ea94" + }, + { + "key_generation_seed": "5ba8ad9b66c93cde7e7e616a97fed8aa91bc7235fb4db086cb4021877780c6b4", + "sha3_256_hash_of_public_key": "59d486c276fd923da8e249d021b395e899f2fb8455395b1828adba1208d875db", + "sha3_256_hash_of_secret_key": "091a9ddd6e8ccdc643342b070fa1ebc4a3c9c383a1a319eb829cbff519d2cf4f", + "message": "99b5b6fecdb52897a1958c5c3d1fc2f20b7d045f551856ea3cb441bad9089c64cb9489db6b63e0655afc4c2fa73c7417ff1b80b9c7a1d659687d2c415b3a909ca30e96849d4bcec6a9a6a4311204936ba972086b2394d86e840770d01550caa6ad85adc0ec851d2b3808e4a0e9830b99a70f6204ed4dbcb6759f6228126039607ad7ed8eafeea28d1c3e25a46bc18af7e01f55fad8244f15de36f890416aa09548554338972c5f88fd9357792819e51a63d0b872b0a4d21ea3597405b52793d50c6cd70b52841d53484bcd3ead004cef0a6bc16ce74cb8ad0848000d8c5158dc16625112d1d85d17a3c1c8bbdaea42c3a43e9930724655592116c4c6d0b8b223337ee4e754541a09d898f7fed71c3785b7f8721653986c525bc00f15590616437d11f9722824dfde7e9615f1fb8488e5327e4d8baf5f79d1ff5e808d154951ad87638910607b03faac3a61fe9916ba65ffd16986deb4169bd24a72b1c8168fe569f3c81f93f3ebdd21d4e806f79fb28550912e9afffb52e97860c4dc0d042c56e1bb71c28b68e416874ec7043306a29bd1f4b9a3e612a6778315e2c2b850d6eab9ff1905030fada250caf308735393c191134f3c493d00b5695775d82adb9f2abdad17fc41fbd7a1defe337c2f8adf69154cc0862fbd43035295b1a9c80b88fa8cf75b36ca08868f881966b41fb3e239eb1db9cb51606a0a9ebcd552b2f4e819e2c30abdeccdde88d2d2f82f3585b5143943c929591d20cef559cd2baf2dc7fe03c9e4e084e8890fce64a4aa9f13d5eb945ad7e3cc53e01fcdc192b97adc1f98d9e773a0177e8d97405808ebf48bf17b689bfc15f4c515e38a855a9266230c9085adc9a6ddaed93d80c3f38bc516695d202b4e89da5b4ebc43788c848f8c4a72f79f37f857edc105f13e4ececfd09302711bc1993f5308b8f32ab96fb8ec3f5ea0531dafd0ab3451f81f47e62c593c8d3e3beee79db06909576bf876145856f5f716caa436c98eab28c5b85bc2e4d7e1653ecbb8bb6b5bd6981dc72d7f63ba06cac8197eccdc72c1481db44724a3c21f7fc60661f11fdde8122da5d0b1d72a29952618b373423a892875e6ad24d0916109ed8e9a9a8d9a68acec4bb5eeb0d00eaea72d8d5a76c2a42f18cbdb3d336b71c70ac73d39d7eb04533453779a1f210bb4fc056b4728afdfcf46675c6ac76f750626d642e3ab117e5d6740154759a46c27d51306587650e1039054b876849882e7dfd807bd03e69021e337dd69d9b097722c6d2aeb517d773d2f7d84d69dabe1a1d6422ea1766c0fe7b8dd4d7283f2985d96d91a132b8ba03ad85f7d56095773222d0afdc5a192d29f3bb0c2539a1c99db4e711b6ace3febd58e45e99c9f5a04cecbb309d50397f28c48bb9cc9f9cf75a52253b634ec47216a1fd6358af26501821864569879be1736b0ad242ab5b8ed16a7ea0989ed4cae3567afe1f8209a028db46db0270b3bc06668a9bf5e1bc1061babba00ec4ec37280379139d19bc6072cc6b7d260a816cb82f9bc90897be3025475af12191690f9f400a914789a860155efd2d606a15895378c827f2a4ff700303962fd96db2dcd2d213eebb2460f0b753bc6902da81d44c983dd027f1171d40a2039997241e09ae5b6165b4d55a8e4c79671a8b8bdefef2c21f81c541a5719deb939f866b61be250af371cea7b7525094c904698d412737f7781bd779365f122ee627d9cd4a68da9d5be1b0431998aacf824cdd864c7365c01cd5a5f480b6ac1e5fead8ffe40d87c1f9fce81867157242285c5e76cf9667919c29a67ca0c0a61d7819d9ee6b792250a358f5691ccd80578f15288f3d5d6d7dd6dfa351fcf8df0223f7d1da1b76711fbe0e7fabd30377660ace7b23acf03abc1d973248cdd0897773fb74e20481ebd3e52657c9296b980905ad29271ec128513284f1b78f38634bf84cb80791a0c5649177791cdab87769d57b626f78a03435c758a207f52bd2a1f31e34b6a122b8701cd9fe478c57cf3535b6d51eb46caf794bd69363d5a56adde6945e9788f1e1dfd045bfbd0a68834b13d6b9ec4ea9c860eea0e9ac19c2de14ffbd6b57e5992b08943ea0283813f3f15e4f928b8d0f13de6863990f5c77f130c97d8be12571edcec7deec4b6ef4835f136da45da70a11f9192478fd8b4846c507410fd11668365b05252e68cb2c972acf50156e369b83bb85e62e4bd4d84c2e9ff41a5844d5d88aaae7ded852daa0ae5c14a5dce64c7e236e9b7b60f5b5ad4d953a2d842a52929491be3555ab8df534cad56dbbb86b28a8a86b7bd9ad1c58c87b8a089324e00fde32f8186b2b74523a22904c18ade02c3e965f94624f8df57e750ea6335e3eba705294b76cd6ada33d90fec1f48de7ba9dc7d8d60a53d2563964188874810c45736c57efbc3a3ceee7238aee5281882a554f2143bdf89ed4bd819c08239c187c12a8b6e763434b92c26fdd658b350f51775c60cbab7a2cb120db8ce8ae9aaf6af559f8cade84c4820209cbd27cc09230b22f013a0e4cf8041e4a789a5d20be9914a624ab957318848addb39c9748c8922c54327048a2e46523bfb22487538363459035ba49858f85a469957df1f4831bb7ffa0564c53233b99b596f5356089949306dedd6b904433d25c4854a80590b964df6b0703b4f9628d6b9a4d3f0a4096e9a0b46d6b32f66d563baf688add18de001da62e33c503a4387ce0920ba5d1e8b69c38e3745b19f8d8b6ca5e1ac6de90edb25fc32df04f0849d769fbed3f8169ea1d2252619a2304e055370b4443cd23e56d4934f9f3fc92f1c1eec626657e6a89c1394e56061af8ece3e2a17fbaaa4d579a99a7998632a6ae2683ddffffd27a27c8815511855f09adff7bc627a7a5c95fe57fa3ef81f494fa7ea6e6ca2d14775a25beaf1b5a3e35ecd4a306545d597e4e44301c3d1648f0a7d841f2f76fe59c6eafa3f5b58907fc4e642ecd28d16a71ee3d295f1de12de1485b9cebeb2cc6c9ac051d3d42b6a1a068533a7680a98d015b09c5b819ffc61688d441c1b7fd71180c4423e64ee940917c7dfaa19f3f51cb5b38d1b2b7c81d10e7c", + "sha3_256_hash_of_signature": "ec8399e72f206541d33ce3034b1769cee0971b5ca6f64a435ece60aa88cc6c67" + }, + { + "key_generation_seed": "25d957b9bf68326d2efec93da464f43e3df16dd6571ceb1ab68bd58e87734a51", + "sha3_256_hash_of_public_key": "58e73b74ea2f98444e84f43e32e342c9e0cfcfe4f197adffc07a3ae08a8c0b7d", + "sha3_256_hash_of_secret_key": "311d1f97a9afe09d0aab9e4b7ae812ae65ecba4e06b2d509611609c0b34fbc7c", + "message": "e3b57b208352a820f622a694b7c3f6f297239ef0a069615dc664c02f1822bba48e11e37bd9749c98facefffb0fe1792a386be10ca7b98cc874c68c36f5096d3718dc93e0734d6d6f913e3b958dc1fd1424818c9437b0fd59728ed46a79fb52c737a1d1d26f04ebac279a7ff6a971e2b69576b712d9224ea18fb9bf4e613a8935f3b36a073b01f37bdc0b77981c8f2804e93c395419352b85c8a32dd77d41da9bf3ecb914173e80dd1fc06e8ff5bf0e4f7424849a15eb7faf7de77456ebb64d10dc10fec6254070c7df387397137372ea3a53dfda7da13414af2df16c1e38c5c70a5f5f44f725d622049256bb15dc04a8d846a1a0dae7e765a7f00c498f1d0b2893b8405be4a43fb7e97881069a49134a2a847184b82eb5a690d87baf2f579619ee19a3d7a7c7eea72d6e3fccf0a8092bb8d3c6b551f27e63e762a30b4a4df2dbc4d119139ae1b135d06ff827846901577700935e0011b65461c2ef9a7b71eea33c8ca4519c7bcfb557c5e1d42d9243f2dc34057f5e0ccb9a457fc34dcb10d9b47f6ec3b9550d3ae4fd593dfa3e28c6cca1ff1ebc9d98da8db869f8c80bdbf8ad4684acb6a779ca9d0a106f26da17043773862681c5dd2deb1bca2ca48d4fbb4bb7c1f765dca3a1d991d890b9a8751ceaff543997fae5b128ab2ef22b3be94499dfd9d8e78fb4c82ca8d296b0415e84ca8b5f2024455b5decc8b4ccdc7bc4ee06b4f0c66e6748fbd07e3a3bc5b4b6889c40dc4a97ae3eb43c3914def976efe3bfd84a093bd69102d7b37c89b458a55b98a1974a13a7685d26e9d816c79585bcfc1042c2af88534a9fe8b0a6c8c44355a6d606f902db40d5490264bf0f352c27355633cb095268d5b8bec985a62d84b2323fe814053f05dedc22029d2998bd0bcb255c162c4bc03f60e3580ac3ae86c37850110e9a1bcbd75f64a0dd60b941e2f57da9d72498b3ea8324eea53da3895585ed2942b9140f260895dc6a1131a4c3ad2b64028bb8c0fd67e1be4c07f808b47daef306fd9578025f9c639660075837b2c95473f7f860d6ea2c53f4ba677a2345cf212c7757bb94f1a4f76d4e96625f6fe051b8246d1b7611bf6fe325ffff8514d2f9a3453f0e77ae8b958ab5b567e541f156c6f4d315b4c3c547d59bbd0d7403e2e6a49b9e7d3fdba338ada41875ceb03830a846a1fb266c0f1228aad2b76a2e3404278dbe482907206fa66487ad2c999867f870c8cb7a70b83437e14b9e893bf6b391dad75e84588e882246d161799adea63adf1ad706c0a3b76bae595d84b21ae9da30bbc0856987f2c2c543d977747b8cbd5a613b92804ecc5284ed23650e9dafb4b76d63f069710897334f18ea6b0cbf99cd590a78e3b050e1bb24c86d6323a17106f0cae3f30b01e4eb3db1b5f3a4771a880c8ac06bcd5a82d4103d0452fd7b54834c1cf8595dd77f82d4ad9ebc1cfd0c9a8cc787e10aa4d1688474208b69ff7ad4da6986e5f62a34ac3093e0fb1efe8ae3a96f6aae09b0e8f6e7a2b65c7387999cecca43cc33f026dc19bbfd867c48127cff579d1d71aff0c4a0e20f9fdfd599a6169df1b85f6051e02290df6f5ede4f29bb6f0c8f806d6850c6534ecddccd75bb8e4a097c70445585740f822e5cebb0e19eac82bb78ebde2ca60a810ac6c54119fd6427da8a0155ef48653515a919b299a306fd3c62b505a6911db2b56ca2f296e487ba02c546eca2783ade8e46a8c78eb1f3d7c04bb24548f92383e475ce6e572d8de1bfa9b3e35d9bd6c79547b592c95693750010a3d22cbb31aa5a4abe94897831b1ed9287631f006a735c36bc84a8c87497eea4873801a733f35b328c7d2ccbe4a41c193d22f972571ba7630b33080793498cc85e6eea1c412914459da175a6db8658d0bd7a823fab286edc20c785c40bfd539924a24af4e3d37bd781353677c76d4672098f5bdd17017012571d9afda05a40ab56998e40f5e359c43dfe32ca10a45bf08f67d128c24b1acc03cbac46ba6ca5a532c105e91e0c77ed59fb534aeecd68735a4978177bb5a656b9f83b202bb604d61a24574c16656e512c0a4cc6f597b3268573e10539d1ba775ed83bb680bb9115011c6ad43fbb66fb37c467249060a1586df27b2cefa65265ccb9051e468000ccae24f08ba941a8180a64bb624f146c8ec562363b32c369f62997c4b1375dd7de64725a598529244273caf8398913c6fc01522683cf1f9f965c491abe7a554f0019514ed98d75eb8bb8565f77c195f629f98163494b4aa2674f92a41dcb67edd1d818a5b98993d0b1198bb6bedabbb486bc6fde039433e842bac568a5b4eacc028cc2544b57d8883848dddee2e967ea85a6102bd0abdda41c3d78447bee1d4949449abaa9b3377e8cedcf04a500fd1a6916e26983e64b5e96fef87b32a060444d374409262453cb1376c349a8b5d1767b1e2991a1a6044e0f58831bd11f12159675d215d7eaa74807c995fe22017e30482db8a4b09ca7800822c75c92ff649fc0728f5a1d44efe7d0ff147274152d5f2f60342c8f5f951d8c95f83c1d54613a182d9dca68f54fd55047f1f90cfecc04d733dfa82cff2618f29a4db4f7e1e59dead58ca65d07cc90c25f804a895d6a82f9375451cc55506d276fbf783f7d4d53b9bfb83dbe4a8771afe21ac543983d68034badc980f9434527f9edaa2e228646fdf75b44899e749cf4c9e5b345222385a4424382603ad6efc24c56e769028f4394f2f6220a9b390d395e412498e57a08bad927b8bd5d76e18e8feb457fcbd3248d218236b07783e57fbfa03c292a9f5719e6aef2eea3fab2caeed5442e89bffb236cb13db2cf9c35a38c338c377c475daf45f8ea822f9aaac13425fbd43d3dd9229367f0b3687d7e82ac5ec2fc7cdb69c99a4eb1b8e45465c6a53f16ac0c4e0c970b8c732af515c09eaf25596f64a04ae4621037b8841fd2b1bbcb310ea23e122b0b9ab96d8f7702952d0e96e4cf79c2a30df0091acda91479ee2979b0054997c48f6a0e909bc52a943459af25553969eb31ce7685369a7fb014561b4697b8bce220983136e5eb2303cca4eadd4c6cc74ea2fe69d448ae6ed953a80363dded5591b27a1ea956df081ce99aa59dfc789d9d8fae952b0737099d467d", + "sha3_256_hash_of_signature": "92cf447eaae15125acce505dc743cdb226fe410590f1b5b963ce73500bd966bc" + }, + { + "key_generation_seed": "24f0cd3b05d964f82d3702bf0a613139808d49283286294be57e13a983c3c961", + "sha3_256_hash_of_public_key": "a55315f94b1e4fefc70e4eb4b9c1241e85e20878f44e36026b2a087d54e8393d", + "sha3_256_hash_of_secret_key": "91e68dc98828bf4b85e07a959276080c14c41cf7b7ede1987486982195548cac", + "message": "89d960d04a3df6984276a3d17d59af9e72b25418c8797170fa701a672c5835ceaa22dc35470d038c6acc5082d2ae329f36697c91cbb1f9e42da59a654462bf19e04352192778cb050db6f4a656f6ab0bd9641ca8ce6c1ef8b020a3d9fd9dff772f38926458bda6e6072456e506ae464785399ad7b498afd4c211f09d0c722fbd9e20890cddc8c6eb9ee75390e6d76d0672fa64d8b97c65cca46dd1f542b6d6014f035d2817c4b9430ac8dc318cf8642ab34f4c8d71fc0e3b1fc961e94b6a84622876250fdc21987777360784d9a58f35e1c9b71f30561ed6854ee9b112e7b20ce064272213bd1a46d0d19e5efafaac7addf4d7b7a519d689398eaf1e67e64ace8e5e89756377e1fe458d04e3df7f6680f8b69815680276acdbee6c8e1aa909ec56994f3ef3b65fbefdbc29aeb0ea906274e838cac36a0607716fbc2b8da6150a4ef39e1cd9cca72915007723c5d2442f7133258234d18a257da2c13e53b47dc6abc2d607b98e351fcecee8ba8886821985bb3a7bd02429ecdc5a27eb04d01dadce88a324ae44f567593fbf730c284414056fa33ce90a6d6f146dbb1635bd26b4f883d4948da47216c70d2aa58ceb3979523c6a4f2f7ea455a97c7adb6c43685d63bd4c51d7ddcb81a06b9bac31a7b255b94052d686128d234bcb63ce713028451b18b981b83da1246281fc3bd2b06c741cf71979daefdfa0fd06fba3722ff7bcb2821fba964fbe9f6467fe583c06d3889a40360a7aa03358175ee75eb8fd1d3368c30b5691776c163764db924fba2362cc9572f642cdd2b11b40fa2683a529ec2100dededeaa70a1e639a71d6a96ad31f70a00fb63875d0fd5c21e56ae57b6e74eecd2ef34bb3e20be5a1f9f1f54955a18b4e4e4b9119973deb76a2a603fb6410a350667ece5c1c147dd00b07a88a7d0e86aa2d747a867ad90ba6660c7a0432e20849ef642a20cf5a20af7e34d139b39dd65c65b36750f17f0b9f1db06cc6e16f10eb289f567b647454a581604f381d66371238ab785585a4da2d00810ef6851a6009025fcadfb77ff7996ba6b091fe4130733466b29fed46554febc2ad291dd966bef4d79a9e04014d3003c95696e8bc39892ad32db6d6ad22d33e931bc87f78114bbbd97b334bcea676f9e9db23c0485ec06d8f37f070c143117b1bea49f06e1a2423d98c12883d32d29103f7699646e7091d393b21a260703e17380a1bd85452702c3af7df73ae7856a1c066013014de62c3c817dd74c44aa436a71490e7bdc6b8b74bf61711fdcc541ad7dc49cf4c3ec154879e048ff30df25065b5641367cbd3bba19606a9a27a64055d5d3b538fc88eda66ff9f26e619dcba696866de54a8dc8580b5b28144f952ffc6dc543e98cc9fd7f4538135c0f4deb4bf892266dcc48a4d1ddcf407be4fdf2a5afe4a0105a20ce2b3d9f48d608de2315240875f1fed696c49cd8d4a78ad26f51b3c804949c536ce35c3963dc1d238516b3f2d297f5c9939a946a0170e185c75087f37acf907f9e3f87a2b15cf81c7ecbf2165f0f3962d11e9c6a7845ecef432ce9e1fbe74c77ea1057d79cb595d47a8ddc1d911c6b97af76d91f3515081b95ced16275decdedced9ac790d73739e35973834503133510dbe39201f9b5c618231184b9dbafaa7ed6623e8bc492170812444db62d4f01925dc4f821c0896a746b4453e93ee51844b311b0a0a51601477bff651eb5ee331227a2e9e49f593eb2988e449e750e990a8a89906efab00e0955c81b6aeb160313007b481c40908130597626935389e47afcb0a20146f0c7b29b567e95d59ced7fa8023a2d69c89443a11e7150a03d09ee6b0f74358141d48e9bcaa3ee081c7d8f8c223f4d48efb3df8a4e287fc5b90b4fd251cb616687ed09ab1a06c42eb9d6a578d72e99d499882d216ddb3f35b0a33d9f2d3d4a700161a5c3b5a6729f197479e78009794aa1be3c25e0b9142613ad2ea508acaef5eee33dacf60cb7a16ab38d9f3cafd2150081b63a3a6ca0163a25fe81206a37a0874fd55fa3068b4c1b25e6325fa56646ee5f3431d33d0bc691c134ab306b0bd2d1087f4d898a529dae08b97683fe2eb8abc9095d67b79cff0e77404c1f7ff316c3cecbab77c710fbf961008047af22805d77eff79f815b21d142f517da2199f6627ad9fd85aa24e9b7f40c7796207a82901c7b5a3a42369a9bcebc24ece13a3ed064e4e748bee2890bb21b8e4845362be9aee46e25418f7ca38ed087e46e24f12012a1312bc623aaba6ed227cef116a3c2130b4b837ac77d86f8ca3553ba0cf5ad45e9b4e4e55059f1d4675291581d7cc9e5839212afcfa897e90cb601cb33a4d2241a5ed5925f6416be5a43d4767fa04f701076ad5ed5ece2d09b8daf11b00fedd2aa2e748cbcbe365031394ef823951ebc52b3e4c79d79234c16575910c29a35eb67c624f7504eeca3921f461d7f95eee39638c402481df7b59310c4554450789dfb28ed1e485c0018512eb05f14dc7a3db5c0606f9e28420d76b8f8534d2ae31aa01e90a20e248a7fb3b72ea859031c67f7b2b043d38f7183165a42ab28c6308608c530a9ca98f82c133bbc313fddd2109838e970dc9989ec14df781a518f6cb56dbedfc1e381250c64f95d0be5f37515437673425374d44811f4406ee2b5130334ba555839e61ae623d283c77247d2ef8b22ed138a526f7e41dfd41fc69a2839b77b51c6fd96d97d3ef8359e8725ba1afa80278fb3ba9c697f7e2bbcc5d3f0f2e61bfcf542d3160ede02cd6295fcc55865e7890342572499347df80ec073a91e00193baf804b884e9cf5c43269824d4caf7eef49fabd8bdc5496d190263c96dbcd287681c19b90c34635ffbdfeafe0601bbb7514fd84896a22895e9b21faeea372696e350f13959fc23533f3e8c34b17b595f3c935e37220aaf644f3a565114c34c7b85f1a3e465470166a62b13adb00a2bcd5a9a3ecd59fb772f09dd6a6e2ad12fd54ec62cface0022f2ffe3eb62db0f4d0f0f9d1fd6f3f11d76da868d2c1c4124915de19eacffcdb31f7ca018b6976260ca1bb2c4fcd6b9958f096313b608e208d875ea5a1fa89916d0367edc4f8890e93f1e660aff16ea79d1e583007e693bf06c172105b3dc24117dd921fb60d3ac0d2e5c89fef17087d885a0794e496e3cbea333cf72a507788efe", + "sha3_256_hash_of_signature": "4b4615670c519eb3db49b2c5089c902d45c57e805c24e05597f7f748ef594a61" + }, + { + "key_generation_seed": "5ef2732b63a1cbd2cc239ea6fed62f7feb3102715a5bafd8c83aac33702faccf", + "sha3_256_hash_of_public_key": "313026fbee6f634b03096ec5707b52fcb5fbea0639712d045ccfeae2785821fc", + "sha3_256_hash_of_secret_key": "21570ca2632b46212a557e45dfb3c9c1df3f7ce1c08eaa4724ca3940e455c087", + "message": "8337940ee74590eb25e52e78e8563a09cd2d45f650f48775e3e61f9e3509cc8eb7e983310d0185359f66bd80e0da1e45a6beb53acebb9030e310e81a576d0f80c64fce1d1fd77dca27b7c6e02b0cc26edbf496ad2e3ce8484e988e56bb28153587d7ecb02fd8882545e7bf79cc9966a7fede93f7e9451bc48fdbb481673d1c4135f95d68f40f4b4f847345a320fb4d736bf5f9fd347435462dd3a238e4c799e7cee081107e11682c7b558b19177522427f1d269fad81b565be538e8ff2d7193579aee51e50974bdc0b66331b59bf496c87e4f6e143754076db516c9c538410fb38a930cb5ba1e6610441126d01c8eb5f34e2e58424b8b218d9e68c5d8b4f5258eef07ee0aa5475a72ccf363d47d825fa524c16c7b7587c44864da9e4b267f738b87f7e5701147f550cd38774b17de48e6969a0dedf334fa67470419059c4d1607880cb12fa9c0ed23032c7e0f325169eace7daccdd4c2e5097fbba859970d7eac4522c1fea043c9278c1c89fcce95203033b4cea4f9f24b55ba6b79ef88f275310c6e48189efc1eeedab66b56b6bb028726bc463d93d742492841e85d5c837948978d0fadd1c172f8859c802c6be8394a05dada7546ee1cc5bb909d3189088f4fa6d07c573ed7263c081720e701d5d4b027ae54be175536f3bd5e91993cc040311a7d352aa26414cae30d10408ddb44e8c9513f4619e99edc894f963489876b24bb0b91bdc3ee5b78ac0d4046b2e864789c0c779e5af97f8f84f09a26ff74b8bcde66c007970830b70c2a1122dc9845905c3aa7810b40641e8bbb398a23bbef52bedabec7bb54823e64177a73786992dd67d5c007d770938402efbcb3a60281c5706920a9eee4c26c0b251c32b9e1936fdec2928110959e99255508250fd5ba84b4fb314187124072d30fbf2163d36f1480ecc08f7fb8093bfaa72f1914c63533ebb3a57420dc38dc93dd6ae4d197fab790c1efc1b7a2234522e0b408d0648c7ae782f2f08cb70b96cd76b5089af1ef4ba3a4c2faac363a4dc1c6c421f6ae1e9b67461eb02f36c25e763f1a2b73ceed4dceddce619cb313d124ce6f7ac986d6bc344e630f22cb654c1286fbc0ee01c968dadd1edad744c8bc828cf5f316336a5883166ed000ff98d6ce2ceae7d3e40bbc5714f71ba9e25e1506d644fb2de2fe190d327accca79d9b6d9db505cf1853e98f30e9ba5e568ed83e2567c936a64420c5d8f07ac4f65f38c28e88dd7b5209a600aeb81a6d2afa4faaefdafd9b7fd3ad7f49462cd577204184f9d44a45e2a909373ced24ec0ee56bf2e6675c506eda67b1e6dab75cbf1822e20e7a8a81a7729b42a6d67a1dd457fcd19b62f048ab97b3d694254e5c051fd2daf3d12ad627ec37c22117bdee9eaa290d11d56baff0de1037eba908fa03e2f869fa2b27936669306e8e70a0a4910a123f202797bf1c8fe47178bb1e8e8d7ab1c01f30f5e779b2bc99902df15185fed4c865997ab72254162d00858e0908ea95a9acd0fce72e571c7a381cc33e06a27fe6a5922775ee82c973cc3ca8a05717608f8703946c9a89854d627744da475defc1390dc44fcc3a23c47aa8af17240eb1a1a00a062d258d471f31333d0356243dc1cecfc559378b4395f01a970ea4074d5666b44d49ef291ed15930dada66765b165cb8331cfe549c38cd0672f534be60f4d9b4c125ffe747670513b5744676899b256b992e15106b99b794db3950582816612144649210751f3d0dfd5b25cd393e724f7fdef00756d0c8540e8891e592507599b06edfa6ebfe543084ac81858f5eb02d8f5eb8a72184851e8589a3ac6dfe1cdcf286723fc4c1202765fa4f783ee58c627ed494c7149bca6a4ddb420827cdca82dc42515beaf46ce9d9ed524bd00ebd3094f770b1e1dd09fc431e4c244d2305619dae208e65ef385ea92f5a79f12b99afdaea79c9d8d319944ac6cbbe3f1290ec6b87d97785e059e6871fdf239bc404021cb52064b88eb4cb3fb6a871b0f76c12d7b8c5e8fe0a65024ab5b25f4c67b6d15c22b0005b754cf7cbec898b49f4326f1ae4034e5f5a446a96ce08083d48525a3661e10c996dd22dc34fe570a4c8817d10d750fc5c2ed0c24c7cbcba5cd1b2680dbaa3315fbf2ba7457abeedc96b5d111110d4678ea5c7851d25f258926b0b028365799e940a6e17bb03cb332fbc6d713dea7108fc6268c8d33e7a578c94ff75be808c15ff7884f092c0e309f1af99b1a7314fa0f32c8d8e32b3e9d92c9c8ff6b8fbb99111529c4be3a2a4f62884373d0903180b4deabe613de5cf19415dfba7f9a46297ae2f21d7ea420b41f628fd8deba55207606539d11791623cb325f1e18c98aac27283bfab2408f4fd6cc58ec9e306643ba1c0c77d84b3930263e5a76a1ce94f3d7721f0098d54e6c990c3aff69b6a0d82c853ea2af2d3d2b3e96dad59ff873171b55d16ca9a7c68dad2e918174d264919ddcb4b9d01ce622d56c599bf60711c74315c918a7bb97b9513937afb6a652da68b6b0b34e316d7be9f5c282a5e8773c892782eff220667a6a54069c37b88eb1ce676aaecf2015e59fb7af4d30c4625dd8de4805f505e83c877cd61d2a0ba65b32b0dbdfbacfc88ca43e4ddf7a1a4517dce83b7b8acf8dcaad28284039747935865daf8dcfca29fb676ce2eba2c509cd75588fa5e58cefd0694626c9bb31c3afc372ed313c9bb3adc398e89dbdb108dda63f9380ebf9da17b378451634682f9823e209bf10e39f884ed270413152025cdbf4875c121b1e83e12c044453ffda6d8ca2c240ad522577c6898ab6f2abe1fe77f860939408cd193e605f87ff2248fa163ac2fc0f39bfc38503b23f5441e0e364caaab890073266b3b51217661f5df41c0ba925bb425ab3dd7b6a3675b7d60d0290131ead53a4eab0c66baa83f2fb77e74c3c123aba7731a3f62fab8eab2a96e8bbc911e501cd23a088e7887a469284e0b5c27b5cbc1de2b6938cf1af58a47fe78141306cb76e8f2b73620bc4549db6826d2d72873885f6c5311eb5b9462bb4631d314dfb9c836c6f4d9eec6818940c04689cc4d8d11ed9869355617861340e722b2be78197746e2759aaa8d68d1965888e89b6b0f5bf51f94e586b2cb8708f4cdb520bf31ddccfb7cb69e29a7ae8aab12c11f431de40fb9e82eb5f2b6ba1f9757f1487b63255fa69a755601c2fe17cd1892d5a6799c35d05098dc133bdd71318667d47c4671", + "sha3_256_hash_of_signature": "477cc75427a930b2de620d4e10f60000c9336c19bd02a9951871ca70fbea54ee" + }, + { + "key_generation_seed": "6a27b1666ab6fc4483d14cf84ede49fedfe05bb24e008ae8a01c52d83b8d40fe", + "sha3_256_hash_of_public_key": "630db0e613f6662690382ef141e1ae7f8bf45ecac26c63aadb23347d32ed2450", + "sha3_256_hash_of_secret_key": "0a070018b24a2177b03b5961ca1b98744de09302c3b756d7929970161f90fca5", + "message": "62215248e1f3afb19849f758d742f8afab595040c4dc520d603c9a80fa9cf2e97e4f4bd7350551fb667d606bdc31a45d88836cd376785c01f9007d47df95c1f4d1e30a927a13525409d91c9f5145c0b86d3b44e933ca81e4ed9559ac17940c61eb85b2d26d2c47924ab80acbaa3d9b1c8855c13ee45f5c8047c161aaa5321839a01783b21a5ee90cf91b8285c4779465b7a89de3d74d482080f68eb2d8b47429d5475356c50a92b3acbdea5786f4d6c2a304ab500490f84fd1d0f21acbea325d62d2657f3889b6f591a7f63d8633c061cb14b8266a7fe17642dedf1d08d9ffe369126cd780d9f99fc6262b5befcfef35d33498cb2cffe55f2f8d567ea8687dfc6e7d49a61fdbfe768c1d11bf5b3b18ca52225b096490c97cb9a0b3b2ca0762dcc36b60f7d26fcaa4e38b1f3a6279d889323010d9cb0a97fc488e09b06237e6eb0166465c2cbc2b9cd06f155759b6c93ca0cd3178845e0f3a2d20a68757aaf3c4e74545494462ccf28f6f51ec0fdff4f1e6d98fc5b63bff068fa7be1764bcf14497e71e424c9389c5dcf8c5ce1dcd40b82f1d75c3c3970da433a92a04de958766ac5eb3645f4d21882f7071383af8dffd6cdd91b549f143dcf59fed6674441eeb03d5013e90adccbd7e3da115535ac855dbaab7f51d70630dc00009e726a16deadb12047d85906cff315c73ee7d4e24c9067e3b772f3dcc44c25c7cb8622fdd7b8ecf5e9c877838d71d500f864a662619b1478f8ab4db2dd09a111acc99abe737ddbca06e88926c4e73b5f5d21eafc4b11938feeea5f8d5a4c616a342b54c9ce371817aa2409a55a3237be85a50f05b33d35aa86a62e85a01cf34ee7dc840a26fa1b8c6b307817c062d9a2e7163a3b036874d2abf6531a772d4031fdcd59ca79fbf442cb9155f90148dc3b723778e699c6985634185c3ffdb966adb80a3d1308150b12964142498466506bc0742783c27bd3472a5cb45021de066c28143ffbc82b5742be51e93bcfde1a61e661b730d8760e108b80c859e4b3a07d483a6a8967e5f01b03ec8b63a20c6a03755c75f419558878a5eb8bb0b2120f183e4becd4a104eb4db62cacf5f9964583815334a25bdb75724e549211699ac3bc9b2b5f58f1fb33429905df81c9422f8b84e95a7c36dec6ae9b48d4f502d8ab59b69e9d112693578d143a3f111ef00844303950f65ddeea6e30f1286de16546f90c4364a5c09755af3fecb13983c418b2fe4ac17bdda57e4d597e8bdccbfbe4082c446fc920e5145bbafc67fadd9799cd8c7714510da579516ed39b3e22de319977fc77a9ca61ae8252795d11724aaa866c1ffdbcbc1ff91af1b8713248864a4e8b9c59dd12863245f5048110dede7fe31ff9836715886c37e9642dbd6c668ba7ab8c2b706cdd58586eb7227b5768c3509c1f66493468859e275700ea38ba69064179f6036d7b50bd232b61c9b9659492894c0057dbfb80329a76cdc57b2a89bbb910483301ca0bf6aec7d5ddf86644ff52f48ff6c7cd00406cacbc09aa251708baf3276a52be2c7b42fb6a9036c318529ca98940769a67dcd532c0000afb5fc63ad2303e94e09d2cb40ccbe47faa1dd22ecf528179ad40fd4bfd43717864149243d61ca255344c52743200ed8385a7ca6cca24cf967d23d07dc2a3f9ad5f3240f4f022a6c6cd281b6c492e8d144a2f4641957ecc65b32c9f74bb468524ff58f0f3da2f5a56742896cc8f99088574264f857dc67cf04c4b63c6a08fc534229ca8ba616cd504f969ea6e3c98a517355f98a9e884062805b77623239074206e01ad2f3fc9fe9ff8254a5d3525c3b2f0a692803500c967a2e18511ef5b8845dc4b0dee9338c38c4b1b8b84ee63923250eb6f9e9c272617c7895bd538a6f34d3557812bbbfab2b8fa6eb5e95b9bce33ad3185cd90dd536a68639022c079b5ca7748864d37d45fa6780a45aa991f28bc0d3bf371ee2ff0c913cea6db38e4a278a4840ea1f255f8e83b6b6c5e260a49d727aa42095a88cb8120b51dafd764e690102f7fa07cea2eb86ac613e7be2f498f5767b622d04e8a6f272976fb058c3334cf8caad1d180e3456c210763c974e431cbc3e25ead8b9ff9243628d5b08d92cbf1d5df29a85b1a04d2999b3c669227b33610121d543cf4a978f8d9365c0ff8affa92b07fc8c8604a0f357f3c669445685b6a29898301a5afbe10ace8d64a47009c8741d7ce82e9900643900a3b92a26fe5f24886c06ae0918c3f2523c320699c799cbf72f0ddb08a0f1f63d6dc2f021c78a9d44503209190ee4be654663679cfd292292d71fc4ba6233a196ef9e95cb965852773404b2622b565bd91fca6747aaf7f4eaded7bd3bb53645381b687ae04b8d8a9bef1095eeb39a0beb4ea89badb4655a1afc7eecb7da0d670c192297cce0b31bbefebfe94c84603ba8c0b7cc73159ff59c01a037cf2c866dc40d88432cd6c2f1989351a4e41343cacf7bf2c2b395c863709d6ec1dbab2af514cc771df14df095dea8284be2b65097d8e6f72ef3936595384afc0026956e819f1657c901b92644e9d6d32d0d95549729b2cb3d5efac9c42a5f284abc3bf5cca5b08161b09d9a48ffb2996c3d4383d65b8d1f7fc3248cbe84b9c05464f4a76efa005fec342edd56959cd26cb0dae1b61b0493a4b68eb3d6335bbc280508f09d84e0c5f4ef520d92cd34d69e5bab76df5d2b72cb41a298d370ebeefcd6c1904b956458bda581efa6b3654be402ac3a971603f23f2b543c5beeda5f018543b72c146cf04680bcea31b4a238460329e2bc12f14c804fda3494c15452223d2477c9c8a497d04eaae7de09d7d7a879d3a5dba565ae1a38f15e69c18838c487c0fbad44a068c42efb7d3f5ef488f91c42f25ac564751f0efe0ece7d98bb1b3d0fc42c9756f4b8f9daf1fd0d414391155285c8daeaaf380bd07e43570f14e9a47a87bc733f1e676233f17bfb71aae464aed68487392d339ae064ae27bd57f8695f493ae56ca96c0615bda8da37133dd13c2b21da189a7329773fd8d51381bc118645440b28fa4f402ef84c4091d3a0bc4d206bdcf9007f5de9aa1e6cf7f6058ac6b69fbc703e908c4221f9065147766e48f54be4b076406e2f9ed19c1be982e636fd02dc26267c3ed989e6ad1cce62e7b988fa7c1831e5126111a4c3c29c38a1f96ccb3a04132175fa46f73c634ac6ec741b135645abf1dcea18571cf9a539f5cc935bc6d32beb1c7b8b3b5a141146ebc12dbbcc17bb4900cf0b95ebfaa52190afc6d8933cafc9", + "sha3_256_hash_of_signature": "cf48ad07739184c7f3650510c26d99fe71045af7755a729f027a234fd4ac7c40" + }, + { + "key_generation_seed": "2a855572e7e2add2888022bdb585b61577a75a31aa8acede59acb27eeb2936ae", + "sha3_256_hash_of_public_key": "e60fae04f4a15e6d021d5811f90c0c7dd00868860ddb8ad67c114021e8de625e", + "sha3_256_hash_of_secret_key": "0cf32c18c7e6f7a54fb65b5c661318c112781357affe4fcb0ee380d31cab1878", + "message": "954511394b9d10e1ba162861802a717e24ee42a346c9ed280c88e267a41ec09d6d73b6076e7e30257bf265b71a0b6e0cf408f02ba9078811be94d0f38559e9985463fc9671d182286cc4f18cabcaee1a3e5abdbc384fb27911168b54a387171c0524489fdf512e4d8d2f65050cfe7405d8df63a79c6e42a76f4538907eff4dc5870095241523f56fe8e389ebf1a1cc47ddb9f0188513d5259be257bda5be7381f22392cdc2406e0f2448a80f3824f2670f61920c667499de899f0f6b397381a2de66255e061ab92cd864de75c9db7cbab9fe76ac38e0ab3389530b4004055268b289b40d79b32e5ebcc74353510bd1627e2d5dd0be7d3dfd04138f6e3ee7526133dc70490612eaa5024be6fbefab24e1e83d8941a113d8b871f3dbc3011869174888cb7a265d7de9ab99b999c19af9b442ebdc904fedab52cf40b787aab35626417c5291f2eb892f43e698a8c65cbb6442a4832f33920fb2dbfc50b8e996fb227f2ff294c385a330957d2fada9f86839235ea79ecde6d9d94fbe7c79a38d40b9a8f241f53b921107ff1c72624c9600ec04dfa1160f1fa9e5d986a5a363e9ce8627276da73f5db47e4b90328884cfe93194cffa6fa680f77886e4a7a0fdaf13a7ddff6984b8855e1f58235babfd5106338fe2b075d4f10a9fb3d3c5f829b7c61b02b34e9bde6e62cbcc3ac9f467a6ca170eb43e632ebdbf6847f781e2469b4740fdb83da34ce34a286e3b363a72cbb13eb66ce1de35d8fd77dbedbf45c44dcd16e6b58a1699694d9006947c8c20810e85e3ebf8fb2c68b967743642d86556ab6958e545ab83ec24b96f2b4bb99cc8890c3c1e0fecce26ce09b6d99000694f870af9f642374ff0bbf61efc7cd5aaf5667fc3fe5745dfaf7f13fed70fe070ea4c09cb1a92d8b7f0dfd4b4a4b7dcf4ca6a97043bcef6346f1570f37b0eb48db8d15c8a82ed69b0c7833d6c830414c111c987471e84d2ceb5bd973dca34acd3a65d7b1a502368941935435b78b8f2b74c2bef127d96651247bdbe68eb7e466b9ea2a64a13c375103d7c8f7d30a13cbe184bd1ebb19f3274e645f5c7b82efdf09233d8ad146dc0715266963fd3cce6f8cdec20743bf1b7f57c101ac24c64d568923203e1a6af03a700f5a401ec4572bba528e284c151f1d108f7563858011fab32b3776cf2b910d7b21180dbe75742032791018258f4d1407c9a213755c5c91205352df919b6f14be056243df6ac2909e52c9a79f6917440667719185f1c5f1aaf40d873ba22956fa0bbad9c35360853333a10a0841d9d2e758a0b1bc187f6bbd31c41b74f9eeef1f7a28bdb7ac3d52fdc6fcb3ef0383a06a61188548963e552716d2bfbd6c2dcde496d06615e86a5cdb76a03bca2822aba85ec6807ebb6918ad2948d193ccf74f4bdaf7090cd4294c1785dcedb6b55886a848284a6a4a88a496800053e84a9f2dbf6b334aace11a5a540626716302e259a64c6316ed543806b3bbfe37563897e83bbefa570312df908c1786df0fcf55069edc336501a5ae9d4bf212d56a9cee811038656912238ae284575ef8de1285b763ae54adf44f91b6dd9e309b7a7a0ab71ec2e4611831b3ce1c9dc85cf907b52df7406b06367e7a43dece72dccc57d268820ea021c27056e3c6b50e7ba7a59b53539a6b7b06b35051e3151c23f3bd3c889b25d0ece1fd0df1aedf657fbb096ca1c861acb0158501ea1aefbf6dad11bdc325ac1ced3739a40b7a83458ef4f3453c0f6eabc1a48037809a90480df9dc4ff07daddc58df2733d49a4fa53c2a41e55a4a0167c6d33ba6e752aed3a125dfd6a0322cd235254505d7b3ced7a0dee7eb662acfd30f8b79d1a872998cbcf15cd86e26809e0d2da0324ddc90fd12caf9d8e4eda437fe4e658d47d67c95927c4b5dee965b940ce93e6743917296e10820a7101f8f633c93069e8b569f4625afd4ec61bfe4549fdd06c2290a91ac0fb40cb1f55dc8bc1fe695c73af603840ac0351f5256e00555c984e79a09e58c566d1a117b7e569beb5850fb491fd9b982442b55bdf53832aa65180dcddc2f768b1a1361994de8c25f3608ec853d5982e0afd1f9fa70170fc3589ddaf958dd840b4b502f8e2697d01ad7ac2233f6a16d540ef8d232887d2b4fa727ae2f038a69af3dae69eda8ef6bf1e0b67d811160b75231543ec5a4d0778b7b42fc1dd6732385aa4400450b3caeefdffcf147635cfa4aaa53de4ee3035bc40ce8670016384bb877a86a15b59f3df0c5d624d3d2b23ec46913618c745330a96c715c6f0bd096487e89b917384cc30b3d20a332f1b4056462227e98af9874ff1d18df2a6bf84ae822ee737f9e34ee8c69f23eeb9bf38ed056f499545f405759355c104284a6d08a9efad8fe28288b2084336a6479a6d42404f3e6ff3ad1dfc63c8aae971af11f2699f32f57ad29188492ce07bc1a271035b4d13a686efde5572353283a0f3138f6dc05cc35e5e5057c5c8b9e12b0164c0915adedf40a6e23848fa59adc0e65bdd2120486942f232315fc94b4676751a35aaed2828889864c4cb7dd95a662a475733c2ca8f6997a9c822c6c8b9dc95a8b4c367e613e97d3ec6d6ddc2f81022ec21b3a93244e3bc8c2737a7724a3cbd480b26819eeb2676fd383601d79fa266ed3f9bac2a98ff0109ad7e43e33e108d88c09ba82afcccfe98f50f789109d99dcd0a2c61947544f3666edc621b5d5ecb7088b2430a611bea52be7f5edfc6e2649f5e81f6df72fa9a748bff06af766a60d2b751b23a8aa95cbf733359f7c0cd19b1482a6e6572d1570349c688d78cf8b8c7dd37576dc47a193a2c2797d0af7504dee303823a8b77204ae7b6e91d431979798a7edf435056251d0e3f26b2ca16bfe3422cea0398d30f0a0dc06dc8a93d27d13650e5bfb6ba04c93faf0d7d06f99fe4f1f52a059fbe808179515fda48eca714f0947fe9a98f02d66fb0d80952411cdfceaef6aba16d92b8f1b82db151d7dcd7fb7781ec55f4a86c86011fbb9c5570ee76897e7803036e2fe3cdc2d5ea7a613897f3c69a6ea734e3811bfd15e90d7256a0c0c88ceb54ec6aac151b435cd2a870e4a02087c2b847c75b00b44bb3ca6d4404c3052bd308b8d5f595277592d26f6d5a2193cd4d650bf931fefb9deee61032b29ec0412f38e1cbe025b2891c59574c1450d9e3d8ef27940ef712143f06f38ddb86341a7fc781e0fa8971dad13aa7e93f1858c70a71a40164211ea9f6a41ae90d19032c2ea52c23375ce3c4e59599ecd6855213aea83f8dfc5cc70f58a62e4dca17c09705c0c099b29056592986c03cf5d67074735f2bea", + "sha3_256_hash_of_signature": "ae065571ca490bcae62ffa94037dedb50b839eea455e1010c02d0ac71385855f" + }, + { + "key_generation_seed": "7967e9de70a7f95e69371f812c2fbf932cec07ab4c235ae9e8a6799f3f537d36", + "sha3_256_hash_of_public_key": "a445f4ba862c02317841a8b9e82a5f1b59229b84ba107f747ecde5852ed47649", + "sha3_256_hash_of_secret_key": "7fd0856f5feb6bccffc62c31272e4b37fb424787bb63be2542fb81603813e86d", + "message": "326a4fe723be9363acfc000705a10b6cd8a7b25e99a34b4a354cbd6f50550bed30f6c4208490b4194ab79b24b093fbe132c299df924f2ffcc2cdc6c2c9019eedf4b72d7f0817825bd787135927102e1da041e9a78b501b42dce777a79ace604e57df11775d7b87e75e5b00adac90d1add78cc5ad348c7472eec6e6e06f737e77115a9509a6ae6570f738dc2f21314a7ccb9d44add6e1434cdfe3614bc73a6b468f6691b60f4f2db103289a90c4fb2bf5aaf87826d2beb0880fa64e07e9bd30d4eda00d6bda01d1eb22bcf14ee797a859c9a0d9034e8c5316201af91388c47e1ddf061c9f45e067a5f60b355c98f8734559b8f1b82f47bd9cee0224a1d67d40706333523c34f3582b6c8cb47bf7d0e4fbc7d7cf3dbf21077e664fd59998338f4dd4a423c3a145ee1e994aacc1a48f81a7e9fe106008db93a6626b8c8505043ab864d93ae3972675e69c3825304086aa3419216ccae7f7d5117739e99d8f4a0b658148de33fdaaeb9967ef56677d2028c3b584c5cc1c096f4da16799408b2ee2fc3482ad2f49293cf4097a78492470099bdb90bcb4fe3b245ac8b3c53e05d7609e34770adcc147033a8fade81359ff63c3fb90c5a498c98b7a0e5ee9cf4d287759acda4bfa3965ca85e1d1c1019e7fe6d82e5e66a717f94890277e6db1eaa6f3291fe1bcd7d437094749ff5574b8728e0dc21a143a14e382937efb7ec1b0fb3f6f9c0f547f470e3b436dfc7986f923beaa89583d8978c433e0cb0c4e98516af1ac797c778662455a57fef45ba2c7865c1df5c502edb01c8cc729468091bb96be9da9c298528187867eee9a06141daa15f60cf719de2bd15010550b92a41f12d8f38b54692589aff51a9d5e6047a0d9b707369992251df31341a45b01b05ffed8adee5810824f903ea59f14fd500aedae797f8baeb470c0b14c4eda5c687e4848a85b30a8e8f59c45d4c9f0c65fccb15f4d4209a55722c29b6cb09aecb4e53fa3aa602c56ee3ba6900cc12889e7b87d5ef283af1586764519a30cf60833c82f0ed15e39a8bcad5c6aee9999e63d399c5cea10ae1f53b04858ef7896aa29fa541451fdb685734c39470250545193caf26c9891f7f965904ae10e8566bff9b2f465bbe13d6ea4a79586e68844b9fa68b2f992565c8b0ef5ffdeb5878cc12a0571ca3aea50add29dd06e13741a1ab215bf487be7735d1634332f47e037253054a21e0ad8d8f011334cb5951f833d4d344d632bcab7c373cb7dafe8f3d79e7e13bdb1c6cffa474a9fbb46f5736d55f3466534596ebd22b29107a8fa50c1d0e62f0533e343fee038fc0c3040a6df2d318bbc8420019b1b148d6d1dd2fe428c2fd617ca73f224ef9af9bf6f83cf1006616235471b69dd4eaf9f32529ef3e1dfe6765e61e246b519c702351c9cd66c57065ec78993d793b082e3685eb06f2530b07862277d339a52813c99ebe16c06c4c8f547d9705850e770982e8fa0275a52f430ff2422a115ece46a9202caa0195789532b1444f1507aab2e4303464e499989f21c7d881328f18dbc77d4b9b467cae244a93053c0321dfbf815da28b6ebf483eafbe634e9947bb5383fee3a31bc03a63fcdda5e3e46d5d3184718c348a83975728714351df43baf91787caca346dbb819602f18a4c4fe90c4ce307984bcded89cd2e4aeb66318c10d95afa5be53393feb981c21bb1411bb9c58818bcc141223d66ed5f35f90c05fd4848617220dd72f5e892292ce20aa9a0f9ad54022cbe94d2c86daf3fc66949ac35d8e122b02e2d155e73f4ce24d7e85a5c301dcc173ca8ec090af9dc7f443c983280dda27ed4b9bc71f86e84f7aee39e6a7e9bf5e43920aac858f0f49a06216d9d3984cd2e3575c0fa6ce8a5e28b0f481ccbaab450fabce8a1084ef458dbe257cf09d8116136c2cf1edfa6cce31aed0f1f8278c1c8d9c79846886d48e3fd311c015bf2373f7caa71aa26b011d0df5a843ab53d7e7f0466ccf49c5d4de872ca87b8895101ee0147a3dbd391beed75fc16f65814d56cb29273a5f4e5400fcabf85040505c31d001df0023726e9c1f7c29a37039fdda73b9b99acec3a029f7c0dd61ade7d5e835e1cd605aa8e583bf8dc99285e86cf91f4b4827a0e8956efde2b495a86f85e78b954341cf3afebe8db71c26b9b1ba27b47284aa84e55b1c2afee733ac596a10186d9ab504f33e34a06ca931d7633462b04b9b2b0d4751b0343503bcb2a1893d944fbdb4be63de167348a1588e6551fd9cf2101b0b4cb61422655fbeb50d64cb9e87a23007a39821ec3aba391485347624efc3dfda4a133c537d7cd8c3a549bb6bef9a52d2edf0a8892c6fc3eec3efc3c18741c85bf24cd3b36ca04ee77f654ed5595a0e4b9316ccfe4d2aa6b4a66b06f309337e363c9e39829c8838729f19811093dfbe962246473b7a19faedfdb0193f63eb85ef308cd3be5831f35ced36d9448d0ea8306044f78946079210cf89ff78104bcb2964ce2af9954d53885d7914e4ffa4ac7e9b3d103922fd1ad68c0a4592f885c5fee51d52214e17035e8681086203b79b5eb176679eb3263b44ea7287262dd84bb98f6639b9657ac04e397d69c634a0c1181eca485e467d62631ad2d9afd5ac5b86ed4005fdbb7404b65bbb826f1a2334a481b9cd46e0ce9c414a162e84368089f24149d7d05ea6adf40b25a708357aaa5a28801ff100f69252810188cfc6087507bb5bde1cd43bf72b1b3207ce4f7e65a18e5276613d4beddaf21af7b964ff69965c47cb03846f7ceddd2c5133080fc632a4f0b3495b2d2751727cf7681f28675552df2a0994e425a922bbfcf84189b8c9f43058d691db3166c596f6bc480efde06bdae7b9c2985a1f2f6441520620e193d7b94ab46dba2a1ade44e2b006734e6770f34b0e2122dd7f4eaf045164dea8c2fece7758630384c00a6b528a6ecf07045b2dc0281c936a540904733149bc65b0f57acd9a5e41c2adf83fd6a760b169beebf04644db1314270adf86d01cc2cd580c609e78bbcd9d2694a89f9cb6dd36b9aa2aa5581ff561b5417be2b52f3ef2581e461cb0690782f33862c52590643bece0a6141dc805d8f56c4f64c1bbc49a3ecf1e8827926796e5f9335df47da6d3e4c14795b547116fd1f3351fc55c28b543183fead8df7da4dfbcc38e224901ff7bd83b16631064cac4a37fa632f53f004374aa19861fdca515af91e66186ef804366d5a1b3b4faaa60a0c4b36b972a9579548b4cdace7eb85f1f68a4e4255fd994c1786975e7f6f0ba87d0295de72876bce37146a09edebc0164b9c4911ce41ef4d48130a27651bd0dc315fd622cb6d03759d35756806332658b5b33e768860c1946569aa45130486ad49b", + "sha3_256_hash_of_signature": "a631eeeee6bdf0389591a6c85dbfd8534dfc36b81d78741fc720882a02c5a7de" + }, + { + "key_generation_seed": "5aba340a8e541568fbef49e77f94cfb4b3a5e9cf14c6755ce6412cf86cf62898", + "sha3_256_hash_of_public_key": "b9ac7f6dca21b9c613ba974914757f74d4457a0188cc89bbf2df7209989aa729", + "sha3_256_hash_of_secret_key": "76e47848095f57db21db38a135b2285ed23f9b9b772e296294c0ccd23c0250d2", + "message": "efc63dd588a7230ce08efcfeea534f5a0eb005480ad1d169c386e476715238526e936fea7136e2d8aed60de31cc91dae4e764ce5f93624fa7f72b87562fb6ad8996b5e41fd478af0af8338a7fd9aa250efd2f2d20364e8a88a8642e8e38f38583abf8d3be97f14c3ede66ebf8ebc84385cae646cded8c5ce8f06910ba7fec05d828446d558d6fed766fba347da2e84da247c34266aa31c328804f4e3aaf6acbb0ad50feeccec00d20b3610785b9f1ba06a0badfb42a8f43de3f7bac36057ee0b4d2a15db040a8903f767f7352995c8fc3e06ed1b1322587eee5b31806192e04b09a7b433d08cb2a340942cb75c51e0f8409f907f69c5f8dc316a227942edf7a458974fda76c255ff4f1a85a352cd2cd2a21507e0f37451060d31d0847528b3ed5da3e7168cbd0302f1b03842e63b3dec6fb37357e37fc3cc26721f290726a47ab3d4dd8fd1778fe5133726c240e7b3e398f3d809c6c469680b9efd25dbe890d6936b76a52f97aef3f93872b76506a95685eecdcbce203400d182252471b99b7f4c6ced4cac8faca7682d0df07bc5904aae042479855098cbc41534f0ef17f38f1bc8c272cf72c1ac4a5564dd132130ee676e7d7ec3cabb4e85ac81945c87de08ec60ced3fa0ab3e83c18ae493a851434bfa2c4968b42acccf3609539c62a4e01f8bc159362e15ee91d8aa399d8bd8d67ba1e8fd646eebb4583812293406b05ba5be2b1df9620e6fe3daf8cebd9652bb04494b899f407c7d9ed1c4e77ffade24abe56ad597bd438928e05b0363d6d2685d34d6b51d71012844415c46f13181b146a3af25ae4e8853cc7c7ef6387306c45180a6ef9e97abe1e7d5e10115752c3071b6a213367e8b1a3d1c3703cc1840735315623901d772c61d55ef8c47db10f0eb7582d7a043018dc1363e93f315dd984b8002ea7bf5bed38d3f273276ca577cf99a635cb6ed9d6525520793405be27c86e6effeabb1e5f84a0076bd151cafc59853424de4b3460c673b0820d76e15ee47b6505d2d5c179db92a44042f3631c646d350ea9721b8984660a76018dca5c6bb1223cd03cc844dc9371d32549d9d645f75d2683fdad1df6434bbe43200e506ed2a815fab511172c70f99a85fa3970433e8955b2f9389f23c10141b5779a23b8671eae8b91991b78f635fbe8e627d3e79d91fd1e6e90699640ba3ae8d7e4cf5145f1259cc76ae50b1fa150d8338a9450a5b6b90eec9c94318bc78c9c7715a3eb215aee6443540d211a0556813529023e5a581623cd6d19bef0705a5f69aad4833a57c308144e92899ac5683147cdbd279d5c3a55bbc5e8f8e26a158a3e42f8c5b858909b024b4ba4069e26de66460ff4a7dc92bd54ac244007b6ac6ce07a31a2af3323cb55f07b8f480d279308fe10f2ddb001da6c4aa132b988ad03fb63e0eb06544571f5505cf377a81153d6fbd4fa2b7562074cfaf587ccf28dac84afa58809c0b296e0d2594d3582c28596f5af7500e143be7b49c63d04f49bbfbdf60b024daba5533f945ba90659758e06984921efeef79604059eb808c9fe1bf9bc5351a406fbba7f5d8fc9f891488e537db14b216a0535c9ff7bf8d5c68a2453a8a48e58fa7bf6eb76448d6d0bd05bd4628c4b852a236a11bec0f67118f1267ca42647f6f2303509094c9a7f3a07b2724abd2d9b56b71fa7ac6cdde456ec209be76c419855a5151ec9ebf0e0cf1b86f4e8e81b8173960f8d1c8affed1ac7b818af8e3bc092e2b209d693e80b11ec7da39ca93223e1b47c6127e8ad40a78bdb0ecbfa1f39c84cb9ecdf960abb39884627bc4105c53ee7bca4802b92af60241420cbb36c407f46cc2e953d7e3503cc82287a8d68d0e673e212173d80a12257add5256652188c00590dadcfb7dbb6b35507b853ea5fad4f52e02230cb3d3bbdfc43eb74780583e8dbb851e0257117f4a39a6676586216220c1ca21de16cdfe6e1cc99ea7c989916ad2fed4a8373cfcff02207529bffcb7b7601317450bf430bac9ce111b0fba8d7de6627f863078d8e6286b2d34856426ea90ffd58705444d0dc12d4feead0ffe543811e1ef306f40939922563832d06e6dea7109087ac051a361ea9e755856fd4e51388bc7c40c63e0953c8413ab0cbff70c466e15de5b089d095e8ee8a64e929d26ca3b71ef0b2360aecdfa89284cce08c666f4e0146362f0bb84b87a49fcf2324ebb96dd941f00e2586f7246436eb66b1e04af84482d8ecd2bc8ef9955cbec62afdd754a7f235c7f3c41cd0b36a9024d426b7388d3c33a5a6e858846c0fb0d88ba5798c923f9b43d14a6661c65092d5c5ec0f97d84784fa336ae6ef57c7a5d04804b96d19849ff9074724a5faca538e32c6efaa5209317543159272ce50454fe1e7d068c8f5ff3797a66d5f87758627ab5d40ebe1fb7ce9d69287ae7a5f349a5daabd8a8e7778baa26da0eb237034a3366448280237a165cbb303be6b33c0f11c1e56c50a84384a0f6878f2a99b14cd3b6820abd27d2011e0c37f8439bede65747038a5ff7f00daeda094331523cdb7e10f1063b64a584d3e9f0655268f89dbef3ea3fa4c6e54feebf8f0046c6c811f0767cf6fcc9b3497db05582774047a8dcff6a0c1b5188076e64a9d5693195075f2a05e507a5a523eee4537079f9e5e79210e4af056d6624d45a0eba553ca9bc92171451970102cab57dcd89acebbd7025008325c61145264f42e4d14a76e5c2f1c129d4c054da00501081617d1a27012a6e160750dba73becb5dc05105bfde1f1d0cdc837355844b291b09015fd610628513c1c86ead373730b99fcd4a552fba07163ce9cf6a3d3ac0525593f0648256e8b33fbcf92af58ce26d0f036e11230879dbb789507bceefd2960ea320236a224ea74dd2aaac541664fa3ea9430d4fb09c878169a8af1e7fd4be5e7926cb0b6a352b25f452454474107286edaa145c0a0573361522eacb618dd9c8b32bd1a8a5923f4c698cca0139dc640c1d5d557ce889bb69ce32d85853dfbb0f34da2cf18cc79472906b67f6bacbf287f31de0b9e7a01a356ec9b64653cb922501ea1eda940089ba0f293b667f482e92438805cd6851776cea0920cdefc4062c9b4e51f5aa1d7ff909cc2608b6f28ccf28d574bf67ce80d4ddcce28f2ade0162cb66894b5b2da0eb975cd95ee7fe72fda2736616c8b571fac94bf8c64acd1642d9431118f08a62328d99b2b9d90bbc915db764c4935951a59c369c72060cd9f4273bdca0c295294008c0ac3a149e8ca5e8bf21042f5f21c067147f3bb52b13975026a9df7246afb1d053670982ab316509f2850342913e1322758ed89da02dd79126726b1c5566c1831ccb1d62b3e271875e62cde0df0715d404f95f580b63923f362d416f83fe5ad98eed584717fbc2cb7d1b00101200f4eb4ca5", + "sha3_256_hash_of_signature": "b180be84294ded2a1f1a3aa5f967e0b7493554058feded86121ae40d6687ca04" + }, + { + "key_generation_seed": "df4853f482cc1d0b3a2d71e9eaca064e57c5d100df79bd004ba81b43eacec401", + "sha3_256_hash_of_public_key": "af077447b8e7e909094b0b81220d36b1c4c8f89cbaec97fb5728e515e4be53d6", + "sha3_256_hash_of_secret_key": "b2aefe6b1a26f82b0fdaf9b0a2cd1f530f268537ae0fd31fc765083f609bb116", + "message": "acb414eb55ae5e49107bd0ac5975544f83104f7264495ae0bf0a6d9594c422c16b99469eccdfe8b8000875b469309891ea42586a615d146de64fe59277a61631b2c7f7379cd52fab3871bade120ee9558d1479a91925634578cf14d35df3b5672f8b5f9f956fa9f7489d6e37e207fe556017736f6b147a8cf664d0e0521d94737e18188a1b7c30296ccc9067e7b55d6e0f2fbd875f42fefecac49510e324968b07372deb10a31c585457e0c48879ce44bc78898ecefac7bcee90d0f8925df2b52d5ac81692e0160f8fd5808645498428260f592e29bb90fcb07d0424ec79fb081840cb827caa4a9d562183d10ee41d281e26ce3ec0069c83e1e446ef82e2e30debe3f409e0a9e6d1550e224db15dbdda44341e4ed6f8b8984716ca87233197528547d090058607ca141424a13145f1e896555288c5e2877ab3b51c7f9248d2d56a8521975bc4eae3d009988cbd73c66931bada0725fb8a3448d43e0c7364e9494fc4e295a700e79972e1ffd626d1cbe0199917851638b192ef9f5c03223f2bbd67eb59a5e8baec3db40616938274201dea1ae640f6ee7e047cc4c13f80dc65e3fcb5c62386015f4ef1bfec561e121f9bfa9b2075bc1c4730503fdd5debce8a535eca01b9d5b021c290854b5f3d49effb263dda34c4e96aeae9e71a686c009b205994b46cfdf1f76727ca67d415b9d21d54312cdc6a8ed0aeab96b580d0b419e2058e5d843c17c96d156549962f81c266233ed2b795fac40b1992b626457f211f08106ad86f5702b9deb9323a0970ad86125eca836e0a3d6ccbc380d474049bd96ea246b8bd9542793a66e15b319aece6bee17adbba7db337d25f8f642774030a2ff969cb5671f59901cb109e661e55fd5e75eb2a96dc37fec76a82eb89d020b4916271cfb0cb3342494fdb62ea0d253fb8ff2e91357b33d96d41530b8b5e9550fe9b3f9f34fd5a2a1a6a8beb93ccc322622f3b5e8487de19af57cbd1481ace02779ad928b17a9b05cbeb722c783b088b5912c2d67ce5073f1801c23170deb1eb6ddffc4c33dd25f94f4fbe59d704e478fb49dd2142801c37ed8f539ec1782ebd2f3253bbe19c5a048b9ef41824a811119f3a6ad2a0d4b77338e001358c61a9794572b0c46eb1e0e575d4da141a415829ba8712b791b625b1b0ea840ee745d9ffe1e99efd782ba25859351f443654995102cbefad7e59d03c9a502ed7b77144d0566e4bfac086a7dea356cb9e5ac02dbf7e81d6ceed4a33da8d801d61bab5c01f259ee3a99ff7f6d7bf8f2160c4bc3f890736074b000c4c58fa4615880f93fad43d5657c76045d7c414e6b85f63aac91f04a616184e04ff9aad513ba767215fb0331a369d36c0ae9b1ec1268f1d0b43c42b786db23dd66465b3af17ffc68c67964c2fc9e41eabc45db68cd2c3d95b8bec787d994bb8e9cf1dd7d4c563fca5d80b3f1fe8e3c7bfb7d171f5b9023bfbcc0cf4371b63c856edbda154b4313c47983f4027f9e61e86da1e8cd787e3e6b50e1dfc9201b9ab92059f8b6d1bf7856cd55c5b1d6c4e6ebf818d481c56f66c79444f5a6544a64a7d78ead33eb805a6ac4310cd46a2331e707b9b0950ca12092402d68c1cc5c3f269dfdb13ab34b97eab50b0745be72bb0fd2d73bea5dd37802393b635e42a0def8544a96e7f40a8d9d06b64e38dc406bd59ac5c4e218591d20b8dba2125978096517ec5c03f9bc6f96cb255e216ef82d7c7c873029f9e1d98ebc0d8e1312b84b8d02e8d680aa56a506c8668b5b9c56d04cf68e37c7cb1b9377c867240cd42fc7fbde0ac44e3dccfd3f877c9923ae9cece0cbdab00ca530f434a33f1c939fb88adef4d12acbd8b2b5a139a3fb776d8223a9846465c0372b8c3233fb5280e936bbe9fd49058961463a4419d939f4f1fea705eb63114f0a3533638dc4d3efd620147770ad877e2354299cec6e5c18924e78dd661697adf89a77c7365522d3e8fc0855187139f7e43e9a0629ee321b2cbd9f007b05c22eff56fe48045686b36c5bac2267f37a2e3d4e03e19b1e422acea31c2e9f3e7541976d4e2fa03119df9c4cc2d5418f0fc7a467cd98e290695b9530b91d5df8c626c7236a5c0fba73578b9a47491ca0ad26a144b0f23ec23d2c5b2daa03bf40130f14b9a427cdff1f232c9cf02426228c570cf1fa7c00a773bc0d70858588542bbf8f581540870897bfac8387cbba3416a846cf9f4f5d3f9dcedd080cc0de9f71b93828b835430898e82896cd3f30fe2af8349db294fb2a8ffc0848692a0b9e8a66ebbfc0f896f8d03e3c6a0c27e0f2177b85a2f6fe31e8aaf14ea5c1fdc54e80cde47ae27a161264680107023cffa961e913c4e6af96c0be37ad859c334cdb8bbeecb5443662739d027ef1b9535a5a46e2169933e419454025623fd6779f54c622ef81ab9289b50758ea34f868ec85aee589b08962b85cf537bc733f62aafa95fd81a60d5c2e38d6ea0df7d1390bc5050e2463e3e2e3a769de2a94abdedfa0ed67cc0ffafc5a05a3b0fd37bbe6967bed8debf02a42cdc80bdc62158e184fdb6672f7947505e2c0a6c7762b1145c4baf30e3d32434d22707044dc99d2cf2d38f15c43abc8632382bbbc9e0f106565906f7d4948d30fb19edcc3748100397f71e1548e58a5a01876d0a12dcc80000224221c4abd98a5022506d24bf4d9b9108991ad3421d4ab9cc393dcb8d744f97822f95cbb2640e73e401f044fe20253acb8b32a75feda640e190454bab695a23b14ae3ef60b00491ab22f622daa89b6b2e6d18e735672fe0eb2de269e4e386c926e23b865e1ba22dda688293de144102f7030fde6df653e4106c08c2467ad7c54d1df0dc5981004876c6baa8720f70942700a154a376c8d45dae1be74910148ee3f2733e591e1965fe763b58c8b28af25e9b3c633abd83f1c0a4f68da2e0b85083bf97d4e919340c0437a604416c4f629b33039bbf2a1f561548321780411d2e8ac0edae76fc3a19f3c84c3be902a1e84fdf69b11a12dc8b78ef257b5fbb5d923ffd548451a52c6a3af31c70266ae8a957b2bd72a51a034a2921b8e19321108ac303b0d2e269d032c3db13f21d558c82ba4158962f2210e1c5fdd96c98d6639aa844f34e40c1b9c909cc6af1e97a8dc83b78c72b30b7ae400f44ca60af37770b3d9147f7d6f5a327f34df7cb8891e71d41d723cb18e0dd324e5cd22ae0d9f2b1d2bfced0288b7aa73af4fe0a8181ba1aa7eae966d0a240e10fe5735d98326a106d16dc49f3fdb19d3a8449c56a74153655600e4c9e38d302c6d4080017d93c628388df94860329baa289efa4587f079c6f03fa03c54540a0ab4b067ee46a5a346f2fbbff6570ed0166a55c258eabd62ad90f060fade84e8fac799f7928285f58557a72e055b535d00bd9a4880d10c05c07cfe7a6feadfcded880521803e339f6eae3ff28a0a471a003358f952320f41a0aef9d28", + "sha3_256_hash_of_signature": "81e8035d10774043f6a08b0c4b12e187ce48b23e08c2d0958f780906b15207b5" + }, + { + "key_generation_seed": "95da16b844baf559c2cd6e68b237614bb9927d90811106347b5849fee2f48640", + "sha3_256_hash_of_public_key": "4071bf1655775ef6c327c815996d54edcc20f7d0340cf5e337830ea6b7965b9a", + "sha3_256_hash_of_secret_key": "50cd68d516723ac024d2c7edb0f92c13f06c9ba4002e5cbe72ae736c46a23221", + "message": "5f7522ce6bd0ce6321c27b9eaa6f572616201f283c5ec171d0ba47662c2320897805e1551ed438f3fcbdaf9de6f3a19dc16fe9c167a65b6e52bcf512c919561b548496a4a80af7ce25458a62eae92ebf677872482d8647c30c12bb1f080c6b9a56560d64fab73db17487bbb007c66661ea9dda14601ab27a100ef4cf4b7447e51418651c03211f8fb884be91f3980fe13e00ea4ecfe6d54882059a436c90bcad80e4101cc6c0754417545f2d167629f80a3c5ffe45c00ab2baf0494d6c065872b03a987a5ee818b3ef11e47fe1747f49e2db6a14410f0b1f9610a2d6114395ef6ebb231fdf71d595cc1171db9c89d6cf202e42d4fb968ab8105fddb2aacb15fab8014b534cf468d77ecde2072623b7002620b7ac3e78b62ad673feef9f8e97e91acdab171fd415b2d15605dde00d074a770e36f2218f7130f13e91fa4c88deea7e854bcaa01b8458d40625a33e982f0955b83080a926ec240e31f0d9bf477ee3a016e146a3909683410d4d09ecdf32eaef580402f0d416dfc082cf1362e8b79158bd57739aee56dc41a549e534c7ccf3620c7d7d95b92994a747d5efb8ec43cfa8189baa9b75fd54694e512fca388b71a5b9ea591ae9cfa34183de59d284ab16b2effa4b26a24a0e615b38b83088a9827eeb5c29b419bc061b033e0e3fc809afdd3de948412677e0bb5136854532639f3ccb176d54ea1961b5c527ef66f4b3286a583e86208aeeb8ed07d9e6bf1beb33995f76ca480039a6130775895f19e3cd4873abe3bf2fa9de81bf0cb04575dd6ae282720b152cf0ec6a4a04016db0f3543d8272ae56b1152b02eaf22131420cb194021f97060d5ce52eb21b57cc93964dd21344786e3888617152d2abd829799ce47d20158aa93f7da85ca6146c5bb94b512da053c35bfa8840ca43f6509a1477603fd50f5e4f9a7cf8d2369156989ad638d35d345bdc859c52688211bf7ef3f4ad4944657289406bf01dcbb49d560a11840ef35dbc0c7f9c96dbea76300cf61997a87d70f5ff8c51aeca2cf0680b6fe8c4025e1e25b62103d248cdee335f4fcd67597103362003206c507970ea6d78cff4b68b44244019152dbf812675cf667e5e13c8596eb6fea3903bfb25ed08f902722a37f8e460e37a03a2d6adbdf79da20052de658390484b83bbab28d039a303d7376bf555181680b7966c798a1c6cb215257e37739de7b9706cd1cf3ab031f68c82d6ecfa507c104115040744d74a40c49245215639d0cf4a5a7a10098e9ce3564ac3c44f0683ae9d3094784d354db1af439bddf63d5cca668d8180264efeceeac0be1b8e1c6418e45f9ed6c779ecf169143b034cd9f332989d445c83a8786398c507b9171b4d95728575539cbb29c5b804268d88f2b39af1f9572b8daa9feeef69c4a77dc64bf2dbb5e57f8b33ab151769b2d00010d67a2d6f188d6d5b35e5e1873fe2b327e42afb8885a842d26c246f7c18e6bcdd6fa49b300c65a3822121e95004928104017cbce2ab95acadb9802bf4bb049b8e96468353d649654c6f69d774380a5a387d6414dc3000540bab6eccbaa088c1068ccef20036e5c8342fd512f55e6794bf85fe15721d99a1bfeedc218617a940c8c25d4dfafec677d2a719b2cddcd302294b7fa41aeab5606f859cc0d638ac94b99ac3ea48c687d278eebeb396dc5bf2d2e89e880f76b533fa54efd30d8ee38b34dc5f8ae62c637e9a7e85d99e011f62d261ab4d3dceb98a8972d3482cf817eff476b873ac56963bd60183b359713385ba82f6e24be2d6cfea6dbb4ad2e1b5b790ee54d23f64e740502e887629b346fc8fccc3338d0f2921131b84590b32c7cb82cba8bb3b81ef7bc5cb12f0aa0b3c6a5b2878dc4f868057c68460c71d40d4263ac5c8b8317d2d0b63403c7549439a9ef227268372ec3a54cf8ee97714bc4b55007f92b1a32238659ec1ee27d6f2987ab06fee84c3afdfa73240963f076a955bf3c19410e1da6a19b3ea3ae2dd8766082d3295d35436597783dafdadb905465d05fc21fa8ac2737a52fa8aaefbd2ed83f12545c1fa3198ff225d37070694c9392738e89467edb2da3cd1734ce398e32bcb1fea2e4fe1260a2d9f9edc3607a8ac8a51d5da36e99b31903025e0cb157fd2ff5b51c9191cc16a9ccb870b4060cfb0fd900aef62738a58c5726f5164417f084ef14fc0953e3c6036b818c21ca3476b8cc5f8ebaace257a0315031a03e64e7f749b9df99bb56ceebbaa4333bc7270edee90fa2715bddc38d44898a41998b2374b6ee3b8524d3a385c03868ee9479355092c4d20ec32deb51497f4ff34ae7e7ea4828c288f46e5148de28a8c660ee132e5b5489833dc66205ec968b60dab96c2a4452a7019bba9fe3d19d5829129e2a9c75c39416ac8695145f2b62eb9468198cbd48d7670ddc6af2f99f77e7acd01a34ea8e0e974206fbc22656867d09807b980563e06a559b0c3a7e6f43cf8db75b18c0f90c12ff3bd43abce7df75d17e631c08c974322010648fe2e2bc940e6510fb8835df8384eff3fe6a264687256c6bc0a5f9d2ddf208171db55c4446b03cf27796bc77e3c68d8f1252be21877d7c53747404420302ca5ae1ab57e43b158be8b707360a2f59d6a473f98b816fde2ccedd92385202c419278e8b840dba4c05e9bb65f68ae2a635a29110329e8c0c02f6fb5eee41ed225051ee975f92da52f93eb1fd7c0a098f6d1421701537298651313514ad31cb333e9c5da719bba95e73878ba41f9e2512862a80602aa2de1e1d086576531330cc7bb8f0cec38050b3cfae5c8b1d6cb849a579f2294f8ce80fde5405bfa3e6ecb01d5117203a4523591ac4030397de9ff81d5cc91af3002590f5854e852b88667638b2d052f2a7852425c8ec026e48d9ef5e73d1993d7f3fd7f704760562c36d2278c9ce131ec6aa444d7b2eaca3ee888d9b2ae122688dcb35455e7de31562ba618f1183308b30d07a5c34020546218101ad42ac5054d4703587ff60e860a60375fab12734912058d5b0b06430fabbfe0c0b43c22814f56dae9e2713325a31c682c13f008b9a3d4ffa8a454f0f64a9213ff2d557a4cbc64ec6e4eca0a976cd9f27497ba544dbaa3e2eca0f54c2634c719b9c3a2ce37bcc8158a880baa72780f8b1d3494f589e2af3044b4fdd86f4db2df0843ebd9f3518870f55488f41e234ce94e907a69d28bd83347702750db1ae2eb1454cdca37a8b5fc90091f548babf489e57c8919646e977274fc972088a522fff9f9306d2f0ed6c01ff92cae8440d7f3526b8c186d5b96942cb08032886051da2a9fe77e38beb18f4fb25f1152edf9d61347a00a844929976a327be46ffd3e2ee0b6ab1014294ec5d40cf7071c36b11127ff90720596c1b3065e7de8010aea469bb4f4ac5a6efd20591cefb7b94b2006d85ca475fee556f24cc41237c631b75eb594f8342deb4f976d73aa46563c1aa6d0b605a16152315626ba08807daa6025cf62b29176f3a85e4bca483effea7e5939", + "sha3_256_hash_of_signature": "78e716d08fb2e4a8c22014d0fc6b4ca9f061c137df343595b82b621155b4f1db" + }, + { + "key_generation_seed": "f258ff1178cc42a3cebe238c8418b4974812a05f43b8fa95639cc46bc0738bc5", + "sha3_256_hash_of_public_key": "ae0dd6b0e15dea1eb8525deb29f611f885aba6b2177e458e3e005f281fb83c21", + "sha3_256_hash_of_secret_key": "6edb391b6904167ea21106ef2bc46960bd64138a18f7845c8c4ba09758edf026", + "message": "9ffa507328b2129c9f05a22b81a597fd1b8c27d554b36fd3eb150bc5fa0c6ed967ec5be6f1e52d3bed1508dc3c841360020cfc2ca1b0713076251f2935efa8500573cb4634c78a1d0f87d994e8e2b0bd265a877023b54d9a33282c12397dc74caab07ac2efd140df907651bcd1b37cab2d03f77cc28872291f1cb28fd4bbb5331c2a18e02120bfd2d9ec0c8938a6d43681dc03527fc2bf59703b5160d8e25d08534eb5aa5cc9c10572257d9e4db29235683bfe1776a2d9edacfba1adaf66587bc451d32c524c7934556f94776f91cdda96d2e5caf91a39503d3a742dc5a0efef7c1a13666e200c5e3fd7652d200adef51fc5136281570b7832e0c6e7552972e43291f202e6f916c916dc3fa48858f3d92b1b7efd42de140d43648aedd7c7379d7a4b71751a3348b6bba3b0db71b4c99c41e085e5536a3f0d2bddaa88069249e21e2d9906191bbb5c8b45353de72e00270431847aeb4ff6230cebd1969a0fb68d6e302b78da39adf6c0e681117c8432e24820b9ebf38838545e95cf7aefcf1e9436cf48e87b6c5181cb418132c7bc050b9498720d7d534792e0585f05da2735b7e68fe35dec358da1bf1681f7f62329bedfea3d12bfb26ad9403f3ac1db96d828050f39dce4017b45c5dae4d7de9e9f687a9d7fad1ae0e7197184142f6818a63d5617be9d8d82334a12e68f2eef88a0da3a915de63629550d8a64df591eecdbd1b89eb40ae9f9d65815271693c85f2ca41bf45e4fa16ef8b17d945ec61e757c6c609d8afaee32b3ca628842db255b619f6562e656f6125fb27195ec82fbeb9c14330dab649cdb74f523f5a98244194581503356b5b7ec51e2b35ae889452d3457ead713c0715aa7382dcc510b16e771b3a5a91949faf5e29223c8f1f861bc3b4e77e095bb61aba00eb29c065d6f9da9b4413d61b2202547fb6e34671930ebcdce4c541b3e2dc90073867a47197e08c96f74ed81de5f10c37c062e8d82364d67eb185cd098cac1bc3c522e4fabdf2fbefb66b9ec6e848f732a737fa7b935ef2848c29b1fb94044996eef006e251bceb5be356f286f0fc85e5cba627b67398cbfd6c0f520c6f896353fe75ba323d8ecd9d3ed2997580e7e1e49eecd91982c5da650d6b128068b8d3d72c1ec4bf1fbf121ba96e1cf5f247f9fda7018cb609329b1c95e59e112c393c45ef7138905902227cd21a39ce30397ff017495bc98a968fb497e03de5843e64923683f2e402da63cc25ad0ba13b85e3e379b08deb39542c06a268bbf44990447190a1f8adf0d3ed9ed9917886210864cad84e7c4d1282c4d3bff9dc23e4fa68ef6b0480e76459d1b5e0a7cc0cfc17f59531c4c1cb1d416b7d009ab50173f706289dbb68201c305e39fefad87929ef933006598ce0f0242a2c60955ae487115b4c367a7e49488491a6f044fa8b7afd81f6da09d29d4befe1b3c9eafda4f17d22eaae0b2d1646906d1cee65614640b53479e23831c56ebe12b92997d5fea725d78ca75f4509eebd3df4f741d6b2770521be2ae63ca365fe1518cfdcd5088d58cdfb8d3dba76731f74760a47c9d619a31b7e318e957194ac5acc6867cf8c9c235043d5c09240f346fea840ae0bb16094883fc801da0befac64a021f6f871413249e9c7f5cca92f4eab5713b0f2cd6c950f34ba6fb1cfaad541bd5faea45ea5fb37258301a49d7bc4657e3e986d707213c0f836b030c21593f11518eae3a8a95a2efc8b9839e79cd8cb0e6de59d5a43ff8f81fd35392f0c0659b7679542136782d559897fbcc0129c22f43a30cfb27e899a8ca52453f5459a281d0cc21f902403a596c7f69cbf9a64d97b935ab384fbea5851d831e8420066826d7e11e34047d18cf08283be8f29a8a79b0f477c27bc41b8ea4aa010ecf8ece0d37389ff13e235a4526070f96f415d41af2e053fd4440ddffd69799456e7335cc6d9f4370008803f7babb6c58b6996dc5a52649e25463b5267c188e2dc39b3258636ed8689e5c02e00574988b3af881d30e9eb38ac51c1e00e1c0a411ecf37e314276221d7d8713f7a449e38371854ea26520addb58082287faa1f77fc04095499a3c3a331a38852a287b24040c1ccc054086964fb1ee2b328f3de21a986507cd20b4de4898dfd15045324b93fdf85e5392de0f32c3badd04784012e97cb9ba19472b0c20eb0a71c89149ebb601abaa4a853f2c75dd2622235ac30d97b9d7b1216089b9cc8e879660e40ebcd15203404a8decadc42114715f4d8a6a10511bacc4ddc23520445a95fa3945bc95878bff18728e64de8b7767cfbbaa21f3ef2d92f3d7dfda792bbe4e5b3381077658bfbef8db95b64f9f2a44917b38df6f9391118978544369c882b218e7a7a31afc3eb9a75a28095c4478dc81f9cfa127bb749cc53898409365170823d65a0b46bcfba0e47cc0c5f6ecbee09131f134edd254f4f58b50c486dada13195b1a35739420a45be6558401f64c3b6ac94b73397925c20545621c7ecdc7da9f71a755f84d27f2c6d8415d37f2bf1966a76845216e41764ab96dc2e14c12df3684f7683fdaf5ec771db7050f81a4b3e516c7d5c955201a18f436962476c1284531764a9397e0edbffa8c3699929daeaf968b4524bd98ee62f9a0db9cbf99fda80cc6c57a5ee1099b1eb29799a5b5bf5593cda26ce2c66dea3d40545465c1d21f5b9373556b9ed0ae30e90b836003ca83f78e29bd8d49550286dc2de6407860e9a9cc5eaf3e1b1c73fc2d248b81b1cc8f59dabfb5daade6f2a0b38e76d9e6d0125955d08de7f334a56a8f362cc5d883d56bf7babae6d9e425376d34a05ab863a0d9adf7c6fda574fa8dc60965e021532c25ed4d568412d4143fbf2c4ec2f230d08337a4e546e01f7c1bff4c97f2f27af400caa57bcf398aa5bffe155b0f29a085d5053dfbedc3423818de8fc597eeab2c1663d8c81c71cb876f73ac854286063a2e8bd8614d06b80f3bf56381179342143f4c89b8cefe9168b6a96f416dc617b9f544f9df65ca6f4f7a84a327909666b70cffe889c86aca706a0a1365e248d6b341a004a27d4ee344f03ce6e85d3573e272d48210df7c3178efb7bfbef7765d24754673c9eec14c7513fd8de6386b0829ef0980b826ec9c77c81d1e3b8caa65992db9c2f8dd691c520fa6f233afaaedbf287a57a9a66d2330f4636f02ea3148c4bcd2c8b114d48a1027fb3bd5008d732c427adedec9969aead451e166954fdc207c1a4ec409cac60e42383385187af44f136f91a8461e62eafe6fcadd1e491162e46cfbbadddb72e5b54b7c655cb9489e7f4f7e55c93d3ad50cf84e1f47a706fedf818a5246bc755d6d18ef18702f5a90ce51812a67227c5e5a051133576e9ebc18afa18c1b05c854d343727b25bb10e3b9a3645d789287858fa43734d66ad831e8646fe604286544238dc99acfe3c8285230fc784bb73360f72ed34795b1c46edbe32a346bfa7f534b500c6c9d3ec26ad7ed20d1500e3dedf141df3c2f92e981472f0010a48f25429329ae92cbbb918246f5a53212703c75dfa15d014801a830deb75baa36", + "sha3_256_hash_of_signature": "61edc4549481e9d6649489b9fe54895787e0a6ae06dc1f8487b1ba53470cdbeb" + }, + { + "key_generation_seed": "5efbbbe99cf5c2b6830fb8e990250be308e662200526889ea973c8d33823ec19", + "sha3_256_hash_of_public_key": "5c9d637cd2bb2efbf2a9c11beb7a3050fdc1ef45aa1fd22a98484ec49944dc20", + "sha3_256_hash_of_secret_key": "3bf6e2b2bd1511f45bb40a6a8631a41909f83e6ff10c025cbf165ba953f48b76", + "message": "e7e845902e852b331ef9923416e492c1641236e4e72408d800fd70774ba32b6b4be04b6e82237a247d26f9a33afc4745c16ce0554774c68b33cfc6e67ae34e42038fc6c324972642338daea75982c71720f1ec9542df94b38434da34a2003fabd9daea1950b7751da6c81aff7d03390f5d63455d417f5d12a510337a16197ebaf921b6a7a9a9a58f9696418eced6b27cb8efc8ecbd9b68714f721561af8553a0d84e30e009a8985d011cb994eeaaf88c76f7f3261b47fc174155c138db2eadb09a06073b211fc0d27113e8fea0da56e181cf532ba8207f5d80d6a30d8bacba540d49a81a0763a0467dba7883766ed6358e809261aa3d8b757c839b532f272c5767671a3a8bf3391b14f5e97bf2668a4e98847f1abfa21e2370870ddf24504f89b3db71e210c46d66ea7296d65c926e2c955d899ac830cd9d06808a68e9b3722b86e878cf21a5e5d41d7f3cd95d23a6344c259859735ae1a953ade13ca103692b33af90ed0345c7b038d938f8f494d90cbd3933b2a80fedc2be57960db23ad018bac63017a04fcc510553226cd86c74ab90e13c72a1be12e4d751dc670a98ec4f81e9f8954a693fc7175ba7e50d340ff7f15d568d0abded0bb1fc557b1e55971b4c4ce8cc1b4d9e239c73b1133c9e1672dee36a2d9527f315c21764648643d866b0e2ab6d2dee61d838bc5dac183fc511c4501b6e535ecc54f3edad6e8edbf0de7cb70bee861b2bff0d41bb87ffc0ebcaee9a6dfb98d31d35cfb6dc0442fc285ad0879e7b218b6e66453fe04207fe814c5f72e49406b48fcb1db145753dc2a2d3e9793594f7ef1a1a6339619e1040cde605648234a51b2f6774b31c7f9a77c2ce3b98819132bb725d288c65901f7001e05fe5326b6f701c337d41c8cf8748ff9c276ecd398c725c36c11857605f58c0b154dd9f3c1b4649ae677533eb0338b7475254e273b786c2fe7db4c13468caf0aa2aecd55dc1a5f868c8edffd8be8deec20a9faa621c4680f3eef4dfe4a79794fcbc5f8c56eedcc3e1963569a36525d4f6a5bdbba5d12966fd8a0fcc70783fd9f61613842f80d000c9281cbdf28c01c6f6aeac10df1ddcd0322e00c4e3cc801ef091d9c1b01e84dce725d57c800d38990251aa1d1206ad93a7dda40f27726d6a03d973150f7a88703724e314c0953d56da6eac442a70c2a08bc66bfa2b0ee11e185131e352d10dd714dde502097af0ad155aeeec2a6b93b149b75dbb898b2b3a7c5fef2f48d9b12a580f54c4eef3ff83a4f13f2f194af551d4800ae86aad6efc82ce460d325cbcfee3400ae939431ab4070d7a7cc005f270896051e32b1051e58941530e250f05af19ff416e65ce40655fda31d2e7a6158e07da08fa61afd5319b682de44afae146129a8b769c1708a5d3479b6c910b2ff0fc872a4a41aa8bf3ee16f80011d163b599d18501335a2be10cf117dda094fe01596c404c14580a7075d04ceef68bd8f813d7de6599f478f3de9ce60b294cb7ce5284a61e078939d08f3d4fd998add3b92532aa54e0c31087cf14bf4ec964ebaad53bd15d04e37948e94917dde181ee3bb2346335ffb403b000f5669019c5281d88a0e771176e49dd0ba22e719c0b731ec2aae9c898e74b2967bcbdce0d7d73057e004bd62269f4e7f3823dcc18cd6c551104b9b896b0ad138dde7c3d761138641bd3eff3df1552659fd97bdadfc59a05cbc622a4492a1b22cff72ac197d61a4c5a949aa9ac09d4c1112f4c1b1cae353c70278a21663e11f27e9ec66ecd4ad56f2179a3fcec37ac3a3f4b33c06bbbd4c8ce8e74825bbda3e58a2e2d928c2c6e6d886274bc0e2175ab03d8721c664fbd6455db2960e3aef0bb25afd3cb0bafb71a2bd18a89adaee00aadbc7e4ae70ed4b534aeeab88559194755f9656b43bc83e3952000d9e2295bf3391904218a015c786de0144868ee4aed203b261fe743b7168788a0680f7484792a3f64782b2b1ed9217b09ae9845dd71ed363f18e8aaecd51a4f5913aab33fea3fc5f1e37e0cd6333d2a8347cf45eb7c4ad967fe6fcfff3565743435ef09a646e75c7e968ecf4202a9b2c23aa8118a1683219b1155c2cabc95c696704f5b270c6d213332649363ae13ec811e9a1090d1603eff745e2fa83379dfc6da5efeced556e46a8a5ff1f2a5c0d911b95c20ec2465ad0c96ae7e16fc36143762bbc0734cf4d6134dcb0d739f7822470e0abf66a0ab15ce0d6096d3abba2ca4c81c1c68bdc252a8a4ba609b7c05ccd913ea56126f418fc0b06de8f76ef651f8085604c16e5910f3b8651ab78296b56b78326e41ac15774e442017fe5b291e5227ef5a4b78ccfa96d6921c8542a8a984bc87e2678903869c52c2568fee4e23ef3cc466ce270614e6472244a4294b31f9438f7e43437fc9c9c5f3efb0f4f0af2110a613661dc24a1c7f7a7f8cd14a943821f16f94bd874f1a32e305db4776cdf6633446724ccbb2488b1b06f0177819d53885127e6eb717c0d6718366a8b8a089aa6ab17cb2581a75ec748123b7d0383f3900efcff77d2e022e90aa41491117758221a0b149c8ebc23cc01c17b9fd39118dad413a391cfa0a5c614208060a61646c7cf1dfad4abc3a9cc5cd566db2ac8faf392c9d8e7da0f84b941d792a8493fbebad30d0daa0d683dcc1583f0c9019622eb6c92fbc475babc8b626319be2264ed873ac063f84b7f83688ac99d732a1e3fc12281bfb1e1e63d48bfbfca619bf4b95f899c50ad0f5fe4673347df2bbf2ca21bef49c7f8440d95a83299960f1e42b457addccce236946de80fd4862baf36387e041deaac3c9751ae345512bb1f423a3b4ca8d3a5e3796d289641d3424ff22670a46552ec68d7d095e8636441d777dbe2e9dbf6b5fede5318516c3886b943f6adf17d8b7cd40b20a48233c9fd981145b45a5cb8f6a88eaa36c270e93e1d876d7781bb92a1fd99727d8e0ae34c73398ab8781bb342f5aacf4081459ea5ec20c30cbb6122344c457f92b20448f78e1a2a291202003781ebda1747061c6ce1f8bf882fea4fb50bfe638685cd638eec15bc24252567025fc5c16ed1f5d98dd90c76e720ef7b4e25a20d262e339c5e5bb5a9cf051bf5fd1f63e93452a179277b57956821cdd901f1c01e634ae18485708a6ed8f592ae2ef3a9d54c9734ffbadc6f0b86d0398aece9374f9acafef38d4b97be9b932b9852f97aeec435311a67ae344ac1985738c72f52b3d8b71f64a916240477fddc5faf02f8224eb35d310fea03fd2c5933047355a438676d92eadf70df662d97c2f5e00cb293053699d51d302b78145c77ab03f34eaf170eda5215436faf0238a4b0d41d29f36052a5278c7d8af9a6ffc6e2b6ffc4c5d524f7640a7170957f3de2451ac75589ce328b61ea7179fd990da1698f5c73bb8639a4da2ad67d364db04771ca118c4055c25f1120a0643158c07cd22b375d5c1dfa26ffcda44921f41d4a504b2279dff03421cad19960f87c6b6dd8c29981cb66c9731f931e43b0d97c6ac9862e2cf711df0ded8e4d06f3957fff9085a95d9fcc95610fde22856b229a3121d8b81ee83dee4a6a9fa3fe8c75351574cb000bf7f3746ca1cc5414aeb23a2", + "sha3_256_hash_of_signature": "cb0008a7a07464c65e52529a5e535b75abaf61a5b575e7d28573048c3dd1c922" + }, + { + "key_generation_seed": "47a048d8799784f6ec385eb984e70c62ce7c8a107232871b69b99f7bf4c3dbb5", + "sha3_256_hash_of_public_key": "fdf6fe42e7706f162a71801a0e1e34ec316e1ff88c68e3841105e3f007a4b93c", + "sha3_256_hash_of_secret_key": "47c20ecc53cf74d0ec784fe588c836ce7c2c3c7200182f28585a66135aa11d61", + "message": "34fcf4626248b979a7a8d306cb9ed69c4ccb5cc3729d2692e0ba679d5c2feaac54a4e06d4efcedf78e19357dae263e1b5d107fb09618a9c34f54f19a738a66b95e6f88e20e01f879f53e8f4c371b571e1438ff70e0a8cd00d608976e24501b2ddd323efe6c1302a318cad821c6ffe641672bb80ac62286c69fcffd93422911c46d43dc9a1f00a73e19ebe6cc09a9801f2a1da708f0f1f98e7f1a18529010823230279f487911cef1e784a229d9e311bce5e2d368e6d613f791ddd617d0f37f604b786ca2bab754e8bc4bd3da37e66a54df1d3b268a5a80379a30a52b1532e8cfabe24168d83cbfd61e2346f901c361f771e0be3e03dae8cc30614c10fb8dccdcaa5b9a25ddd8d61e61f60f22308e12adc137d3d8c53cf7b31984cb813758baa19ac178f2f0cd2155ed674a7509a3cfa7ff66d2d9b1e60be50fe7fb79591c500f66bb1d35edb80263f4b696a3dda0b9b2911d01e76e9070d99db93d1d0c3874cffa776ba24424a6b453526f7c44eafabe13c0750f9df33e82105930139e70b5cf1b09dc3913d6bf4a4859f67fe814ff038f0fdab93522a35e7f81002a395989d68b8b7e4235a09837cc6402a5338da08e7c73dc63c43bac42054c694f4931b80140d6b104edec995cebcc5629f85d09ded8257626f9fa4079adef81d044c18bf2277daaa41931b62a6028f89f95f06d8a8fdeb95eb2eb1e90c0d8523e0b476b158e3040f212390ab2503021e8d6fc0733b963cc6188fb2532829925b59c8255d89f10b657053d0fa1d8e76c84826a4609284503d3a101ebfe7af93edc423ef5303cd946c8b570511e38eb04bee0060e678d03e4134f84f279a570aad0332417fb2099e3f1f279ce7d6ddb080c5d83064d107bb560b21183ae165cbb54cc75313de72d40d1cf5173455aa55c5c356d7c40a2a7023dd95d3f89b515d7598f800dcb7bf68b707978ecaf55b794a17559bd1e913f4472b1830783bbbab5f23a760c78c46157fd1b429c445494cdf92fec8bf9fc217d3ce2697bb6c671baa793cd0c1c84f579f0daec400beada799a9f417fe4744145f21c6f8559afa7a514a0e951f03e5e68c17a8e5816f3fcf41774d26be2edc11fc3a42cfcf00f817c3d0fbf474fd7f30c9c3c6be7f74fcc79fa6ab07cab037eea7d83866673a74c087b5f7542804071d53ce348d2e836749e35af0fb884d5d53abb195ae1ee6e9ae35dc91be359bcd510a7801fc243c07dee92373918aa4f8a89eda3895a52456f7244d1ff007cc7b1a52cbef4c1ade1c2c0ac189ab24b3f260475e1d08e7c5bfa30a1cdd71de5ace80d5fbd1d0f17198b79c8eea0365d139f2ae73cab6fbc9a79786896de0ce7fc747d68fa4abab662a09e0e409f7e652153352bb92f5da1836b0e92b0b644c821b2dd2bd0af193ac0f8cf5b8d88432f0248dab09b46fbef2ef1899b5981e9b33de4e9927ae50890fefc35f681e075d8b0169a2e16feda6392ab9858db87ed18acba25575afd1feda9fb3fd01ecac13c245df6972f65087513f505187c4e8ea54b6433fa092b6cd3af13f4718693904435c55d273060fbb5fda76074691269493e86f287922d074e54eff04209b2fdd3417d8436d1395e638d57db75d68f4f819141b6daf4d13a9a18629cf5f84b0cd02e7a397715dde5476bdc467218d11aacd6ce399d9d54645bb27ca43076b7e4e57fb4f7c4f4b8d0aa949719d731c3a927fdef1533d773cf1bb562d5ea43817a5acefe9eb7e51029dea143e8a1d5f76f9bfd74a26c6d38f54194319a1aaabc4daf45efbae770b9e9d834c09fe45c15d4bbc0251d3df2f2f23387dcabce6ca7a59625e18fd997770d164c338d0692af97c749fb746c0d3944ca4b2da6d3ad7b8c3aa922fc029cf9ac5580cfeaff50cb2e9044211ea522bb5769beb7a7bba0743f345feea9aa9da6ec5f0579cf7a5aa4dedc832fe3f65185a31fd49c0d259e3b7f8fa96e110d130f588cdec30d0fd4860ca6673c46d961fc68a4020fb03ae24b1ae12967ec1ed19abec0808a7ef89521152033f70f406a7005819d28dfc556c79de18584088f40be40a555eaefa78e3fa3d9360a7cebd963555cf208dc408a07ccc1369f98bd840f5c940721064e6c7cb241ed0697af0facf36f05632a504870abf90134a01af00d340f7a5d548a8078c2049600ee454d15eb8ce58c26b3c8185cf9dfcdca7d4b6dcdeb82230f993d51e701d8387b06bd45b4b61dc9da6d3b4356f50c1d4ad2b467d36ac092442fa90d1deb014475ac7ce90c974063459dc951decfa30d2de4c70fba39a8b6931217d0924ffa783c8c3daf048908e4aaeaaa3b7c98846278afdd1753252f39caed7d334d8575ce3ecfb2edec31afeb2bbe67fa929a267376293c2b2f295cd8dbd66106e1d9518be1798949f3315e0454d018c2b706fe836fb37ab908d9d698af495bd285a74e4cfc7612d42121f43fdaa7dcf44da82897b820514d66b92983a3ec819d2ce208d688b6f0aacadc0cdd619d815cd231ad8dd9b6dbad9c47e16fac098d0f4279ab52055d2ff765af6e3618c4509fae6ab00fa23980efb19a26e0a6ea4c9a7dc699121388748449c429b28ad2779f5642f05ff58b68ba3e289f90eb27ce06392616c080d659338caf274d46a90d58f2bfed25e8d4a8c62030a5e89f6b1a5f6112a38661e2f2b5a37bcbf050812dcdce9c0a939adf929c921e7da0c30815da318eb2f350f286441cc92060c970077623eee68b8c6fec9fffe780a6fc85fd7af90172951337af57339e98049132a4cf58874a7418fb7aba0628b6192bb2c43102ee6b1d7e824725d9c75d34a8b69df4a6bcb1f96b57767046c99ec6352751e2fe1075bb4092672379b3518ddc884fead5bd062b0336ea88bcbe0d22e066566347feb617a322bec561e9aa9d2177eef0dfeeaf6231ad56d0cd9e300709c9317b3d334d8d2ac97f96cf2f45b8582c4128d95da8ca207ae34d3daaccdb128c11694eee6d3e8e6ab767b6886b1f7235d85a4d9c7c831c5db8ad8323f63927a638e19497cfb308285a03ca2c1fe2ac4d919ad11511ecc6f28e7d0e0a614fe21b57bccdf83535c7e2c40840ba0014247190c580378454751eb3f2361d7193e160b9516f7ee1d683b336b873c8ba22e97480a61f002a73844c78309c0a3b31be30a192a62bdcc3d33a7a5ba1f6ae0404a8558740cae46e5fd15971b41c0bc39665a9b92eeb3328c328b073ed5b3720d37a1c097af8a6fddc3b2b067680e6caa760368b0e1c052e804e9f80f26b52596202ff2e0af7215999eaf7d3ee3e8916744e40aa1154322dd068aa15960dc38671a4f5889fbe709ce1deccfa80b9d33ad2fd963fe0581a2ed7718a27ca62819d05baa3212ec7cc1c5472bcf579ad52d5e1b2bee637d9827851c419a4cb91db57b2a6cb4433c1bd209648f1fe170abb964b272bcf0a263ce28cfa3a9d1449cffdf643e37ad97182f0031cb334a1eead23d63a5c2d0a675d0ed000f37fd2153e1afc4ac01692701014927601203ed2b8a477ccec45c1f43190e4fbaf2295e32a9383fc7915aa76950a301abe47bffaa9c294292126934ccfc173115a6ca96f3945fd5f924a5017125ad5aac705106eb852ef3190a24420196ecd37f7c67b57162cbeb97dfa", + "sha3_256_hash_of_signature": "484f90cc5562f3c984310160af1c2e56de39f9131d7d3d571b13bb7b7ed9fb2b" + }, + { + "key_generation_seed": "1d9e243a35118bc7c50a50746e1cf19c9fc310c7d54181fb95f44753eab1b94a", + "sha3_256_hash_of_public_key": "c21b0742ecb0f37aff7744f4ae461502e08d9736ebbccb260f9ac1cab8e58113", + "sha3_256_hash_of_secret_key": "aec23c8728df064524c1cbdd2c8645082e6b03da195e5dfd1276c037aebb6795", + "message": "96ad5faef409b8a4c21acb1acb596badf387d26656be3eb17987af59737e324b7bf8412a306b0e706aef73d79af753d9b0064ba9ced8dcea966543fe748e2611709ecd1ce6e4dd8fa812d485e91809a225936675369574b0d104a258e3353ee0e021683615ca5c7c531fb29a5025cc7f7323860443dc19c9858f741eb9d24a9f6f04fc839b67153214116e8b7fa982f338445830f915f7c85c88c23ba2a3ce8e2020a9d8dd7b18efe95563e3924d2a341826af51a8584cd026b1c433ef0221145ba8bdc8f73a467b33a9eb3e8cd2a4d671c17d7c28aaa539d1c5bf2f4138639afb89ce791daf0ef0281d52598f4c13d210974cfa1f099a0fc70b1dc120e5c00c33a2bd360bed57cce069060d6380be2204852d8bcfff4918ba0b70b0bd1e1d55dc1d68db1d20ae713b0093eaefa1e33d40d9bd95cff17568393e9bbf5cc1287325d2668f65dfcf44ace2f6c6cebb62f1433e69cd19e6c6532ea93682b22c4c4a62c6abcfaed08ee64f32723e56205222e4ae0831ab8fca8c265fea0cfc66aab1e367201752aec11f752b963792c071e42a8a1ab80658a0c6960147ed740cd07f307cf6a644a98e1d2e56c625acf458d0bdf6216a4f1b9c78ec3f14850c803a4207c894e61a8aa88840a27f2b439fa7cbaabbc789102a95323e06e2c324859db92c6ceaefdca389f677082180fe3d6202ff60dab9f87e3b84841c0a4eb5974d893333f7f1513e54ea4ae0731ec409f69b77089fafb121300042880ea59b7927e9435eabfdcc1019a96e145d5d157998d620e7bc6945dbd6cd78e94c2d89589f8dc8a01cf1b295a26b091847f034937f764adfd811f52b3aa187f3f49273eae5949ff34b64bc86ff11eefe378825d526509483e7191b33333e5465ffb025b269f898ce1f83ea549f1864b556c729f510118921b69594f67b8c229236ad3aee55bd7082e027b5d342c976a549e01618288944de0b2c77473a25201b61034b334968178afab7f8cd1feb6a25cf8dce3586ffaaa861471e2ee7f0c22538fb3c95d2145965c4673e6489764ae24b4f048ded77fe3487ae175f6d4898f69f9fff276470a93daf986a75f685919d98c9c609c795d4785ae941c782b551ef382f47209aadea19066ae5d3eba7bbd99e91943f1e62754a42ffc8048f7b87f128ccf6c96bd760b45f07f740e94491874b06cc3450aaf55bc664b407c57369cabd2708a9c478dff64d292d96ab71eb997f8b71cdd6ba02f52c5035ec26e8111ebf8268cb00df9ecd63bc0d557e2d2e77a6363b00daf25237e77dad03f929e5e9b39447a70d4e5f4b90958f312c80d594e1b1f3d0d23f2b0d9753bf3544061cf0c0f841c440319e74f9b9d15b91eba1e680ed6aab7d63a97b48c0a4aaf314e8e77e2ea6be9dcfc7b5557fec1b996a37c86cf6941325ec356ee75671726bced7d2157be8d4c62cf4bd0420baf2c4223597c0ef75f7a7c9533d14be0d21c37f06faa53ed5ee0ddb025862417f98d2f188895395cf2fe72185acbea952f55cad7ec2d684a5ab94b1257d7abb565b8c07b88c6335ffb9d2fc6f6779cc24fc3cdf92bb3b12ec54360a7cf3579632a2a65c518e57015df1c616c857f83f5f1aaff693acff210dd1e95ce04cca9a0bf385ed6ea2aed894e79d5133799393469b666209371e708d4d279e1ac5ace28985d0db2765d547c2902b715baed5a4fa3e7aa42645f3bbe1e9f3cdb87b1dd8dbb5aab08626591921cb49e552f8ebafcbcf428470719ae40b9ca847f31848f39e4d42049c5d40b0bff036e5409a6a12e7924148e60b64bb83386079b54486ffc8187302893b8bf826578d9ca03a1291983f21de7f6e65458f8942dc1b135c6c8c1fef4f3863a58db17112419590ae57b9425592ff22e596191e5ba7c513ec315ec3476c95a149f6a5ec1cf24870400fdf46217a23f42e0b61157c3cee23e7916b4475a94b96b917c171b1a34db13ad98833e457343f94a76ee226fa5b9f3066c2fd69f14d3aaed1b31f5114780442ebbc88d0de5f689cd910e7464d73423b9d4e03718c5c51871250d11e27e28df1268166e3af328a80d9d335f2d27d2e91dc61cddc7f733e345d56c11b6130875d93d527f93542fb352407185e7ac07051af7f642e34fa06b1376ba15a35d837c1bfe090ba67a89fc1e307dff3f02a988ecd48fd229733f641f2609ec8db14b1a5ac170b104f03c2509d2ee6844c716766d06a6a25d957530fd68a8de6f1753f83ec19ea2deb1a4f9c7986f20ff60a7508ded6547a85baba70577062e8144ba0496777a5218595e021937febad4bfdecac29e3fff2efe7d598fcb86f93a734e4c573e1496a6282a3b40e817dd3c9d631939aab350adc703899ee3bcb1b5eaf6ea8420dd6eb2d4f64a1818aafa97b73c75610b6005f1edc1ec7d8f8db1e5d3e9666c1292515105037d26f2c8d83fee1f4ef5deeb287cd7c1e11960218c1b8bb50453488bab019435065aedfecd8d218bd1e751fe736442e8d09ce7176a71c06415a30b070693a68bdaa5cdf62351ae665f37fefda9481e62ec181ed24f0d0649ad01c89ac422f1b7e27895e55dcc2fd817346d361fa559094b37894c0b478c68a1d7564d089d9d4417d5c7372a33ba475a81fc129f3259c5407bc7435825b415782cc84d85e69d9b44b32d78fa255a895cfd55319dae677ff89d93a3884ce9401775563ff1788cf3ac11cf96daa199e7f4579a0264378a323fda64fad2349c09465fb23ba09069c7fbc79e7288a82f9165268f6842e0aff0e250c21bbaeefb4347d4ef1cd51161dfd29bfaffbedf71dec93f4157a5c18995379ade8d15db59ec4a8b308c2eade1b7ddab55ce2220f3b3ae8cba7c8211cccb3846a225b438f4b37df54363a987c5c4e6b9d20ec3c0096317d11f982184b75d8effd168b7b41317d40f903a23a2649999db36caae31ba5d91998a684d30aaadbd3b1ec154bb6c92513bfc0c47c673254f42b1fa36b995cb737668cbdc2a0d1ba838e74e0e50b22fc22dd048f48b6d1e89e1ccce5a226f63ac7b8e6e9e8ce27050bf3dcd7d0f35f47bbec1caabd4d619cd77302ab4ff6f56dfbe9f5821aff2d72ee6a628daaae4440edcc070473bdaa54ccd775331ac2812fc5b9884915da582eb36f85c7923f06d961594753802efc5883ca484fc64face42de6c3105e23cb90663a3b381d0c6a7265b740bff0a1a017058f06e39a74bb07b63f883cf914fe675e7e5ad5ad44c9f90ddbe23a125d9be02264edc13972ff22ba48ece8890a223ec13addbe055a8b4e03882677fc0d94c9053da6ced34e132fd83810a793350446d60ae5dd0d174b534a3b6f5bc1b497f9406b5cdd414401b6dd881ceabab12cc51425e88a81bd9e14bda18273583cce0849aa48dba1cfc49cdf29242c73c99c87f063b8b739aa787570459c098405dccef78d6d97c21545f2959df9cd62f9c38ad9a849507c23a51714565642dd76c9103154327985f7dcc701b795a7af8625f06367adc11a7fd7b6abbda5b2ff6a825dd43b64a48ede4eff8603a82159a6011f9e626171e4593c0e963595a6e068ad05feb12378c71ae515a82c293eb7d2b01b333cbc7991b44685aa7513b3a58342ba5d094b773e6a27f8582f3dabf54def59974cb8a2499369b5b64c7ac08d32d75fe37371c578073dc83b82a828dfc325976ff282d3f6", + "sha3_256_hash_of_signature": "d1f07fbd260baf92e480cd5540b8789f4ee0f30744e54b614c18da718e9f3a71" + }, + { + "key_generation_seed": "0a46fda6ba71125f3415e8bb6c2d8c00601107fa563e7f6386486a88f87701fb", + "sha3_256_hash_of_public_key": "cdd63192092339003b6264ea61c1b27c05767dabc6095925f18fd2de6897c5f5", + "sha3_256_hash_of_secret_key": "e99fd983c1288c236128d6f84f71c24a9dce406d8a66eeccb21a676d37f9f6c0", + "message": "2447d338bf1a375b66b77fb96cbe7742508b57dff4d33a368ebb8451c2c67b980d3576e6588d8678b285ef288a8b5c9c2726c4a550e764e47fffa2a128533a7653e480288447509e10013ae1944fffafbd9e2baca0b3c7069c07a4186c056fd3857caddadd5f891512daeeb26865f5c89ffa63a64c85a08e41ebe7bd8786a8add571a4267d5a9e426840a0b988e197a09f3770b5b0d80d65515cd4d8390af40e6150062dc4b8661a8238f232692c152c97b8cd5bfe7b5ad863dc92d99744d769087b3edd81d2e475f5cf0224b10cde6fae8dfc3519efdbe66805ad4468d84d3dd93430363677360da8f56cb58a6b775ff6417c1f324380b15c9ba668eb0f25fc2a690b483e856f3327b2d79fa6259e30d7f76199cfd21152b7c6ffc3fc113f70d3930c08b3c1eb1bf25c100c5a930eec2c52664f092b89614943d9d85ed86a2ef666a94f9826c3d116a2bbe49443e2c11748c977716381d9463da8d09612b80a6760e5a6fc5f59425eaaad6c8342c1ea4beedd5d73151ce213c0b155286ff22cd28e3bb88e0cee39cb859900d1e0fc19f6a7237bda8e51476f4844a316752fb347492a928eeb07aa39abdcc0164d1921b61352ed4ac94b82c410a56505633bad53a3e649acaf64c43c1acfcd4715fc594af6fb9e85b0b7ddd6e8621bd12a2bee48223a97ec8502c16b550b03087b6e87c1a860d36322064f8febc52f2b7c31dae7430870259bdaa5889852e3ae6f61013f5ad0d38727cf9d90c67bd7bb3b82d303c6c35383ed86fd5b7ddec824ea198ef780be830a1f2679d24ea6e2feefb979563f511d188f409f0cfd0050fd418414d01e46db3d23b3a90b24f4e96edd4f863bfb333d6a826d29eed167738bbe22c516c59fdf81b032bb55473a5ea2a1defe71c95a1eeb5c028435ad0379896cbbc76877501b054cf1fd2f6d7a9deccd70d0c07111147ef568dce514de96eed61600029c8d103b31c8b344a700de630276ba2c5633419c59e66577659538a6381e45584c7e1d6ed978ab0af89067ac83bb70deb6f2c58e339a5a66176a54d985da6e02002948c62be6f12314240fe18b09aacbce82ea462586b8316c3e0aea00f9998922f8d956120e53b4178223f4d2934a20976fd5a72027c8f4cb33e9bbcc0abd15395151266b6cd5b4a9e2fc1725d8e9ab2cbda47b507bb25ac995edd51ebda5fd19caf68fad8eac57cb5ef0c6fc861a73e64648ee3255db4c3394438f49377cc4ac2fce1b6bc812e5d282f122678713c6c6d452a33c632c0aa47686588752d72b0586fe5ec2464a6db40662fd2106a19f67dccc45692fca03685251d512642b0cee436c78d94c6f5f25bbcb41fc7e5b1aecd52b846a0b70eac93579603e9870f942ad4c1cfc9d49b1132777c6f1c184c1537178e5029067257a2da2827a2ec44d323d13dc6e4e1b9edf5949d4324228687fd54f02ccc3c4dda635fa546a5a6783959b1c48aa9d9c9f6381ebccd979253460857d3cb1c70893ee6f04709e35923883ee3c71c7f33b8cc28b9136b3ebe5f52b9a76817f2f74fdc2f12b459dff32d5a295be374b3fe507a0995bcacf1e7b24f4501b29f1e8b4f2a8cb394b3e459a4296f6439ba59ec88305ab045ff40b1dab4f672f878de1f9e46b9326cb3e2f3457b83ead8dec28dd079af0e984a69ed882e1cf21036578485dfc2debc9cfe82fce0383b4039d147c4c7e31e315fb57b9093daa811f4ee4568e32e5625abe76c5a1ae42a03441dbe766d0ef4df607406f7d489275e8c5d4470866f9049a4ad5c428b843dec3702e86e177e4b60181d2b5f099bebcb25f04c93d087c72436e87a9b3afce78fa31e2b892400b5c1071f8ae0f78ef6f7d71859a97c17ec0912d5ea27afeace739fcf66f489ec6355a3318f79649881cd6c7e96a881ecc4ff6934c3d10d99f1dfd00592cb037749b025bd4bc2832e206c1407e600fc2170c0bb57e5c7af0756830c2a6913e2b9c60575cd4a394f2a65c50e40a43cf5ebca6a8a32335707ddf4633bac7375dd53e24df20af30203b514d3793392e38fa8429b050f58b28cad0146f385809cc7faeff8b71b2bc93d2c6f72e31ae2d07cbb3cb7f43540894e01654edc71ccf4f361a847ec5b1d23c2d4680e29f0e1f992eda3ac41ecfe614fc010a2eed1bad87a7d17468d6fa5356edb25e9008a9bb328225f85202246816e1a542e1dd746a5fd3e064faa1248579d31cd3d65f8fff36f782622402db328c7850d82d8d8a52b897353a2f8b95624d2d958fc1c3ae6466eacca2a6a5e6add4a582d27e07633ccf697fa02e243a4fbb3dc727b718b5ac0fa6aab217e241627e69ca46f05ed6b496a739a29edaeef76992a507130715be555c68a7eead6e8ff3a378d8f4b7bafdee3edb9ec094440e31bba717a9c82a117d05edca2370003dfabfb2efb29510466f74e76ceccfc41709fac4cd8eaa998357170a7a293209eb0bb83dfe5e2f6d73c28d5409c55e95068d647bec42db8098f0089ef8a5fc5976bac421c37dda6c4227bc1ae5ae229f067515cea3d794c8d85564af208ae0fcf836b6c0af41477f99c8773d9dd1923c5c07e1fd508c7436ea93383797f372ef3103546a5278a4f59614a5d182344f0431d065c35620d63d4d001d7f626993241362e67d1bf41419858eecc2626537d44e2e23619381e96cfa91b3d8054681d298509d9b99e7aa99cf8742e37637b24136f8e1b487e9571e4c24ae5df307e4c7c62e55c47132ae404b33e5367c6f24d6680be32d20bc58370145486fd5eacbcf98eb7e7fb6293044067af11879e91444025fe52e24617269be192bb71bd9f95356edbed9df352ab56a854f9f531889a88689d3f161fe6155c6c1e8011d60a46f59c7d08c477fa652b559a80567076b4eac29a85d54c66b35d6960dff75a696cdb17ec9a7b74dc6c3652dae866e8758170d055c4bf60fa1238448cc9e29160df50160c4b0dfb36bca40af0bc5f7d490e7dbca49535742eecb90098a0a0fbbbbc7af25c0ca9bc039dfb555dd8431af188f7c1d0ff786d627c058a0b9a15f26b58aa2a5992bc8fc5aa14025ff95f294203b45ea081e28f094d0d4ad671c885e67b2e9e800f10048158698d56648f67bfa8cc73dd5afa15c1e48936b2596dee34459b484336c20cd77e58bf682479f9aef2fcda86e4f3a2fed7046e5a3828a9b3c0dbffc25fe699f25629a2045a51242e310cb369b730a5e81167758d7fe843261a598e4541b02d0db4bf5616ba07a440665f7fea6213114b6b1b38bc033d70e845445dcd18e23d34d3d6f4a52f5f904ac5d8feca5af1123658d09613209ee19954174a1ac7a8c7f9ea288bbe5a0705f3ce38f30ed5ee69cf5208d461efad51c456507c3729eb338ce15c4c253be21e81f082b0847c6871ca0fc8b3e80115fe2bb8cd8afae69a3c1429d21f149b7446888bb4dcb639819efee665b6d6f69e61452b9328b4887a7c04e9949390980a2609a667267035b11bf862c1131533ddafa518221627e0ee7e4009cd48e4aa9d0753a9ae82aa0257b69d569b4c53f05a75a521b327322c60398db0947d205d2a33ae51cf2cea8c9162dd604f8edbe91f5199d19efbf9896a46389e7bcba54b4aa57cba0d4f9da117f288133ad01a9a9b2a824d54f74d4172be2b1e5f0d3de60c13aa5b668ee6a45397c2e39573ebfabaaba48d1ddb2ab6453fbbac8dcc05349404889c7de23a16eafac8d5e541457c32cdce80cbc", + "sha3_256_hash_of_signature": "e2fabecec2d38da4ed76f85285a6747c1b41bfc6a45113993a80592eda549812" + }, + { + "key_generation_seed": "5229dfe11090effbe94ee161054cd5ff58b31e23f567b282db42eb1fe42e44aa", + "sha3_256_hash_of_public_key": "876d625b29e59bfde1d036c7a9ea2cdc13129e706638ce47c79472841741a523", + "sha3_256_hash_of_secret_key": "bc277e2b03b7e1a49d6ef32082d401df7a196b302a44cd0b9918b9b2098d5d78", + "message": "aafa792bff719a3b794b2f8198ebd1556889c8c61ee6a51470ac9b274cb162af44a26e2ba5ea7663c4c78b4b66b322ecaca8f2ebb6a610b51d7c4399f4a64a870c038797cac80f709ca5c3c9faff7d797963e60983b584130c1b99328aadb2d261217cb95a535b8518a78a6d2f6cb8400c2aaa2daf451391f7b8ab0277a3af88e1ce6f1d3dbc386cbaff15308f073d29838692e645f566d4b3db4186c259bc84606855ea88938cec4f7211bc9b461e39dfbb9e44cbc273e02d4314a037e0a26d60985ef5a35f069d8b51f86e9b6801ca067ab75565d73581ebbbbd98ecb5af47509c8729d82ea0b35f0a376ebe6d90108cd61fbd0cec966c17264f6a87864457f41162ff7210049e6ce2b5354f8f19161e0866d6bc3935815d9267c600dc529521fd092b126ec440d49b8e3a166587657b52ae9e2923644f72876ee94a61d2db0ef4dab33abec0c47a6a725d4cdabd06d4f6a30bd7c90db3778c17b7d8ce82a5123b798d8b47c7f3e968c9e9f82a6eb3c2bdd8fc06d282f5cbf3050f6ff71e2edf7a109f23ab47f427bd75163162c37722bf70a6bbebebe8fd9c39152afeb78c37d718014f739f20baad1597b1f9c4e0b59fd82b834d83daffc935de4a3272d7c2454508c07502943e90fdb56128d6e6009ed09ce80a9b60d51aa2e4e162f7f0c362f6886bbcabe29ef6c7f38b742000b9d152ff709082fafe809c5dc9bcbc6f300b0a7840d0d36f39567d14d8227e7145f7ca670efe917e0f18b0570da3e05dde56883ff12bc0c76c2a1e9feffbb728d991769b7d0b0d34853c76fc0655ae200501c28755f57934bb9f46a3c6ab1dd8e0161c698133f4f2d7caf3392576b4bd2b6f8735d80bcf60656e132442bb7fcfdae160a2dfe3f3fb8209b5c933201785a7e8206096b84a222a68e62501846273f6a9145820f87f450d12c64ff79a843e897c8394ad54aaf4f3b886fb00a6c37b2efd0f6d4dd639c9989e7ca30e4f12eef440946b61d7a28904e1d74009b6d1aedf2fda8b5991cb37795a8ee51bbdaaea34a4c7040944761b9b4b4c12f455c536992a0852f7f07a9aeda8e522591cb4831b0c79fa977ab6bc49c9730186855986035d2c6e5a6d93da43e8825753721978aaeb433ce2f2a7d67c1ffebfea6f6059474d3022817a7329d9dd0e4a292302e4a57174b9c5346e4b6d75d65882ca7339a48c6e7af776a8515014a20e4390f6b4f4a19990fa725f5a69b9c3bd4e8bbaeae49979ac19600a3cec6de154985e236c3d0684269974bfc82301ac7196675f618182d7cf15ee5ce3b7abee0deea5c72f54cafef203d556b31327089a0c0de94f74458cfecb481adfe3cbb5da422bd3626b00c4572b4c2bd7584acd9129a76c616aae51f944becc4682aacafb8e3bb1a42a6a8e5fe7bdeb43305a34a98308ef2d49ede4f41361446a9ae4dfc1ee13d12821be0b01e55b865b563633e5a19dfb6425cb60159c147b18a6419f5085c5d0882656ed533eedf97674d0babb6cf32f696dec0f9921cb3dc9e6021fa198d554b1d83c42a0bf214fe4c0431547384f45aed9190cbcf98ed8278e8a03d551fa284c8a26218f0b0b58d99879db98449cc99b6b399dddad9924e6a7eb20a0f1fdad2f8138bdc7b445bc01503c509066b1603cda76fe41727ab5e027dcb15032e8f66bfa84544d22c501aa6f62b02c0f8764387163ccadbf1ed7238e7f16c80e6c37afec2e10ffb95ab0a39784f9fccd8ae263758abe392727e9ad442a44738d77cb61a6b1540ade751130489015ae5917c927232eed27bbf88481f3ca0c5ed2c31dfa943b2ead4a8c80b4946e3c138a61baf43a72c7a25e16874cbae254d3f14c154f7c60ccf665b566799a01e0f769b60f73c17c840e0018c6fbc10eeda3e35a77586b3a5936b363b2d5cb25c78a3e3aabbb84f1e64df47f97ae1645650fe1751a724ea9bf80744d0f33da6f313a3cc17d8f261585b62a75c167126d899219a26210dc55ab6db2b94e6993849b4986f988efb07478d6621cbf4b8ed772e61b0246a5582242fa20339b2d6cb89ba1b9210a318eb4697fd21efcfd230de9680514a442a13b29d8cb2627a6970bb97bf09c79c6ed7a27247662b25f39c8d675b0747f1a6d9ebbf7cfa7bc51a7ea3a7307ea4fa2a463bf53a645fe701fbf26628731cbc18636567ae633a49e59f6f049447803fa3d4f1f79f38026de9b07d8610c9f01befb7054aa46e523e001c1ec3a4e7084de0cce596dc63d9c1f1dc03f35f9b1918e62acb2640102e1d520e900969d53e83d2dbddc80d1dc54bee99531faa5a8d2dbf8346c7ed123587353dd63823453de350545c176446845bb3522a862f5d675419da901cf7d2d1f7050abfa3237d42753203be251b0364379232d2d9d8642d52a60f6f4cb09ef29fa1e6069f97a1175f8447fe98a813cc182e33ffd8b8cad93bf32a60f1a9e63a79a7f7fb9162783b89bb57f3e73155ced1d0084d5ba967f76c89c61c1a3e944f3b6f78d6cd3d1139a315c5276493481f3fff9b6a6b40c920eeed9efc74108c6bba5a15da736680a23db5672c5a32abda24b49f2011f44fa8ff9c73609ec195025f0456d753c848dc6296920fc32dde2174d37bfbcb86cf618aa0d486ee46c5e1ea14a3bae4952af5d4837f9b8122a19d1e59b909aceba6c849c8b452cd6cef877a65fd83e6d0c6ee35886688f1d877612cb8e671d83216a1f76693d6a4d6a2ec13eb6ca2005328b3c91f51b352a707ef8180f320d6e1685c1ef4d87e3cb77fa549bc12727e59c11bdf8a9631cc272998253028cecee8a2914182b90f586d80e7ece370979bde683f37123090012ab9243a4c145d6349c2791dc44e54956c5e9b59fad017d3ea27d85b48a896671a0ac14a73b5ab9145d8ba6aebf9ea25ac2e8e2c4d16c5009a83d0e84ceb80e95df2cec4cbefc7f5b90a84d408e8c4855f9aa2987d9fc9d8a451f32b367bb1de5271ed35ea153b5d400a6d8050ee82f519bd930245a96c9727fd24d8b94dc53d4b4f00d03172cd6b7f2be163b6d16fd6247b01988a6ee6ce7bfeaff78e983b8ddfba4242730e52b57876e3719d1f9f6cbcc81620f848d23c31e3fff7ebf2afe5011e6466b1889e7ef6281faf8b18a012ceb96796fca9b28e78335dfcb85bbeafaebb0fa75ee2d0d391ca97e05f0fe43475135b13613206a0d88438f17ec8e604b007afdcb9fa1378b7cb96675e0b19dc6fb02508e05a7fdaaf09297a3884aa051b6389a52f921f8ff31970fb082df554226c2613b80cc1adff770024d6bf011c0f028a012597ae56f36eb6b3e864d79639810b8ba7258b18192b5caa80dea4b140d3c6f1d707acd2256d676ae90980ba80e10b44109211aba830ee96e1bbd248315c804d391a86ab7d4b3a4a37fed90d9867da4b93fc32e79403e5d78ae99af1cd2acce65d4f3384d9ceab71b1e93b99704c64caf17b999234361e378b9362d14be3fd9e6c268013cb1fa2ea8361749d635c0429f796eb15a685e31dfe7a76ae870eba120331ac830f8c486f6c0c4f07b658ebb9274a463e0eea101481dd6b58835a303ace802ae79ebef51add98a67b7ff7968815acf4504b9d360f7c0120a00aba1fc558e6cbd8324ec35e0985294563a8d7eccccd9e3d1557a09885770836eccc7aee0f18b81e30f85d695440b5bce29945cbf60ff402b281942d38ea33a4b03e9fcbbbefaac2c455e8a03ff3f35154132c538ea16f0605efb788c3ca8435f6d595f776433585094abc75ba581ec59af701f66dd6091623e4676d167", + "sha3_256_hash_of_signature": "26792e7fbf66290abfba0dc42a50c1c3e8b94cc2c38bd082ce642c2d493c3a51" + }, + { + "key_generation_seed": "18aa77795aa6d7ade8b6cdced81a1959a8329677f042283dc8ca71e13eb3adee", + "sha3_256_hash_of_public_key": "07ee9631865187143aad9c5ff4fbe92285c5154f9b56bb04c23bebeeab93b616", + "sha3_256_hash_of_secret_key": "fc63a8fa1934a85346fe3544a777c784601b80c5e42fb00b2e773da5ae1100c1", + "message": "63ec08b711ddf5c66036a13f574bb7be76445a1d1f83c7732b9f4c25fb9e799d4afa55817bcb39b974af92f3730767ce7d863b6a3406450dcbc5e0145d10b7d532da6e80196157c38d1b6d3c173f74d67ad8df24ecad4d9b59921418863a38270b982c4392225edd1845aed2199e2c38b36c7e0e5d2f3cc7f6803926d977c59ecdac67ca290658e72bad633358fcdde2a4b9c40169a0c7cccfdd93e4da3c3838e9308533bd468a9128c5a141c4842840e45bc8e4610a7c5e7535834c5ec73312a50197c76ae984b3521883f549be04e27d97580e6d85d0ee84cd0b8c65bfb1aa005c607de82da70021f8f90b7912c67dc5657e1882cfa6da3de1ba4ed823789c052649debc9085c74528162243133a6ae5c1c6bca3f730525b167d816485e40c208affa8706e3d74631eb4413032730a7647548b77579323eb03d36c2ec37d2389d4a17305f607c78f3073a2f4b4395bbc94af163acbe3c990306ba3f89af9affe785c3f6d102fb2bd55f0c1044034d6a871293b31a1b38e383cb926baf3ab4b5f79a47e9fa7b77bcd58aa35a7f16ddd11ff642069a8a327dfa800049babaab4afbeec9fa98adb9796fbee925bb70ee9e96540436e1473e3ae4c56d7099d8dbdde755a7e101bcceb596b9415f52374c8a3a73ec66b229dfd8cd7ee7d2cf1c5e7f490c7d9381d9321b15f84f640017851eced1dc80d32da3a0a57adc3ef37e021031866e278c7d51ff5ca8e9ecea1082423b41d772c5adc61a8c71c3d4caaaa3433928d7931ee715875bde2bfacaa0a7f799b45241c21bd2ece4a5944fb6890bf24908de58dd3c76173373254a36b0b2ac7d67926948cc0136dd9a5079d776c297fb6a585c290d5dae1c45e91153299eedb731e527f0f62e83c1e93c75fc74f9c7e63311562b0a55459a0d41e034c3af637eb29bc789e5920daadf265f42f2707dd1ad490b5f8a8d24a9968bff11a0c364a779ec385a9a33edb9cfc7dbc672ba60ce5f421b40634270b982d619f8e7960d32e1b8a76cecd13a3b0214dd34214cb5bb7fd530058d5de1fb9e4e88adca05926ce1f5597100f55dcbf64d47fc177ff87c4bd9f6ed7670fa7b7d339edcce6fc1eae069e0c303138689ddfd23396c145b79afcf68125989c8477bfc318cdbd69d1aa6d3ee41f4b1f9be4be9fa58a072412078cb9196556ee56fb7b2a2761dd04120fcd9ae9736f599c8b96bf8f964b305530a6df1f94874f36f07962f87acc0b285eda64d2e4857e26bed40e9a5dc0327f1d91259292c608d6c6d59804dc23a34d1f9f1b69331d68771e41542fc5d669cbc3cd7f8310f87e8fe8f6201e57b475de2318ea6ef9f7d32a728a44334cc9df28df77038c37cba62ea8cc5ee80e571879ad111f35b6a154fdf8d40fc93360d547d02f0743a37ebc4af178c6ce36c92ce6b80b6350202d2978621684a19afe1474155bb962014587b1f5a477092f42bc446d7811c0eb439a6829e538077abbbf03f515f1e6ac018efb05af79069c2569d2cd7140c4b1b47886064dac695d59fde2d8fddb35318d33edad94ad4fd988095b1156fd59551f0658ee666186369bfa84e30672e4659bfbf7963c377f0039e08de2c2d9803fc12d97b5e67ce9536af12daeb3b9903d8d95f336ff53286284bfe8d7ad13ec21c2a9ba93c9a97bd7f6148de7c8cb41ca75a9ecc8f9cc68d888faf6b3e75376b5b16f41e7e6b76a686eb365365e2074fb1d7efb1b285a2357b020fd3e47b89943fbc1596f3fa8289ad844386a691f33daed4b7a6a6729526160f2d32ba7f68ae6678564fca05bd811f208a8fa62f6731f23d46027008246fd4bf3c454a39ee225245e74da5910e7937b36661548a55a2270a9d27114ddc94dd9b9d4122289df0a5700222a977f15fd8e36afa1c4870bd3ce9b658e2d83882aac5f3db814346240ff8c8fba3f36e52ac9b441c76b6f104a0931bc45e202addcaccfb93a486a7734a6d82b9f6ca911448f988626846d413d987c5ac860fcc0d5f734269aef88d41a055794dce832babb7e306f622e5eaefdbe1cf195e320a1aceb4834b3e70061ec2d624c12eb35b16e5aae73053a3290d4bb1f51ffdf48c1a7218d365db7fec15bf0f710954cdec54917600014bde3a901dab1dec0844d7ff148eded9788cc85c0cff26e5895d91c56ba6950c0ba8fc6c773ab4a6091a5de3ac335ddc2110eb0144fd89b3d815ef4a26f718c1acb5723af1da5515442a03cfb9d90623fb21d78daf441000e285e9e7c235c0f31e258e6b3feac048db652b83e07848d2e9357649372b1a55975b2ec7fcfed19d0b6613bfdbb4b5b01a9aa3128ae137bdc1d8ffc3a38b597578042cf183ba8383c289c3d92f6b70aa9b3364e9fc5d43f3cd3f310d229912e91d5806c2a11e0bdd208a2af438be77b43680e2de67918fd414338a763910e1316965bf96bbf7df639266d075e90ee9c073011f6783750764fbe4906ecdd94ee9fb7e4aedb23ee88ebfb018c44fc8bafc66e6b454a3d0e332c7a6b34c2e8d1d26416ff43d768cc36ca9d3168355f1a281a6b2eaaeac7b64aabbad2156a1d781a78a896248c56f3491a5dda8c22c231aa7ae14bd558f66e6280fa65f20b246d815bff1d3c6cee6df9b4aa7f750307a7bf73850e6bcd22ca0ad74b4afc13cd4aa2fb7e7b588adb3a46a23ec88a34f13214b261a283ae8fbce8007c6ef6be255c33218aebecd3ec27edafd252994b70bd67407620d26e8567f4c7f6d636803b6a27eacc3b853706a8d57adbf7f7e142ff149c35119a6172d5884ede7c71e6c34d1b485a684dd56c9d670576b75cacb870a68ea7ff2bb461d9e2fdbf500b2f200110265a3cf24370a3f480da66f98fb5327b4cd796eaf0e559a5519f3c643b59e3b89d05d2a9f9da6732cdc2996408b7fab5a734310fcd73fa3fa5cacaf31ab04ec0b9734407c6dc575350212239ac9092da5812137bfc40f7735bfdf9827f768fc0363fc8c5739c7df828075ea2bbe6321d5a8ea2eb7e397c3d58a953c7f0baa69a96ac8110b125ee2e9701f43eeb87fdf58a6e6266be1136437599e26e8e6e853dbb6ed9df3931c5f402fd09b7e203ab36eaa6eeae72e908bd2b9cfd379bc9b407f0c882807bbd2e91f920eb24137002a48f1aaa0cbdf89fde5c51079f1d8cf7a014207f1b40773321ad952d77ce18ec7b48f2ca054e65420c1132ab67c832ee22ffd8672803cce3de7e9fd0690e55fa1af5f11611e3e2c71ced55e3e347f4cbeb9c93bec2b98e48495585392471af0ae589257ed8d01792112c798bca5107030f207ce567594b8433490d8ff1811f21b03a42ad0678927183321355e3d6908dc1125cdce038cd0469d72458b6cc5e67eb0d78c20819c6f3c4518b15cc63754ff8679915e329dd46feaefda5249ed7e754e7bd55c75cb764b6cc36bc06267b2479cafbb3f0bae32a93558190b65c85dcdc080cd56d51d4105c5b0717691d4db1893ef8ad550f55855b4123a38d18fd67b588a3a4c2a6604e874d721359352b235c17ab1da2758712af8179ff433211b93078735f909f985f557d0de52cb9203ddc67bf9dc8632acd8d4f90196af6bd2e79834371c5e9fdf5992adb04aea186af36f56271f763acffbf94df4b0512ca6b7ca8ff486504e565bda367e044fcd0f25fbc2a6c720867f95bfd92109780d2e6dd60ce90a4ca8eeb8c4cab289dcf99e687b017b37695c3b99b4fe97d7e5d52bb9813c04d03c9ad71770fe0986c7f3a3ffd3a261ac771de88c7acdef253e5ce2b50bc5c576d132b68ccc694ba883770b80f5ed7d527cee816527f69ca2c101747a0088879c3663037db5b", + "sha3_256_hash_of_signature": "d61d06545284b506e0ad8997c568bf447207f5835967c202a0a5254b11071761" + }, + { + "key_generation_seed": "4b2d6ec32be9c5d8fa11f3fc0008f4f26b945064d98362ad912f452692ac383d", + "sha3_256_hash_of_public_key": "45da7253b4a93dbab819813a56625d63864674354fbafb795c44391855d0bb93", + "sha3_256_hash_of_secret_key": "781ca8e5e978d97d6d090edd641b7071a86b65c3db4f081f519175e69e490388", + "message": "7785a08a3892c97d5ebfe52475298ba444674086d63e17e1faec96f6b10723447fc1b8cc758d1724a33e26518798183a4b3c99a7da54038b86473dfab8e626eb3bf54de5581e04450b2821f5020c466505990b173db9f030cfcfa505aa04b37cf0a063876843a042f17aeb1728787187428f8d1010d532c94c7ab2e1193994bff0cb56415fcd2a96be7f7fc2c57c8313e795367a22b6a17ce3b803083a74fdbcf030d91c957128099d6199686f2bea618cee111aa9d55a6f9e8966c102d849ade596a1b576924de0e92dd91fbb01cd93e24aa71eef219a78430d84965672fe6af091d46dcfa9ab906f6240913c1286ee0a152666ecfe2c154cd3fb14dc0f9c173e30fc9958a75aa6dd74822af7acad243fdfb743e47e48280990c2870904ef1c902261d0bd6bcfda91412bdee9a28c628f218e7648aa0027d918b48ef30a9b18390331805c6739bf6a2cb69a0de8766a7b3a448910d181f6449565a363430ba1c0fa8b11e1a151f6cefa3870c3b1d8cd800983ebd41b48c5624269efb440df23ff9bcb31a4b02f6505dc862b2103f76137fc6560f893577bc3fce92ada27f291305f2345ac82a846854f172131b042735d4b76c6ab2dcfd32bb6258b23ac790af2af7624451172fa7a29e0c5fdb3dc3b719b274b2838ff7a8b25f272ac8ea90fa3c8010ac7f65633eb43ff7a0a95ce99717f35d3c416b0e0da30470b5aa20eb9e2b66315b9407a4753df8bf505b8066c5d57ec4ccdd2236b9c58bd7337925191ed7b75b92c9cee626f13eaddecb07173c8160540fb9f6a4d43a1e9ab263b300c08966c247514647dfab3b420202529e963a51f8d23bd0f689bbc4d67d5a603b876e8cd3ec0770f0d9694dfc30083991cf3989db1812b4ac5452358075534190f012f7c0e47734c3ba748e04910783c0b845484461dcea67a1ec731354b902557486b484f67183fc711d10f906c68cd01f46481d040f084271dd784e5b958ae05b65bf5d207efbb5fdeb25366d6ff4161ca3a1cb71b2b9f90f86a315d800935ac0086d85d907a036c4333ea347000a0755550b68fe3dd7686e416483781b563680146697d6fae8333c24adc8a2436852ddadf6061e2b16fd3829c0b55c2e9c2c89f64cb8da02a6706498cf0330742083e9ac4593a1762d32dc4e6cc2d9f4310014fb15debbea324ebc2ea1e1660782559b9b39fbcf34c85fda9ad350d195ad7587aab621ef7ffb63277ce35ab43b01977c9f8dd6c2ae7b34fa7b35d5fa37d8b3719e736f18734cb3a2468be9ca0832dde0b958925a377fe6751c4eb8ff1ad295355302f0a5ed4e8f8c33fd5162542b8ed7cd985dbe3c84401830f6a7eb9d955ec74c7f98b02388b4e1353317cdb5eadaac9025038cc01f8655c7fb9aee940fc4b282748b39d277a7fef462038833a9a8eb50a8719f68b3e858825911f294a80faede9d4c1815844c2632dd20387950003dab80b1a58e541a5e6658af7d4cdd91fd1c08735b584f5c69c5ca94f6b7f97a4761b127db394ac72e902db9eb4b3e0b884c448ff2763ff9add530753263688cf92bb746181c17294bffc2a0b3969a7bba429a481c425b24745cead66286f5df04f1e4421c56acaa668e87ba58e3b07a062d1da60cc6b411667bde6f466b72c9169965bc7781da78a818f779a9b3d7a577f71a1df49aac865a0d6f2668cfd2c77cfa8d306a14dbbde4d3a3818b07dc89d5f51e117f7bfd007d60f32bb1b6bb01e76862398371fb91e0a3d4b39fd9146c47f627a066618cf83c32e5c82592b418bd2f5dcd8d42234625974f988a6f729c60ba5eaf18c77b611dfb187a581e3a10268a965f650fe242ce2fe08aa71515b59a6edfc9cbdae22df3aeb22e773cc2eb373619e9cda23c236ca3f7845c2136e93849d9f6aa1477f4513358cd8cb4e21444c9e5709818801eadfca23f2c23ddfd5b4ebb6089daedd14a21ebf3f7a8c1c80bbf7d37973bd156ac5c4462d29dccb7eeffa22a8b6ce433b600532f33999adc39196f01230614767285089fb262d8469dc66d24ae0b77fd05c3ec02fbc5ee328319409b8e2d7b0ac6801c1c8ba86f793c2037c71e2a25f114e9ee0edb3b83076eabfdafedefa0548dae91e62cb7c29c03413235b8c6eb9f46be29de8f5d30e8d97db6f45687dc4719b1024e48b7dffd0d2b474b2032b4e69b6382e603d4777f3450e2e467c6d9ab2782c0ae266c320d36bf67bd6b86ea9721b22741684d9c0ccc774335430071a5410c1e34b4bc1a823a93a38f5ab4781cc593b13a593867fb634c0c705107cd278c6ccee6d842748bfbd2ffd205c6bdfb3ac87f693c25c832c86d96b00bba0af88dcfbc8ca4328765de27fbf1389c4ede28317bd0ee447f030990e957d223a5ec66ced9d16400af6da8663c4e4111b4584f8f0066cdf8258d90c5d7b439503e3ab3fcc55fdf933e06d704416187aaf86e6c39695dea8b8189ec1299670be03b6a636889cb7f10f04ccd67278e77886cf3f6e2a05ba8d25ab8664ea817642acf5db4d9b3ef80e169463edb6bfdf67172e88d233609b091bbd085b970db8ae0daa5048ca42d6a54042f42445bab03f9bf1accef341b7349109ba0073d3715a9073ad9bed258268aee9dd5202e0edfa5720a317ea5cb41706c0d235465becdc8e3ff0d628ee5eea6aaf1bbd3e18fe9217516893df115e979c4cffec494988b6f9b86026610898c44ab1547c5f8ed5cbf3c3a837ddb6a444bd3e803e1824e6ab931310fe86b36587f1b34b0b48d358f4b97e9774213de7d92571380be2199e703119c5b9836dadfc826b71d588250ac37de0ec05c5823573c102bce44c9f044507671c4e1723950a3c0e14968cbabbfeeb049eb723db9b23cdf0273525c29cc5165530a1f1cf830d3551dd6bded53954947d5c334dc9c71907cdbfa109ebc52d6305477c14159257af8c51c6f09d76fc0085c3d969ec60fb09145e66a8a7489611db3fdefc35202b8aae82d3cdf666034beff49fe49a45c5ec438f4118f338545532ced916de78e3bf82b4e55907474386b9c172f393efe895334f7323cbb2aa7ce7718bef5e7a23af734bd4963fbc7889aa5c50f3955b904b5e577d71b21a293d766865e3f8c212de5ea084a9d22748a8009a7d1858328a1bdf7ba0f4e3b83be9707629252b3339cef796696855a574b4a4896ca68c3d6a6824e3f593069ec0a571e61282f8a29beb8bd788f7b351a8939cdad9e257587a77804f2704f49db3305514b85b449aee56ee40cb2a75d51690194284aacd0855b02893f8dcd3091629dc548705a1085e5cc33de7726a0f521c149003df380abdae96bcda55c44bf9bfa1103150f049563e848a8750625dcfdd9bfe02e1e57489b5b3aa28beaa80f4daa562deabb4bb6a27125369415885020d237a92ccc3a23593fe2183225bfa2ff39b0bef9cb0425375e256bcd572175483f713bd38f937f2b3d4c1f686c5af60061e0b05cc3ebaab0ae8ba21e47a8318bee4a01516046363d152936a1344e17a65e08030522ec667233145a56001b8d065dc2fed0d2a9f02c981a8962f984916314805dab644a5112caa1564895121d8b1fd046f547be282cf979752883ec79af70cf59a88d960f3336f0ae61357877aaaa34699a876144b65ca5b77a684d850d09b3d42cdbfc4539ea103f8377cfe5f9e5432403fab416662c4c83226191eeb7f82b01e0819c081fc40e7b978669c7856067e8b582832dd0b92588103c2616ba2c7774c46840318ca2b1a3798ff7ed9fec087f01798ea2445b92e67e2446126a7406e82ff8d3711311be16e9171531a95c966e6befea34938e6f5fa660f7c7cb533a119377f1d26ae6ae51d805ab96a64c8b80d6ee137f634b384c2e377", + "sha3_256_hash_of_signature": "75a48f3242c4d2ea90c220d04c690b56484ce70d177a1e7048666563fa512767" + }, + { + "key_generation_seed": "196b8144dfbfb47ec01e96a6b8443211d6c9c4aa7853a8131b5218349bd6d953", + "sha3_256_hash_of_public_key": "2d3e1089c839ccba4ffb561b70cda0dd8a3efed10da48d4f1d46b32a8cb32ce7", + "sha3_256_hash_of_secret_key": "a7be80f20db6eead4ead02a725f35e43c9783fd8782c8a42521b21038dd7af51", + "message": "ae3dde9e33719040345df8ea7e4c0b5e2cbc5cb80b34fddb959e2da1d67d74d2fbe5aab07c6357a9f3e5f6ef5379b4c75008e9077a1eb025f9023fe32fcd9076c8d2b291d0becf2dc624f9e752b1eea2cf0755fc9d4b2e4320dfd042c68577d58e61dad075bc1c3931aba78b473c0726ed495150d6a11a81dbbd1c840f5f1faacd54e3470e0d994deaca7e6e324a9fb4e581ab447a4ea026da3dc3c7e6ad55e88cb841e069eca63404cace0e3d4c8b9cec33bff6aa6341aa1eb69ad799c6cce358ca94555287d01b0192b1b49eb6f705e54fbc86465c4ba70134afc9a53c1c3a732e21b010002b49b7cc6f5237b794bc1d1f1e30a7f1eb95d195d5f26b46a704f77f80b092117ede1c340622ff32302dca7e7e43c2a4d8852cb508403b1aa8aca27a86936350264811550dfef05d72542c74d6243ab9d259202295a63f54c836cbf610e40eb85e9704041a51bf68578b10f7985c752dc35788e7b7754358082afec9e4b271d36974eb90a46f7d703b0cce941c3cd072a88f931a4ffd098634be0921d089e46637f88f9625b7df900a276b4bb75fc75921c8a8b6668df9946290e11fce4565a76d39d8fa55f324253ffbbf81536581621dee664a9e9e4f4fcd3a9765706b8ea833125a825b1cb30314b7c6c78b301638ead4311932fd4611d78572180ee441648f8bfab869874611c153feeff88a45f7a98206d0b2d97cb7ec2144f045225af5a9925ae7fd3db017e37259b7a2ff6c66820ddaac5651b2ec2e5767ddbbe18256b1d0d0f96cf5ee04266b8adb29b0ac5d55b73e1eca8fe724ee174b76ea1c0a54896e2bb565075f1669d3cca171657b66f343a634f4250287f853b52182b9be50df29021673db1841aca45e7263dce653f0dd84338e49ff5c6e3bb42f1a3c7164704a2a000149114d36bb9231606eda06c712a904c1e323c4aa3eee0bce6062a9cb956e004407014adb58eeabf486b38570955c30f2b5c28179f86cd5ffd603cd441a1fb06519368886bff9c2c127abd079346d762e51c311f196d5f825b45eddd4a48c7c2123e10a3d369d772750987edb96968c59441fb2f47f8e33fa4ced3006766c06bb6b339ed94b8fe57b20d96f1a27a61966289d8ff5072fd11d7ee53defe0014a11667d0a6c988bd16629fb53f269130b22a13aaba2e9f70dcc93d3bf6e611efb006ba585fb8e8720357e25df69c6df388fac792f87cce801fa49a8cbead1698c11b82c4f85fdb4d52a2a808483dca7334295bb3b2658aac18857878730831622124f5a254a464de459f3528c5194220e5bb1779c8f5e3866b0d60931a1a47502d99e2b186785658def57aba676626f9ccaaaf449609b07af7b57c78fa5bd06b2ad2927ab491ee461a94ac37a079d9bfa02203b09f7ef180c1c1c430518ff2d3f2a3582eaeb6668060a2b544e973e8a2b88733a902a0a80f8e4f30ac5d0223c1076482eb2ca5ae67039597514a4866061d5fbdd99694a060d0d0ee43a1b7290ffd7d796a9f1a2142db6e0f154aba8720396b6de939e668447c81cc828ff9d2a014fe001ca718c1d6acf4c08bc7796d344a29fd8913e4ce71e986c46bb66c2610fa797c9e1639df423c338d7192638f621d83a6802e72e38bee3aab064fb606962329997fe908597e7407cef098d4591e5e6011caca701994e4acf572f7c91057d3da06058a7dffd3248ee3333208bff27473e6f1ea3914c5b2056aecd7aee07f8dd26b3c2b8b9656ea4260d38e8d5f23c925a4476754240d0702c5859aec2329e1cc3e426bd7665b2a4ee2e75b41b561fce79690f64d1068dd35a294a8e8cb43a6aaa901109f0e09d985b6e323c30a017e75bf01d0aaa739102c1a6667ed48e60dd4499eab862851558dfd17229878f5bef0cc29fd19f59835579f3cdd4f85684e0d46d9618a205de3b29b0bfa5fbb36745b989211e2ba711527d32cbb5e35830df4549fea652377ebbac6d52787f9ebc3cb687ebb641bf51d3e22e98fca48f99584fb1f3bed3f97f33ebf656c5795055268f49985cea00819a07b8f4b0ecd7beda95eaf11e3498fa7aa414c54c38a08a841b012ae91763be911daef803e2ca385c9d4cdc642a0b343db6534c10d9e1755b7b2de543afe1d3c90981a7bd907e9cb14367243d9fdcaa8776aee5f65ed6dc02f633bcf9f57dae39e8e8261dc10029df7b7124beb67dd753b36892481ea7cc54ddc3a60ef8d4dcec4d5796dde0e7453bbf0fd93fcace97ce5048d75ed1f34b69a392e1734e262b2b2a1e246331a373b5cf1fee7bb46096c76349b0f19be63fe539dcd33a8450be894c2dc21beff0de6a841a533f4c9949289037d161bb97dce31cdff4c1e0ae36b4192594dec3b021e8f3d5b500c244cb122974f8cadf125de0cf832a920dec3a6f7150585d0209651b0faae0f74a36fc8779115b96136805ddd4f6f3a69c06af472f369f481359ff834a0fd2f9ae899ea36b9b061b63d07c1d4ed7a373acc40ead808564b05fb0c6e656a80fa3865aabe483848d14d1dfd66d7ab1f353642ee3417869da21622f6af551659d07e6c827c18ea36e2c5e806a9571a7b05bbc1ba283a8984bfabc555aacaeab2453573f782a4087f0f903af34596e83282a2e54773ac33543bd353a3f855bc46810930c3635a9b70ba7ffbeea95a129ccf9e9538eb11e119a072f806130d831af7e57d332ac889d7d9e6bbd1c65d64e089722f6954f126e64ea939d98084d434ee74b55c549bed21d11264f8b5e023277db52b03d7b8a8e75b12b11d62052e474e435707272d72d00d92288ceddcd1abf8e63a8a9963a48b54f492487b309f69cd90c9ff54b9c5a55cd2bad4a2e0a6b00b188fd6c527a8184bb63670bf626a995815810cc0f280131f5f652ec20609c7d3b910e4168fe273626bf0e2cbf05bc9ccd178ad91bc25cdf178b387dff0b6b40a46fdb6c975349b6cd8ad103cdc5dab8d09d9a5b55622e74564c1e789c5c185cac04fa0ed6065b9ccadb1d5dc80e90ab244ce1aac516b346adaebaf7a030d66fb90fd070ed062a41e0b70bee3b07f1c03887de5f79d70f9955b25b8c8201602784ef8a60147260d1bde8e152e8d3f992cb8255adace9d5dd2e9c856c47537742094190aa867459d20989db11841ae44824979c0a2093d7edcaa13c9de25e6eecbc5124055f17466467e123e39034502ba966cea873997ee25e52de2dbba874dc9ac222b49967b7bedb5c81be09827cab782f458795b2903d72ab16f4423964f82dc69c138eefa3273bc10376939e544964150d9df09e14be08cfca06c10bb2c315b1b676c40762f8209c0ef13cfe5fad76cfc17fe462d8330f78bab072c5465f7a26d047fec4bd3b918c9c761b91b02d820ed7ef345e79a66fba61ae13d3050a27488cbdbe693b800f1e76c188ebd8118c9432eb9e7124d35a1a038d237918f1db83304d10ab5dedf58c6951a92aab1a1a40e180254e730eb43b566a83cc71fb6b9749bfcd3a90b964966cae90fad7406a8a89b1e48c885bfe2db41c1996f20dc9a8dfcba1a6f2f307ef8fba5eeae9631c2d6328d90f17679dd9e8e9660d6bd4c8a1d79c47a5fd46bd2accaca2d5c6407b0f7f31d093ceef0342c67dde3f1ba5067ed1500dc45161b8636255924bf007c4c870990c5dce098c5a26386ad84d0f0ce4860349a147a4e7ab80151fa63882590b91c6ad3e70a68e6fec1a2cf65881a6dc38048fc14de71c702c934c5d3c4cf4c474f906c3400364bc400a7da087f94f1accb68439a9a6ffa8c6439b2cc5c0b17a7d649033798429f211d9de12b24d117583e1c425c2c0348c625cc44e9b976d319e72d4e09d5d6f36ee243f5fbcb190e84de56eb680dec8566f5a2c7d5f595116c628ca09401d561bd78356c634419225fb01cb637c46a627f6026d39ec1c62e9a3e85fae", + "sha3_256_hash_of_signature": "56b3a5129cbfc929df23b2cd7a44ae4a2b83b5ab2e423ac066f3033e94c394fa" + }, + { + "key_generation_seed": "c171793029d0cbaf8d2661a823243ad50d67f2619533180f25b50c94b1310389", + "sha3_256_hash_of_public_key": "e31da22c2476cac5cb4ca42449b9332b9c525a3c6840387c1dae4d3ce738dc14", + "sha3_256_hash_of_secret_key": "5cd50df46eef03a102a48594f2e1bee51346d4b9e786e3d196433a7787fae77d", + "message": "a7e941d3c14e2ddb4f971c9955868aca753a73e8ec6845ed6e9d3b444c826480f03ac771f92e94380bca7e50303fb79cba608e351a1a67bf217b9816e2af9f89be8a79f661470ca16bfb2c99efde97859ad1d217848289eaf543005f5c231599ff74299ec2a7c737ff94b7465de11f80e17d4fda264de568d8767ce822b3ab9642d95bc89533ce05fb331b86e3c5a296e4ea4c637ea458bced1f89355c0270d083d4920e72112ca1ed486191748b4f730ed52f9803d05a0f2f065be03b2603d6cdb154dd7765847d656b919b08969e41b23f9d376135bd5d924529410392aceb004849550e6cf2903181c9a395fd469b7de2c5060ed22922aa4d7c782a33330714a0af206b29b4fcbe0f12c18948f6634ffd7f2710138020e273cb0dfa735bdcde9bd6cec898c5e564ec71aa7880d97cc711412f28603de293cd5e904e9156d4f6bfe2be15347b9ff7848eb51cd0785d6a649ea3514e02695c7e3c4f021a9992d67bea1d68e5b17db2e0dc061ccb5ababa49d110055467f9dee61aba8f3e5c713e94a8a96c3a8afb698887c1fa4abc5157ced33a834dbf0f5af9eecbb5f2ad7b63b4c2ca94a117c2b92f3d51900926e26b101fbe6207ab0884cbfcb15f9f98f95b0d08e29390977f4d3dc710eea3ae7433d5ea87a5f710f1fceab26d516fc19fd272f6b0f01ee167f06e6c33273481f280ca64fda0549c8db884fdd467b93998360766d4cac4c8de783752fb6c6d7b1e47df23ceeca572f2ad3e2b628e31984b9054448ed1d90658bc658a9caec0485512ce084a535e7c8196b8bbca5d26c105c41e083f8d56f1530a8c1b36a7f3e41fccbac7f342b2d026064b304444192d4873fc57978e44151896ea6c0f13d017f683b203ba1de677ed00f2b737c4c69e53ecf16ab918939e120e9fe14b2243eff0116b24c6654be09c582f1e62e75efd8593e62e45ac36f717815b854b47a4ddcfc91fc533fa85bcecb6e560cf11e46d2f334b396d68b275e7404a70f2a805a64cd458a8e5f114a89124ba1866f917749ff32e59ee71948bd97f2d4128beab8bb0b6b06d84c6d466bfa30fd8100e48d951d0b3e787ef9611a56ffd64d970dbacfb1b4df064b1cb5da9918f5c58a10f0903b64286b1c1ae5cbd00eb8b363bdd7a7aaf2111c0c6e86e15abf6c1e761fbf027425968cdc19522b44ff3f56335c59760fae6d9028e76b284330f7510f2b55b6f46adf90311cc785d35c2bb49272be514cfbbd7a2b7b2e8c0b6dc28cb683d3d581f547f83bbd3b8c7b76925e44e6da89d5eef17ab0bf4213ef9c05b7b473901d483c647f416b98478c7100919c28515b617a27321841baa174c1a2d3494395294cebd48eea14bc3106ca9c69d9f6485d6abf1c2b1111a8bc602454685ca61ab4ee4db9f413caf8f0f204f04d40cd36fa5dab629cb53876db3e16372e626b6bc892c63c6b6c503c9d22efe113927395206bdaa4b83d4fef4feb42fa7a71f7ce2197fe282a02d0fe50f96b1f917a67e50eb79cd3ffef064542f7beb51ab05b56afd7aea5f4164cc9ba37d8fdb35a3deacf0cfb555161e7e41eb798160798be9d01e3de0c4288e0bab19ae398e94353adbe9a43524ace35830b82fcfd4b1dc2800ca4c38a56b7cd28bc3e2f69a0ac4655cd79b5789a2b72eaf93b018d4d6f4c983d08932b22c85af6fb07df0a786d98820e1b06bc17f62d6e39739790a13049252f1b9102dc692ceb20c270ffe9b902ab7ec5a4eaaf47f7e2d31b2195f5f48ad18d099c33384141da14e151ba57f6b1bb97901457202cdb83b5c713bd8a13f6e3e276c7d6c130ae287ca8931d9eece06ab7cca124d6d02d497d55ea9151a95e8a4dccda72d3f51a7db3f2879918753683b01ba1b154da83e6d84ddc9492f2dd8c128a30c75174ed1a6b8d93d08645270bde247782e882418ea158b2a2153b2d8f75c09932f324ec199d26e9f3c4c4cecd807367e3981e137858b98bd1268d2c894541ec99bbbad19a6856ea16a1e56b7b193baf79ab89d4e76327405658c4ecb5a8626302b3a4618aeac7e11a1199c4bb08c60ad78fea4827b59cc883b2ca7038d7845106de9174b2b8c17267273d23418af560265000543ed9886884912b4160fbd372fcdf706ef642cf1829493884b6cfe946ecf6140106dcbe11b3746e33fbd4b5852b732230b9047004f4fafa0d4bd7043c7d6595accd1b2771aaa76fe05a0c80b7b221dbef79950fc69147816cad0e52c05e72ceccf55fb4dabd81ecdb476417dbfdaf3b555cc90573cbed9474266c89fc55ff0bcc55602a51a1b5f91e425a1a58dcd4abd09bbc63933fb4279b9e21298f9fe0cf1a93c4a19695240e8978d604047abc7239f5053ea650d781307c50dec4d5e2360adeb9aa02c0f6fec5784784a271169ce456e1c32bf984c3323656ccc588c97e0ece5a40fc7b4ddbdddb764edc512de63270f07891bd160f78b8ecd3a4d11ec4c68ea0a0fbd0f23af9ab261a110f431f926c4995b05462e0dabf29d9660abbc660c9a675628270cea7ec5ae9b6f298b17b2392263700b8ead9c845ad29ccf109a2ed66ed5baf9c935754aaa1b84be2b5339f9bf3cf5e80af16967863fa8dca64f5fe873da4a6d33e39a592749b721fec203c0cac527ca96de7a96ce9a540f5da1902c97f960a05ebf0c32934f9b81244c945a60fd3f176dd8c261690d8ec98d19607129a50edd51135ffbaebc04a0961acc5a32fd058ffdf2c6866bf90a3e177787e7061bd2011ec08ec118ef0451cad010b53c68d0bddc701d10920d697ea3439b1a0f96e6256b7712f59c746d1c74c20b17d461c3df635eec83e3b8e098034f119b9d9a79ada735158eac3f434e805444d5ea2ec85cc8ed8f5bccab7dbb6ecfc2e385781579af1263d9fd32bee32e01db94703b5c756b894def19783b12bce2a1a8d29d96f329cb0791d697be7e0f05dd5c9dada52e1b8c1e5f75a0fc90ed8c05bdff86644b1ee61989caaa271061d4222818c894ae9eca2da7326e5c24ca1eeebe3720d2127ba997b0c572ae30615f8bc4278057f4762d46a39b934ddb2a0903fe1568c1bcc6c37e1f7c145eb7cb20a6a4b3466a7aba58b48be94f7e14cd20c87b2768358d06e3f607fe5e9dd1aaa8477975660f1e379b9ea26cc00cea8cfd6420f2fdc7ee6393aa17cef88645b821f8f42fc7dd97b0e16c04631f86ecf1cb76a6502fd1c13917ceb26a83596b117d5336387ddbea56162e8a5bf2fa35e697245bc7210cec13bfa694ae884582924168bf8ee2f61a734e37876f363225e5ae19b7c65ca6afc31c8b37bccb308a9c27f3e9902de365e288e6cc46e329e78be914b85eb980c0bad932c164671ed395d5d8317c133e2e000a10e0d20d0f408019b33d9a87ed7725ea4c5abad67e0cafbff31dd236e59defab7ff2cb40f479b56b261a32656f016deca5302a336ca15d10e0afcd168a4b922b79c11cb21881220374492d64df21453b41346a85174a0a4a3c1e973845c856ca70d6d25bb854d0c6bd3c75cd73998c7f64e35a58dcf593c85c2440a6aba4e470f87e6f9b4abe127b30f8992d8aad0be38f008d9d937582eb3aafc68f516d5aaf2503acc96e59a151d2d4b072ab6b38c54928d6656441c709f1c1b770ce6efcece11f8b3602eab63e0c629bbd8a79a96be4cdb072780f3d287b091fc94ff2c0d347fe280bbac308644bdb15a3c653863edd945af0ae725507507b82c283dc9909ccacbcf357d7a19703401b6e4474b94a6cbae575b942501a281b8166fdc70e6b4b60c2f57a4d66fe1197d301d0e0c7bec12cedf9496bca2183d04632711a79c8374b6de35c2eecb0239391c2019c720894bc7a635df18fceeb9aae16b3ce92717e2c56903d20d0712ef80131b8c48635163e97efb1fabd1500d061c93ad935be9a65a45a92e4a4e885268e712efbe5337214701baad4c73e81e73bff19af131f0aba105baabe849f", + "sha3_256_hash_of_signature": "f3b8e9620200a1df8765fa8dbabe4fb4223c80aa98fbd07b1591a85f2806e535" + }, + { + "key_generation_seed": "615fa91f3d206b908649399f216950ec7b2420eb04aec6abfcb7b4528e8e33e6", + "sha3_256_hash_of_public_key": "acefa1dde4f8bf6474094aa890cbebd902d77bb9e764c8bd419c9336c5497a19", + "sha3_256_hash_of_secret_key": "d8d0ab77b3ca39f583fe2e63424c8d5968a46ee5ea3020e9f71c29365a451c72", + "message": "e43eebe157e43d9f54130c668a153907d65bb19856a1b7c2fd5e2c770fd6bacb13baef951eb758485c128ece4f3e9377a58a45eba1c3a9ca5c94b50714088700d6fda933ece3a6989ee77a824a9e99674748a90b7f227b589250c9e156a8e50b74a7f49de036fced86ca0d4c02e217eefcaef7234f651ce4380b86389d7331c7657ac283f58c781f904405acbb68661310ec6921c1fb7483e74116378086d4a0c9a52af9847bb3ce0fe97f5a7c2cf588db3b6fd725ca83391656cb38fcb6d79531e56f5d42fc0cc20d04ad7bbf57001bf2f8e6b335cc57ca2db23c247ef9b75bbba3159030975d65b9aa7c10e0fa4f615f77126d5271129d8839a3f8da30c79174373c4ba643e4c4f0cb26bd5b8b9f7ea56de459eda15037d8772478fd9f7f7e06f3b422df0b425dbf1e91d3893ce20f78cdf1910c5d4674efadf122f41d6c7d6290df59fa029bd82e792e758ad4388f9d352e9d2fbe3e58810c380d1cc5768865d24bdd92145dbd1ee0d4724c769ef5cee12db2ae2708b4c8c7865e70ca31386388d991d46c4dc4dafc5ce66cb24d455bee01488a7c764a308c7054572fca0cc74a01a2b1f191c54146fb1aaf55b834f998b50909f3d003271e6504985dc836b5c44655b938769639799f2575bcfa92f13d32b283a5bda11177ce1f66d6b30788415bef598773e87b4c8c41f0ce6633b6c945a3b4c46b74f30945efd99cf3709fdafaeb4bd4c6bf605f89c7a9b4eea1a6599f0a32ce3f2c58587ea8bb3fe6495d92f2feec52bea3de2047f5eea7ea1453c762201ff1291afa87923107f7ff586e00d07824ee021649abd2d6e9ef11a1d31726ea9277134341ec57d790949590a963d25d6fadfa9ca21e43acb7e5ed4cb6e8bb36377c2618997943cd100a927d395376871acb9619bde9b1ffd5e48e271952613875fa3acd3e1f2e872f1d672aae6e2a575a4fdc4fae2dc6a7196e7eba94ae5b49be41e7295433adf49a6d2d945f43699d444a726423cd9164b9e28b0aa4485b0c767a9398df5dc5f23d27889c14b1abe98880e7bd5df9ab3d1321d5493a0a8b91ea4827627a9b59308cb0104cd8da7d9def2d47b27074ba007401415e900df03f251c8aa425f0fa59d74c41ba7a9288c8e280141caaf6c6932ddc4184f81f5c33f0fda005bf3fb6a0a9169a709875ae475302d57ce96d3db332188202597ff29d1f9ebad2b0ffa27c14ce9cca58c923283ba10e9fa1689d6c2b8804225d706e09ff97ae9cedc27d256e8736daa54382040648f2f6bfbecd6c3a9bfaf5d1ed23ead00eab351f1e0bb4c719ae6a1f5d12e7f09ecea62a2f554b18397fe1400da1eb6694635d7c9c626e0fc82cf8df6aa4ca88b69f78cd065c53f929baa58507fd3e3d8124c4bf287d452af47af9f4d926dfdb529a8abb8bb57c5c7611a97053a0cb0b01c754cb479c6cd3a3e867bac33e45ea0bb6bf77e0b2ec2f136dac0e259fa309fb5f6d8e7005e1696ce203c5d054e5927a87a1b4e81e73f22fafe61d7d64cbfbe519d39e716bdcbb37657e71b9390ff04b3c01c6f6842684115cd7f5aac208eea48906890248e58d1615634cc1263cd3adc14b67f1a1a8ed2626e7237af5488f5d269973f11458e3e4fc2ee35a4bf49c2f5f2361939fa243fa8f33b54eeeba9b0453701e367a7bf4d698c62da64732652c68c20a956522826f8e29a764ba93dbc98fcc87e59a1423886694057e131333c5dcdff3be7a1f0d344a2debb90051721e0226178deed353a136f69481f83651be3281c562d6127914cd24c38ffb327786086b08ebe89d03a33bf7b5dccf90de9c4d907d308e08a616c5343c116a098786383009dc70787aafb4529cd27cf85f946b8b238ad2f00df109fc84cdb48bb52b73e1de066636176e8c6c76216105486c553511df1f0664ec1e04ee0b0bd74a08070207486b7f326c3ee73188ab5bb7f8f5643093916491d62f0db18675ba4ce90b2ab310bba4705b65a581fbc5e76842a99d4926ae5bf7b8eabce5fa30cb98c1bcf0e0708da970096234d47bfe23a4f9ade29be5a8b6bbb748ea1c13d00388ac90b65ee10be6a9ac422ebddaf5482422aece19e702f6d26ed954d4e489cc48b2e39a6f168e98e11c1dfcb4a843354f1afd447962e5090ccf51ddf6643ce0afafcf3e4363187e69c31ab796132eeb04f2d4976a576b9bc8d9b1d491b74613c1af32e3d2def408abebcc27e4a915c983e10b6090fb2de6ff9e60c96cf4f940b09aec048e7a174711798fd76db15dcae0e570be3ac147e2f8777a522555b0898bcd7b04abbf060fa72b04604c9a583fefd02b2af9fa035f97de4daa4ee777f9d6985149db6c2f0a33ee1a1436b38dfdff87f831e83399c6a884273e612433ee3958f37c99a748df151e3ea011f4df5f0050597685e0230da1b1c7095e1203ea7099ba5c43e58ab0eda60af65291c3cc9a07257d71ca6c9eab93cef41294853a67a5b11f9192c96a36c701f142dc36b046218bebad9904fb765550598f8e2f49f5f0ad2608117196751e7e4c5cc4c3ef425a921c1ee15f37a1f80df1e24163ca145edb0fc4d988b8c7167acf9cd94f919ac96e5469859fdaec54e1970007eb9699342a9aa044a8ee478a3ecf8b59b0109ea7640c218ecc1e8cbc5e2fb61a1748b7c038efdadc2d096bc29d95b1be770d097afd8b0fe02173a1b3d7110f80d6c849f1afd1b01a60894b16140f9b34d96071a753545159c4ffa4dbaa938bdec287c6b83751c5e699724ab355d1fa0e081db286ec83343877c520e856c4adc65322aeb39cd87b7d8e4ff9222e085ed84c58b7ff513ad77f8a9eff2760a03f69ae5dd14dd92dd3f2d3d98e97b1987086b3eef2f2e822c851b7add83903786c050f30c4a4f4ba9361e49acad503e2a07ea119752e12d4fa09dc83f7a48ee3dcc1f09475960b6839ca736e498a128f78e58279063d839aba88ac9e5bc24bc07bbd2de1cf2e1ccc5987e63f83780d0ecf07eae21c8c752529735b37c980eb320dc949468c69b17da8ad612825a84d0529eb97ff8c4cd225fdfd1563bb6c5360abdcb3339434a298ddcf5f36188f3ab501e505828e8d2fd6dda062ad415c56414fd7557170f0f57bc5a401fa648699f3c7f7fd8f1f058849b817fadddc24726df851d3644414f55cade30a5764914675d574ead4d4db8725866a6c51bf0eb23b12fba1e101a6f3bdb98a2884d0f2b8deb3f279e9c38ebd0209dd05c0fcc6ea715257355d0d6be2c8bc7835187cdaea43a8ef9c59e88af6aa667a697a3df8bde250eaf4341a835b5ef93cff97656133b49e13213949a3f368d985e0d6c793319f4284dfada383137dc5b000b7fdd85f27865dc633562949bbe4fbff75417ab109f03015bd0f67728969435efae791ac72c6aef99a385a3e8b4c35f58380149c653fd78391a7c3b26a3550d37f9639164979288beee99e36ac6f44d0fcbaf0d210839d563a6249059a30ce6f047f5d541fc8a90a18610a8befb9493c5ac804d34d40881ca82e673788870705bcd585044b11f1d9bbd6b17d8b82b7ccc0554d1e3aa7f2762fe01385571c9fa7a103d07c1a209504876189de4b3c5910c26c5f33ea725a7d57cc30a6ec8f3eecf2409f1234a094556c0f7941cfb30fe86f208feb73c8e8ea8623640afbdb1cc589768a714cf945731debf4519b70870fb3a50f1fb368ada3fb217704a5d46d879ceff9bb72667acc673cb196afaa0db1160cc2cd7b260deb791a94d0988ed54b7e45f33e7cdba0fa105f3af3cb1521ea382b1266df304c900bf53e195ced03871a22c50da166bb9441cec83607083195d6cfa17297b678abb5e03950160130b47e25713b0829f64d2552efcf404f65798a86d5899b72150a91ba00f7dfbffe82531497b60c31c28992377a2dfd5fac8a9c16c835ce4dc24d0389277e6355c655c8a33c89bd48f55c13ede24b9bb348dec89612f0905719743c95c0e8b5653855676ce171f812eca405b6f96f2212d1a5369a11379282ac0c5ac41d", + "sha3_256_hash_of_signature": "d85b5da5a40007bc6d06d1ae285d1b41629c53b96df39cc956a6ca1e61ec4029" + }, + { + "key_generation_seed": "626c19b8553b2d9e5a47a758615d80b15be11fd016d3a1962d8de58ed5ca2219", + "sha3_256_hash_of_public_key": "246b35007c2831b64bbaf792bebcd4872b8b6628b95d21b07c27b211b99cdee3", + "sha3_256_hash_of_secret_key": "c119bd9a162fd27cb0198e6170db475a4e7ac97f61534dd84da05cebe4564ee9", + "message": "c07185e0343df2a4201649ad5de4cffa20baf5dd43f5e4a6c81cd5143fe72865a7c036a2dfd617d96626995c12efad019ff44e0edd7028f29e3657ee3c0d02e9ce83ef0a648fd7cf183a7bf7c15095e0f9278b14fdf6c983cdcf2987dd0cc085400906dcd0d14aba60124f4b7494adbbae3a8d6052122575f99792f7240eb17864dc6d231721140e43f1110e73eb2e3c05049783b33aac4e4ca0a248775baf81fdb03d114508928bec3169a810296b5a4dac27e7c7f8d01cf5943cf4d8cf6ee6f9042bb300e50eea3224d35c9628e38c368ec3b42393fc820371db6557216a2c2d5a230fe3a7c6bcbdd89a2be5cdbe7f783ba379b6a4237db051e6256dce14dcf641190a956e8e85eb2638736b899ed045636ddb7a351f5a4f4108d9d6e0413f92b9d392495299128a5f4acce8c7747c675efe05ed7182db51c515b345029440ab61a904d2a390122680c951ed4575515144c5ca80d6f14d1cfdbb5373b78e09d04d0544151cfa1240790cd31165048d1484dc4d11d05057071db3433df071b367e00fd38c386dab689e4dff6fb421b2a95ff54dc29375c9d1c18a76c79acae3d3f35d4cfc385199a4ccaf6c9f0421bcf58d296ec7e0d1b95a6c4bcbac1271f94e438360a71a6440275591e41389b30caf2626a865b9e59552cb198a1d4453eba6d0f6fc491a8a7783b4a8baeb81e54f9189ce493efc1c5d830a4f637f2bf43cd86b91637611415c95685fe79966174312fdfbf33a646625f97521b5cb1f008135b824f1d6d8373006c7158e62b1f794ae34548a0c6dac8b60c559d81580ac0d84034a501516ee36cb4082732918365a5ab787face591ab02be6957ae4bb96b58e2b173da019d3e0cabebeba0af775779f14bfba8f595697731522df3c80cbdec16f6acc32659cf5daf193178307887ef1be1b48b5806d0fa9868a7fb853708b26873857786b974709c687d6597bcf6c7e476c1e47cafdbf30b6311ed434c0f998c4065399c59073c1f2bab1d46104e74ea6c976d416e58bdfd24ccd957cb431870de5da8763992ef68bb18075926b0e4e826095eb3b8cae086fb1759c94b873a1f4df477e0ee9eed8dfd7c77508b3f0c67f69be04355aba9344960639f6dd6b3a956dcd66370338617a365579c5993986b4f748cb7c990344b209785e22a40fdcf8f83061d37c9f1351b4473d6c74abe6b3eb2a7d62ca0f0c88a0aa8a46973f781df0126e8d55d3e9c41c2e3884f84fb0a06c484cfa0c9a0dfb8cfd573749c711c7c236b0f2f144e1ba4db2525c093deed29434fe43cb3040c5a374cfef33214fdd2d660398e91bf070a4f5f9746c2f08c41256fd5e955891146ffd38b155987e6a0fc47ac2a5950509b9e2c86b9dd9929378f43ef3935f1562672498c5640a22315be15b001d4b01418df8eb41dfe5c570e850582d8916c2e7fc2b728048e24bb9d1e8283615e039c16a2fc61011631bbd8f2beb24adf9552cf5797ce05d9d1a7e7f3f5455017b127d9bacd32bad0cdbd3991bbcaea5fc988ee7aec0b1003732f25489edb0a1f9897247cbc40e60f1dd276259ce19deccb90067f7293a68b683fb5232acd2217b8929859109d6852a43892098630a67d72b1cf4bd5d58e20c5c18b85d69df74ee8cc69baac7da48eb71a160f03b68c6be87a4919736f14363f004ea3f41dd37fd8e621bf433bca71e17565e060f3c0f889515d0a8c17fe0d6d734ff756256b0a62058b95422257780de000557df289f47910cc272a14bec737c0715f204c49f03150082dc904a5d170f7383f04f1e355f50f80d5461cba53490bb2e9484806d369d61fd00ed1ee5be518d04a24503b1c4c08c7ca084902a3942c04143807203287a985eb3fcae3c5309410cd9b9a548f54ded44321ce8c2a04679841daef7fbb6aa11091d240afbb467d9969c31c1cbf6b24f8cbfa20cb4cfa404b1310400271664763e9c1cd1b6fe5ff2a0fae22ab14efc016ccbb19c5dd5d047750db4addea3e7a193128a5f4d7bb6358f21b39a44259695904de3440bb28cf9466b562065c387189eac2f7522c9385dc2a607f6f9335ff8add47c7ba932659aff69b1f26ec8655bee4f97fbc846e48111cbe25524873d1db2f2282d0472a2aaa3cf491c26ddc5e1be77866a3b692e417e6717a4f4454c56f97f063b9e598865b6f71136d65ddb0f3cdec57decd5a57366ba96e4315a88b4ea3479321468ffff508d23b0701a62ce0cbc0fa37c91cff5c5a0433fd61ae11a922575f5baa714de46a58d6efc79bdb10c9af7e9950a61d44b3e17e3b5298501146485b562b1570ff5798b47641d67091cdf90902b2d762e3efe94c540de4a28269cc416edbddd4d43ac2fa82d638dd9bf11f3bf22fd81cc4bd4759d7d864eea0e8e8ab71796254b278cf9b650d1fef38b8437362b2d69ed84c54498331c6899e20c596fee7cad9ed8d83d86774afa6e56a4ed34b0b0842b21ccb67035406dedff0cecb0cd089929ed5ffa0ce210822444808bad99af603082bfe5c98ee4653349f8a43db64cf90190c96b0446cc9cd23e0d75b47f54a731e8bcb0a4c67401dee87876011033d2a526067fb73786fbc1ce696130fce5d5379cdac6788875d27c04783b1e2ef41063d57e3d6560d1ff48882c39131c95bae5a9c9392dab6cd17eefbcf61c464a4dbc08447443cbbf3fa80481f3bc1a5806042c07f7a7ad435875ddb1001565eb6b7b872cc6c853f771c1dd5d9c16bc27aceb3c7690125c1907c7ce904852108cafe76351269a3d3ea8812fae4fae35f0daec8e8b186f760005524998bb5de475e4df85209da915bdc972218ae7db7e2efa05a7d752ae61cf2f3dc26ca2d282c8e32b4838524be460971e077348290fa0043fb7616d821a71dda3a5fb76bfce0dc84aaea432df32b05133a26b46165297ebc45024777a868b8b1b0dd6f97658be799bd366cfdf99861e916f7cf06c034e4f79594f1bb6ecd9b7347911488928e1e473c4b8c73297f7ed845b9ec59020373eda57a436c1c9d1459c6114bb6258543d8f4f97b10aaef5a2e082ea173ee69702d83711fee6aee8f6b260d03ab74c3b5d8fddb81b208e16458511270dd1da295f25cde7e44a8349b60bf0c59d4b425c1fba60d2bcba47b906d2830d8d5c091dba756e61620d78b2dff28407fdc9da9113cbe82219bb2cc05e11c70d040bde821aa17b3e981558961ca571e5d5041f7de047a1727d9c904deebe561dc6dbd8876bc77c27322f512d6171bc03871eb0fdece70f119bacb41d1852220cff26110eb0eb78e39aa1b2a4c2e78679f53683520c5a57fea71a8e96e0aed33118dc4bdd035fd88f535b011d9c7deb6f406a072ae6c091016ed10a5a4ee9827882ee27c535262d1d745aa5231736f2deec8a6017bf0da36b416c98ab71c6824a6eeff3564665007c9e850fd02a1f5e201b534627b92d21a493df293db9f24de70c7b49a6e07acf2db6c90b448681666dcda318c08aad08d3e257af7e774c75debe3b3c07af683735e87f205b0fde07351849c5afd07d5722c6aa17b6ac2cc3551c305e6ac31e3601a236961f6618cd3a0f7dcf6f65b8ec82e27e44c8518cdc16ecf79374f796a3daabe2d5005b25576b35b021497c5a8f9b98da68d80e56a1cc1044c04dfb11d36cb147eabfdaafba0a93fced8675d7d6a9f999785c0e7346f4c68eb17c0a2409e2f5bd4ac5551ff66a9857c66f642f2a385131377b6372884c417e01bfbbe1ca748ac8969bf2c0bd8944767746d1d57d862795e8ecf9e8a5ca122d0259ffba822588c5eccd14cc6ff4b7354cb572f5bd695ed9d85de131fdd97dd5d6ce7844ddf9f3d112028b5125ae7a77a4aeb2ebb554682a26f457c43fe96d67c90be7e49ff443478e82d3a48680d737d1260b8210bbe962efae6505e496b1b6d4f1042a7b971605e2dc50be3bdfecc3010b9f5618d3a1b2c1f48888b859e4d6b63ca9d29990b6d502fc22b738b203a83d597b48d73c41860e4e99c57181f5b02f108ca193451025f3b368cf2741244f42b27cb9e57260d2e127ca166b32e0b9c927b247b31619b1d4", + "sha3_256_hash_of_signature": "22d6cdc9dd9880988d3d1ac07742814b360504c5b9639b9bba079051d3ba4fb5" + }, + { + "key_generation_seed": "b0d4ba39adb4e8712b3a3e6495aba2f04a29e45c68671a960bc0d8d89900c97e", + "sha3_256_hash_of_public_key": "de547eacce51d062da424512617b2c653e35de88173ad47788e54f8037b55344", + "sha3_256_hash_of_secret_key": "50a3b52eb28eab610239b1853274c520c09bddd676e99e4aa5f5e93030fd19fd", + "message": "836254422c7d13f1120012fb9cc7cdaa1d8b72f6fa3943aa7de75263d3df814bbf2e80c3a204bc0f9ae33e4fa82ce893d35c57e41c7147602be12455b00b7949a3195264a3281cecc3fde34802b28c6e1f2b505ab6087d453bd6aa067b2370124840bcac4605ee4f14edfc4b4ff19a4d7a828e60156b49b4027ac18dccd20294f89ccf03d0cf47bb2f22d3749eee69ee17ab5d8e4dfccf36824d23e3f95e959d0494ffbc712ce3975e3a661b3f9e149a0234f691c2d820000de97cc016c43efe958da469f740610fd22b64d4bd2e30075e22bcfd4ab41d952d2394fc629f016ee1cd61aab4581f62a7b8648f8f8cf02462c81023cbe2755c91195a5917fe5a8b5058ecb8daff91dd3f73fe38665666dbf79cf6f203faf94a5ca3f3affaa2c2bd5f5dbc011daf46fd7ceb74b5875e4b5d80b6edb9817106b91865267e78731662218c8ede73e588256fb1ad57232aa5533d25bfc54452612f0c2aecae6de19355e1d508b888d18ff9f6d7d68199755cf5c210172f65342269ed96c77d80af8a244b43a99deb49b97a6f358aadfcff6aff72ab39540d375165185f31e0f1a6f97722ee365620bc5d642f8cdc59f7e84fd8615f4a336ed340be6ed8451997d87b7904c1b9a3a0bd1f8a01afd6a2d9f5b995e3fd0d44df8fbc8389b6cbb5537816c91f0efc3d2349f15eee747b254c5bbf9418bb979294423dd6de4d13484408362582a86d082350cc79ebcdcc05b70110a038736034ce4f3dc1d17e5d11c9c7620d40730b61437906933193d1272f7c89c701d495ed682f1335b7e1c42c994e090a67d932a8e825f4b9eda8f2a94b9a1f11f10e91396908a9d436dd01bae1d1de2c6acf458c0880e3f81adc2240a99e6083c9c188982713db243028ab07df407218ca6b3c4c93989ac96d92375834b915b724f2a105d6240e52b9d7003c67ff76f7a325d84abbc229266bb40d1dc8784ce1a4a6bd17972cdb26c274b06337d525f61b5bf952d23fa13757460b7b8a3b99eb023831f4fbef72d62931348622041ffd12634947579bc6e16bd1eaa8e8b2dfd54d74efced79ef4ff31ad42036debd0fda3b7f3f8e7a3f45955f82936a67122cd42e38af646cf565e294f422fac1e7d274185896f58e9d0fa1fcd3f4d379ecf5b566586246216556939bdf86d6a417c3bf77c64f95d7de8197ee25b44eef00209d33159710df001372c3e3d09f24b9b08b8938c522690674a7588933e1ca37d2c14df50777806ef6fd2285771a44f6de90475c6cc314df140c3962dd9d70c54e58cc5fa3302d69c80c6511d9d42a51b7cb7fd7fea8d8bd65a66fdb2ac80d945fb7ec72e138f5566ceb570968d84b60068df20c6cda2ad48372dc97424793fea8d2136923070c25f47c3d10839d1747b613b93530968d5e97a3fc0f563bffcde7b42c839efe66c3a8655d0ceb5af7a37d23dbbb52d05cf6fcbffa7c7491703349819ad94ce218912557d6c87937b2e7b0473856ec78713c29a02cf7b2b38e0dfe16804af6c2ba8607026892138011e06b4af179d63dbd97cb917b6507b798e58d74f485d3f063c044211e428fbffd5af2d7941900299602d3b15d5d600b435d9a21948b8d87a35205a3af9aa9ba491d56573a93c35af6683655e04a7a17f1b9709ed83e70d82a3df59a2fb7c051abe508601f322ffec089c49dc666ba04366c038ad59d397022f0f6344255f4d98bbb17120441cc75107005a74db35459c63770547a4afe59f2703894deb67612448ba7c4f6feadc1717f6ace410c6be62ac319cd33af285d17d55f500e364a0abe71d357ae0802af464b6d2732f3fb94bdb3baa497f2e44727bdcca5a4b65ae9df189ff1ac640940ff4d479a8072d34ecc523dc8fc7c87fc89a540485ae7bb3f29b041446ca427c0b48ca7515a1e31788e8b53e1122d372b6557f8d2a97cde893b20e60283954e2934af340a358a4376dd0cfcbfe305a2ce7b72dcfe2de105cf44833f548d1bce88d34b60bd29b69309dd87f4b91de10ebdd7d7f87d6231307d0ac784e0496db725ab97656c34e60b34b230f37e30fe326296c4e1bb88c0bac261df0e5f45e6e126103eed6b1ca146d58140a8893d847e92d9f3a0a883e8bf830147cedbdc7dd42c1a58a826a8a827f9ab26eccf64f68e9ca6b68261260b659b47e0dedbf5b077982b24ed9b36e8466dcb21ee69b5e2bccc49a163b4860ec2ccbd65032776dae601e18ecdab8e35c2760d5758592f6cc074298a97fc5e82e7da84036fd10e0725a0e4e58cc4db30499abec0c7d95d88bac2c58eb093312779bc1b8619ff2762fd1ff009273456d829394664c31ff6d7848b27174b36e59fb65d6bef6d974d5038a28f49ad465b28857cc12baaffabf3652c2e22b46b040e579fb040a0fb4b1daf0c157d35407c0b78e305ceeb232e7b7426c95639b1cf7b079e80521faa538e51e69255576650c3a16e143d0f815d2cc89eb00aa13af20394aa23cc6aa99a9f297d886ab9af2655d53816e066a02cf21c277daddef3d7d0825d094fd8fbd5386139757efd0b7f8501829725a4b70ff1dabf2958e07ed21db76266a88483ee7c51a7d215e1b41d2464911abbb1dc71f9613ed5446e4b0c97bdd47f22b372fb7662956fdcf3b108e0107f74301a054fb004925b041af354c04c20fd370ce1a014ebebd8311f3265a2f78b48124521a4aae240d3ba9f94fd33ca4a92d24a029e0754831869b58f670435a44dcdd7bf75ed9ff06dba52980dce49c1c26ba0965de3623f459e36127ac6afad4d5598fc45a95173d039cbbe2cdc7dab2865fb6bc0fa8dfd33c4a826cfc77bb7f45cb5aa73377a27271ae41630dd3d4e2722581537fcfb233e5af8f04ca824012b5c429ea498f4ad44afc249de2229fd7266fe84173a5ce44632b3650d6e1f278625d564b374c10c1afa3f17432cbe4b65327c6b6e0cd2f99b68ab043c5c6c99d7fe7fcf940f4887d309d7bc0ffaa5dc4b90c79266514f46ca2d5477f2b84b04e30dcafd0224170fa6d4ba9ad2a6dfa8ed73dff9d5d40d43f02610032719a7c5646ccd453cef409b4325f3fb6d9b9201fb115e4dfaa0b4d29959a44518774e94b2d4d6d06c7f065973becd203f5cf6cb59f869340ec6baf0121049db3e1146234cee4657c1b821af817da27bd4c9b1103c81f5b5161e6a9329d83d6e4dae1f3299858cd201222d34a85e2991bdcf32e9771f3e701897f647d62729c9805cbf118c9fa727b056a7271a23181b92f033de1ef113a856a884ad527b8deb92085af3db509fdb0265fba3376b31bf753dfa477dd5e247d939109f31cd430a692bcec4d9fc7c5b4630cab90c64b75496bc7ca54d5621fe3315ad03ebf1afd6d436bd2dbcbe707b35f916cfc147bbb5b8ad2e80abd692834e42e0724c8b901f5924212c4129f7451b9dd860a85855d1ac59f0b6b87a66b6a395dd81990aa3debf64c91cea6862b5793bafff81677fa2928e950d94a6333b0e77a15ae461e710be70afcb9fe6e0c21c5ad188e439a6e5138a2c5ad17126e759d48491e3f3f93f81eeb77b7b3a6add96917cf0beea202eea5adb3d5593a3dc9ff1f8f05dbf5a2707edbb6640eff5b65a0003cced2eb480942a13c1f1ccdf9994f1d11dbef0d3ba7c3801aa508c17bcf287a928b635f475195d88adf9f4c1ca7d3d1462dfd0f6939b89e5ed95f177bbb12253391876492bc01aff1c1daaf0a1c7821c2a4e33f52badf51987e010b391fc984328e020206ee98e9c8e6763120055f99725e48356fd800e11ce973d00c800c353a5df8b028e1e42f817c7433084c440e47532fc639172533df35f0ff43257841c3e4ec7dd7f601eaa81e9886fa3253844c195a62f89fa5d292536be8cacd80c94bbcd1a83c985936353c9233e512431a8863d7d8340e89307547bd10b16bf2c7e0bb01ab8093c70e4f4c8fd30608fa14ff072d81048391c07ddd82475a280d4edf81f739ad1a13bc6483c3c37bf52ed52ce8d568aa81864acabe225bc6467c79fbf43781f29b0c508e6825d4e56d25e45a8c0c6298765069fdcc66b2c5492fddfff69d6f5975fcd81041f30ffd7813ba3219b3139583eb588ddc57851e581fbd5e20127ebd", + "sha3_256_hash_of_signature": "cf29a6b4f499283feb36923787878ec882c05637f476a2c6bf0964445df1de8e" + }, + { + "key_generation_seed": "e04328a783c10dacd96702d2e726bb11ce4ecc571564ce7cb10722d1c98c2842", + "sha3_256_hash_of_public_key": "ba49d14aacfb6841a401dcc02d632b74e6775de5c2094d621ba5aa697d8fbd6b", + "sha3_256_hash_of_secret_key": "0027d6e376f4d42475086eacae4cd851be1e45617bf7b21a47583c5ede64815e", + "message": "bd2b4058218a15c008a4bbba29592079583f684fead3e6b3f09abff0dbca23670ae4496077d47945e5f1ac3cd4add5763581285d80dfb43bba9c0730858293ff6a15915ab203fbe65c118b87ea37dfa1e06cbc0f24eba3f43a8be17ff1daf4277cda2cae8aa924e852c9d60524b98306927746c4eb26dc9475e8a0d0f920f33e1aff9d07ea5561e70865b2d8161b86fdd7638e7a72345dd72ee95bae1ebd2c24d2a5510abe3fc2ced397a067d215f6088d63fa63f2247427917e5c4fba14f0a22a04fd0ac1d948507751f3523be2b0a0cf2f96dc61f8187adf646d6914667759d49a6df9a327830effc9470cec6c82ea127a8b0c6510203879faac4323145931e146d962846bb1a6e84cb2c31bc686e388c853413ea7d3ebf7c752c6aec774637ee01f2817a5af133928af35f23fc3541fe7fa749a863a048efed2f8cc2ba86520b97fde0324c68d1ddde1e430c30ded0b25664ea676aac6b1f22925a40b319caa37dd5dedb99de4d963630a6fb0e8b00ad8f2a2b9bcc497a00099a70a9dc190a2ab2a058930e63fd6df342a625e9a095ee79137caeb8885117c7a9fb8df7a35d5a300d6f7eee40578a7507edc38a0d6522474e672f156fede7e1690c3bbdff40342f1f3ad3c34325bcdbff0a68249858c777551683a9f3af225163c9323a4ad5e666e0a9f44c6496269038aac5dc2767966c1560c5a09207406f3c47157d2fe5909346d8acbfddf3e3d19fe48b7c60e1c8cfb2eaab19e736b2595d33a0aa034726cb6146a01ebf5cc72eb1182b9a4bcef90a1aaf74079862cd775f8f773bcc490f6015b4d5469ee0bd95c1a32a1fbf283fce1fbf6f8cdcfc1884f4d2a899f3e7a95414de419d56462f502ee703cdba007c3bb78f20243c35b882c90cb7de3cae3f0468079c546645977347bc183fb0a6cd24481391cbdf9372e2d6765b6caf8eb0145bb269a47a1b4e2cdf9901d6aa284d919ba57163ab9929e715341bacd81f35bdbff36d59a1edabff3cad2c122386a6335348a3170337b94e4336b2b74e791981656cb5234a6f84db4142d3f323000fa98be61527f7548dab6e83928e9dd2e461f08a5bb52f241bb42254e5746fcce0f3620abc69a6e275b5e06a333360f9b809562ed116aa6cc2334694aaa4169310ed6af695678de22d3e551daf61c0a6c5f6c0f36fd3469a3b977f6d295e75abb804a43e1e7ac4708208a94e8368dca40856f1d43c9865d98f69f1c0ba9c8b33ac9ccd18d400d2559b1cdd82a0c875b5e136b97c02126c81a81eb5d1e421221564100450531dbd97bda77c1b0186527ecf526ce6bcd0add5668382d984af9277a21d40c06eb4bbbb0ccd6f64e90272fd632d47a388d301377ee745fbc9cb4c02e1f096ddf303bca4e1fb4b6df867676080cdfa6a29cedd15003ee636db8c74e7e293a087b1a5f62334585369d12d9876ed0f334c6711146643fd598f0d69bb3475d219d1f89066644897a9cc5630bc84c0cb5844087216038c8fb6750d0968d3d3e2d29d93639486c76dc045900ae1a13529e74beceb3338684402bbc3eb36870e0b37584e9f309bfb0dd9b966f0be1298dfe55d1a94a6767cae5eb3120133b7d7b71c9f2a538a97f8548fb176b0e8923b14af28ae26306214f1d392ae63c3736b9f9374ca10ebe93370c11bebeb45d066477f374866c8a7208ce6dcec404194bb1f833de0aa4700ca29681fa0f72d98679dc3e1e142852347b01daa08e5cbbfd242f7223600804e066fb5c98c8358370f5d390898fa44023a30f824f1c6a95b8e23308b4be474d03e34cf72be65f90d698dfe0d2828a797bbf8397ec87ab9ee00c76a1c7b3ced0100d3a1030136cab9a69f05cbe58a4a56a9c700bc591b87783de59369f2e62d5b885da09f25835a6dc06f954c19b347724244fda69e3356a4ef60f6a41cff3bb7cb22ecb128415cd1b89a9aec12b66f1ec23b14e7d7fd601ef7b000a0c96f386216f75710eb2c12817daba1d1295e7535331cb90a9b0d8f7542e73de2d93fe554063f57274df27bfb39bc4b78b72a88473408086d8df531e53b5be018e076032d1f8ef86d7afb8e8867b9d7728a25acfb6856d83592cada4494977678a9f4d134f49a8598a8e0f23d3b7a09b5308243410ca6f47e0bf8c43871600817460bdeb74e7d32c2ff7c40ea4bf924e795516ff7c7bc8e5fd5d64cc489f1894c6bcf0e9c312b1ee7e2bc68739372e7402e6aa2ecdca39c18d7441f0ff373946559c475e37d4ada64b98283e5a64be7bc2d1a1c148d2cdb4eda35f591d3a7e7ce15162f50ff1b025f87cbb82289fbe7f9c32db8f23012cccb87aca7d758d42019b9a8c15f508cac9284928f46f0dc1c1b6c6b4da030db9286ff8d3762ea4a83d096ae04f98e9416d3dac59e04f9e4e4359ad76926bbd9570a3d5811f69a1c4345b646bd946d0168ed62a7a431d920d707d8cc7e840bb9cf13d8abae8196d9177e8c28ce0dd9ef647eaaf0d3c97e52cb31b560ea7067b45aefb5ec2b7c7bdfa3996d1c7e467636bfa1bbe11d1ccf86b64ade9faf9287a23502e9ff711ca97d6cc09de814a67ba6123a8e4e67cf6e8cb6f7b36621bc6192ecee94d61860703ac8411b16e19644a6ab01813402629af52301c9d76a94cee22b1dca49f13b130028991c8ab383c8461433383da92ab34f1ebb4124b24c6c391ea44ee6e736bbc7a2d4660a878a600ae39b7dccaa51adbe90bd705ea51ad13c05e611749d43de336d396352cb0673abce7473decb0fc708ef28dcbe18c85ee0068fef64685acc3a7d0da9a21dd0afb10b95d81f6ae437022218b6094ce35d01248ea85a9ec6fb56a7a2a8453eb03e6ccbea0f2eadb015d8be3d09739eac07ad9e3f17d13e5f71cadfa220ecae90ea50bea87b19ca6fc5df31874d51723becc80c8845c9ea718454d2817ef8afd99b63090cba6c8089afa78770222fadee3b3b829cf36a8153efaf2cf28dc4651ff37a8921e402ef81a0f457fc1802ab06a759bf4071f082bfdc100ab612a4584b5ae19354854101ab0173d7d6a5a0637ccb58ae58978a8befd5a2c51d3d53150c336c0c0c2a27b442e2bce120c4ccf8d97ea4584434a6f48c0245b63b2255bc52adad4eda9279412d70be457f7dcac492fe53c06edeed766b46ebc3419e6da2a2847251f75c62a5fe7ae74f0dd5af50a447da6356dcc828c5f1a2c0c873e57041eb1158296c038b91f2e13d3d4b2887b284384a9ecb8bb378bb311f4abb19e1b90eb3a399c03bfb4ccb29aad80c55c1636559fc79a6c894b5bad8d529bf680631541a45eb0e57ba5b458a05f456c60fbb593dae90ae549416af96642a486f10843482afc3989bbd1e8e4ddf0791204f4b720abd2d8995c87c8a388ecb14860cf83b7a4406fb6c8c9393475082d24e516c5f1af91ceba444d8e460d0695746be057ea8d76f8c0c80358f3db2ae5b996272737516ef5e4ef5a1fe5967304cb6d00090c9623d29f0d4bce8ca3cbd54a30f9597e01e5845c1cdd8777e18c5d5d86492fdd0606f623d11a28dd9f02032e3a378c71b757b52021dce6ceec63792cea24d6dd7150ac8fcfca6554f7b08a5529d59628d0f35122504dd1542f6291bedbee09f81aa744a0f6c6dfca6207fbfab6b9e17e8a4040741f6508471e72d227d0fdc50c13f444310245ad17bf819ffbbc4e0485fa68cf1f0a4423f251538f25da989abcd008c803d368f626438432569f12d1612370e4c6c971079371081b37d8df7ee709198aaa2fcbd443b96732aaa4e6924a461b60ca4f4cb13e88d539aad709a3db84d2d6d26671a9f3877125b7a358389bbeea846a32e949db9a7853dbc7d5add92729ce1b5c00680974f3ddc6a8235c7319b6cd1ce5e0b66fe7c2f1115206c42b4c02990d79efa8be94927543c19ee93d0ec8811f9330693696c878cfadaa2d56e877d42a3680ab2f6a576fda7bf7957f781655cc664a0a4a0d16ce34d04d7c98a9e0c93d2e6d42870fe66864660b564ed4f881693d466bd68b6470af03a5a6e703dbb40515af5dca7142c4c8d79f5be4bb01a1b56be9d0936396a7eed9a84da86a4f00dcf676b4942d5df6e1378ea26d9118a54e17fc623b83aadb417ec82f9afcaceabbdcfe2f0b6ad4bc1601b4e24f547d61d1c1737adbcb46d98287372c", + "sha3_256_hash_of_signature": "662656dda9c257545104f63e69a81eb8ee202e491da79736a7caaf76099bda7b" + }, + { + "key_generation_seed": "cee2e53099d8cb576f8f76c5c155470f87a6ec5f7d73256a0a2aee62cbc53597", + "sha3_256_hash_of_public_key": "c6332aae2272c3cd26df7bf37b4f5f44af2ae23721d84bdd0eae6d02dd70c79a", + "sha3_256_hash_of_secret_key": "e77c09affc3776ccf4373bdeafb5252f4ead9a1feca18c63c0b3797234cfebe9", + "message": "4d83349dd620dc2cc0e9ada524b9be9b195973a839a042f4342d69e6b38918507a9747fcdd8b751d7c75abce2b482b3313d4c74ea4e7a4a91f2e08a059536b651508307b7f4c3aff5cf1579f90f32ba1e847778673e3956713c14661afa2d11ccf61fd8f9bc914d4b6e6d09c52aff7fefae325c180147153c9ae1924c9a2b8de4900bfbbc6797558b000c5adb9a8dc4cafb458ad328f19a2c55d5434bbfa7be5057e56511529709992bd6527e913b46abe38dbff90d4ab3c024a66fc0f8fb34afb96e22535a0ea8f313a087aa65355d7d5989c486e103fd526a7a6d812c0e4d8c081bcce4dcfbc64b68436739451be0c4b67bfca71be955ba9f9a23c223c7d0ffb1b2196c9c9845b6af341a363951e2008bdc4f3296dd0e1e3f480f2e4b0ec77a002eccfdabcc58d24cb0baa26eace96decaa0f6bf1cde0175afa65ad5c23c5e71b50df778208edbe426aa6e876c12440d7c4fccb42d039a14509092784baad37d9b8edf186cd4fcb3d9f8b0397e951777d602b8af613060fdab6b358302b3fd28437a06694f36ce12a035f09d677e48d077cefd1676d8fe51541bc19e3a6d6a5d879c4f9eb4713b7c0f3a652f3a05d74dabff79a302fdaf147531fdd57924f49e52b298219b03d6df166b481f232fc85c7cf52838969ced2dcfc18dd8c95891c498fb49289d1a982922a0fc02c849ac3bb7fa92cf43a64464d5bd919f75ada287fe657bf61dc07b3808c0fd0d71ea24de5353268b2c17c989c29465ba49111cc479f51a8cc623cfb6ff68149e52c77a7d85b5ecce66c05900ab9957bc7ed39e03649a103b5b6bfeeb168b7c1f30dca84aea509fec2b215dd95558a2708839396552f517a8fda28c3ed61f84e1b2e0dcdfa708de50d44bfc65bd4e70260c437c8b5b7158ec7e2301d9c7aaa68e0adef89fdb601711ad2998379145b29ce3681b513dc3ba9b2eb668c1b53697833670466e21e767361c0a4362e5b8ddc38ee6a9c4dc5205eb808b93c72ffafb635b4254e4f4496bacc753c8ed0bcaa88db683ce77c8165e8ddde665392cccd57bc07573d83cb3aa10648281efb08f92aacd8ab6f9b5d7fc66d29526bd57e421220ffe375b26c61a0ddbd9807022eb3b4b681a43e7719f5ec255c1e19ae6c542d6deef3b94b6960c18d0d7c8110b88f995826073b874042faf97f1ff034b8257418ca269f5ca588223393b0179f9817e08e7212d0d410ea259ea66bc4a00e7fb1190a732bfdbf7adea0e4550be90c3e37bf33baf436955742a2632aede259235702ea2e079d99a22c9755ed34c1e3ccbe746e728a932b1852f692b103112b303033ad3ce1172aa066860df570d21ebba51fab72d5afc4ae8995f532ae384cccc3c4a295af76a803fe076ccc920a80d82a9b614760ec43208579ef5dee164356d62ea33953e55195eee9b2e2018e6fd9d19a9f49258702dbaf6edbfd093919917b1b6734f012e2beb4f758dd481fb8a8d7796e755c6647501e28862b9f5b16ffa1c5d80dcb07141806fc348881a5a8891bb632a4ae4292a102d71504d0fc12c79d15bcd0799d30c7b9e72625a7df7dbc7ecf9eacc627ca9ae5d71e264f2f2a9d5db8593f3a90f3915ce480adf800c99fc2c8692f2b57b492bf9d84171f8c29af8d5549f82d3730927096ca18ff0b0c0c0b8b800508c44d5749b92d7d48f7fbd5c86e408ece0eae639af475073df5ca2cd5083bc4ff8852ddf5c399946a6b21b0841d137f583e0dda3a6046f082872b783eca3e14b21a2af61bb150847026f2371812b1a2be72024226f4613da860ac2ffc578dcb171dc27b896eefe49f885f9be4cc8766f37038e01cf20dbb661f507b2ecf2b023203a6259b0a018fc00b2ca9b3107b605f04388d5493ae7cc4bdd093ce761a92847c2a167739e0750b427b2aceb3abc5ff751a5f32d36b589787d4da509c85ead751353ab2c68a9c14b8b2c8166aeb6f27c7f101221c306aac74aab6b4e795525fe12038725d7af3d2a6d60e1ea85f2b94ea24f1b72fed9ddad4c8e5da484e80a2150de22e6adef41153d7b4331e8f011a3cd48dab02876b067312d0dc736e465f99ac3c9c56321507e79accf652e3857c749ad92dad15350a6b4b67229a3905db18ab2053e2d4f92f156a1d76d0aa891364002c991e632b53fa217aac1709f37f3402f43b0753361eb2f595f9fae3d7d96ff050dca0b9657f4c3ab49ebdbfe8816051c4e0aff32c5137749d53b062cb61f7201171b5dd716e9ccb38d00e50955596845dff602200b30d375a854ca4e9a7276ca1a1d9ee92a04bcd78854be251f7080aba6d8325d40b37054596ad80211a50afcc1dbc177600a70e648d8beb4fcb8919214894cddaa6d63b6f6c445469a6866721d4bf1117f25dff9d65fc8fbe5b0acc8b9039c7f94b2a5cc6068a0489e2e13a731dbe1094fa8558a601addb9e4dab04fa744cd5b95a9d57c52c8124ad950a5944dee2c55e5c8540dbee5823daa624f57fd5be994bab3ad4e74ea9443f8b6024bd6b49adf3972442d88e61e04fe8478ff28916584ccb65fb15686991d5781cb7eda067745258ea671e0a2665f94fea1b5490669d1ee8711518bb911094957586c8075e3bbedc47be059053a7658adfa0aceabdd46e0dd9647b34eba32e56b6305653ed386c50e79e15084f00f003b1d12504fdd8e47d03d9f7572276047bd22b82b8e81f87c86e6f20d2a756b16f291179a97b010f993c0f839c9a1238cfc9bde8074405cf1b35df423c7566ce965681f21c969e4f3f8fdca72a18d5daa80287f53b5f8429fea81612cf63ccf1b7a13512db4d1dd2678fe1189398032eaeb4368332972c728ad726b7290302c3c5acab6e73432e825b9046f846adca9d93780a36095aa5c51e354cc6e9a910cabbe59130e98f4acb3cb6d4efda9e2f78748ed58465937fc81c548ad038fdc32aec46b078cc5a7207658a9706f1c9653359de6c4457dbfa71d300f98f9bc5daa14dbdd5ef20dcede7e9d3f7da5c932ac3338ba40e46b17d89fe38f725129991983d4a81321b394f2d7b20d66e3deaaeb6fefc8cff0b68a766e27ccfba66deddb1f541deb3c1892ed2ad5d073162f0dd06b82e8878477bc96e03101c9b5d9d0ada10ec060b45e144b31e6b4de283fd43538b47178398fdd15b01ed421ee2c65847f7a4e9aece2f1d13971ffc0157040782ad4b591dea0906370820dde1000490ab1c27c03d02a0f4b4bfab0e56d7257288441cea63175cd6bd11382e6c873154332e627ce82e37c63889efbd8537ac35c21ad7a09c986cfebf13b19d5677c1104b373f3b55198d075aac608145ff9d0c4c12c83bb41036ab32227629eeb4922f172281a66c23c35b8a3e92de0a10d5e8c18b9a54d6c30230f3a8263986ac535b6bf63eddaf6a02c9100b712ec4bd49851a22af0e647f259c2e19b9acaeb6147c476c90745a353f6252ade8212a9f7c215c0b3053bf2b4e0ad225e8b344ec14c1b839877349c3743e8337d9c1eb128b06939c5a08f60a46fa700723eb6652fc26440d9bda3c99c10ad0742c2f039be6b66749b77e14f8223509365053e87ed870fe3906a16da6c62945dd2112c96a23942b1e14431aeca7dfce3fd4d6633e0b661fb34b0bf05c4d21e689cac9b6abd9f507f08e4aab94bbef1c629c0e1cf344e66d3a3e100b615bf762dff0cefc5e4cce0dd908f46c94e7411a151e713fe0c18ed33c4c03e55e12c0ac366da5c757c7090e0f94e2c34d93ea3b226adb2979d23e071f18c2eff33bcf41baaf52f4b44e38675dddec89c7bfe858bfd1ae70d96d0487972d70f8d8681982656ff734bb6323aa91ea14c6330c71783d235d9f094cb111abc4990319bbf163891535aa5f870164da65fff395db68b390084d4f2448b98cd56103e49caaeb6cd040c3aba8290284e9b2bc423117f4104d89b1b1607c6d34ac30aa9e79d8753b97cae90ecada6cafc6100d3d6d91e20393e0dc95b981fe0edbcf88e046f74184a96705ac226fd26089468e432d525643293bda781b64bacbdfd6c7301ac42aed7dbbce7abb9d67af315bcc3509cf03523fc887e27edcbd7c74dadfd0f126cdb49e28ecad38080f18a775e6d824c18359935d921744ea72fe293f299b530d9dc9285ef174ee60e2ddffccffe89960baba90d955cd2c96672513c758142d29a1ad79ca9291bc6782b64717f11a71e6d65a1a71d", + "sha3_256_hash_of_signature": "7cbcc9b50da9a556f0cb1b390235d42793117b43cbbc3dd7b4957c34df2fccc4" + }, + { + "key_generation_seed": "02d9755c369932e7f99a2e1614b03e2c86d713563785965e008ba987a6c89f49", + "sha3_256_hash_of_public_key": "3bbf673b4217c4a0b7a9678c489c70be87e6110038378b338b2c1277bc236b8f", + "sha3_256_hash_of_secret_key": "6075aff6634ec0a7ce8448b1bf581435a237f54aacade2f70e8db15ad79da0a0", + "message": "e0f434dfa04ec225ff6b6db802a047e221bc064e5be89a5fc13937ae9d3f22b4439bb1c1bba01547a64ab3e810bbb09706d01959e2e906a69ffddf0c56726bdb58fb039d66ac5d77c7f0e9a8617b0c69176770da328d38171f39b5220279186250139922c0dd0f7c3f96d48615fc66db7568810931d257b230258ffe9cb35f87859e08139ebf7432e948ee3f962bb9015cacb8499bc69597abae4b841b606657e2e3c51ff5a8961ad42177a9e73950e3fa150439e2063b6555624a6d8e3af4fd5710fbe722b8c6267ba5df56846a085c56444573d692d5412cb70e443761751e58c41953bb9faa3ce1f4564c825a02f0e1339cd659ab1480804dd2e90e3086aaa292db39c6e2aaf1b001b47a21cc721c0c502c46ef0479bb7d8cbdf8e9c136397febc2d83c0fdbb3ed4fa6868068477206a26d2b7e0d20507aecb2756b888fcf5b446217de14ee6a20cf7e7b732fab22ca3abbe81b2be18463acaa3132773acd7476460536111cdcac98b1cc9b2c36aeb3fb318340f7397b4b4ad6aa87eac94ab7d98cc12ea5606162877465fa2cad276cbb5d36c40a0b014c53d2d3a96825e237342dfefaa6b9456b5ff1dca859c5976f77c3d3cbc9df355237ee9b4b4c90a9dd941294431db76dbb539dc48669e7aad21808332c8a4fe98b8f043fb756b526890452fa3c3527fcd584cd33e38ff9ff783538d39a184b7b3eb649e1c04c289fb65998f6cf5d5bbb0609fc3403d85c6df269017032cd24ac540e1b294bdd3c3a0c7117cab02b1a0063a174ff26fcda687433a667322320c0dec1ea3963f3b14375882b3478aed43c2c74debfe3a734f8b1a5cf92007f8fb627cc3aad5c6ae4c31846b72e7573041270ff40e762c0f8dbceb7512d44dc260a97d5ca7d60699981ed8476d8651c35c8ed498fc2961d1e38af46f3653630773209a63838a9222b813c23db0cf4196d6654126ba2b1840a7180e653b3d6e10c4c7ac3cee93b0399d918a52e59f0215b09a119e634e6e8a9886c877f157bf7b7dd827adedbaf03c718ae037c0b262588171839e952721de72180f8eed00b01f53e098b82165199c53129576036fc753a3d33aec92060dd19aa078a496a2b214b1bfbb747a1ec64071b0a078d74d0212e6203c9698c7449326a42bcbbe8d9501db916c64307d5f1083bcc36c0ffa18c0e4410b0b17d443481c3673d17bbd7a366a5fd1c3c5b3391a02eda7596b4f869a91a32b5a02a05611371231be035edc716f534724b5225e1a72a2b2cd357f4c326f1dee963fab680721d40dd70b750a019e70885515f43946a0dd3dd042969139f61eca0e9ee3107d3d28ac606ad53f236303e1fe986c38825318b7c4597b14e1a83b81295fef49fd0f2c1e14a0b146540d853db9706cd224b376343317bf7330b0c2721a409b856304fffe60c24c441d5e2797d4696c0fe046d305aee93cc6a2d89a81eb19643636a8b424b310034612105df16516ce9607cc0a2bac5835642c6ff9572191bc45e44d9b40da36b607f570ae8c39d490342786f31ce6764f3f7a764665b6cb93e54922c6d89db566f494e0ee069811ac82e8132f2f388d68490cb1c2172d2979fce3659d7076b4f457232eb839172963f8c342e2cd18969f086f451d33bb774f3d00e6fa2be02292f2e5cad3adf5dec28932bd784801e69364962bf39e25455303e1f289052d2f0cd4964e0ffcde29e7c074e5d57e43739dfa42aad636c352d363e3a23bdd134baabc7cd1621ca638ded7db7051f0456641ca872ecdb4d3c2603ddbbce16637010e782c4bd5230992e2ee7dd904f8a83ebaa7b4c3cee15b10794ace894118304bcda9e9b1376331d2248b802557aabcf913e95f783715bb5e90a4436e4bde7d651397a70a24257c39e0516bb1f548da36c1f1f92a416dc1114107cd863f3bfcb360286e774b21296259756ea6040cb61738eefe29a67895ac69797c640e03f0e9e731647c2da93373920341fdfbd50eb6b737bb0d9fda8ec8784920407d4f41486d8fc616430768d6431ccd789deff332b239ffd1900800cedd9661a55d6d96089007e9089a117f03d7858eb4c3fe2d07e91d8cab88d2ba5421846069fa6d4e5c9161a140cc3a288100bfbe61c3b0f0e820ab12d8fc54b054a0f4c777052495b45a7d1a883e67663dcf50c2230ca5319ab31cd76435dae41ce1ee25ecd3fa0c7e83b0168852b2cab674127cd7bc9ddf9dd4b57eb40128988c7c8994dc6a5fc939ff957f06c70a4056e63331f9aad254ebf2b8fccd580285bea486d91a0c2dbd5823ac8f6846ddabcde25a2252f8da1aeb32e6969276bd2a7f94cd7dd3143f3181489272b1589fd385ba844f90e35982b53141daeaed413054cdb935f3412e31d99c1147079cb487feee85e3906daed18106b8c407bbcb7716ef9d4d34e2ff04709c7457997ad6fadc55a8fa70bc907815805578a11a012c521a1325754cae2e3f7c9e1fffdbd4be31dc534961c318d1a894838e0c33806735dd11e408e500995b86b6ecd20d325347f792a3381d2a45587d9b6ae0aa27533732a6c421ca621aac42335848d9c0dd89f14eadf2f92ec532756cd5697ad752b6260c598ec9f0e9976a950b22daea8b74fcc87f28b5e9ed83c0339e566259ecf06e5ce209065de87feee5d1e9c466004b34583d6ae89b590ead6a96cd2951705ac764f329e28c996ad6db05f6c69ad2a39d3ee230f6501f1760aa41ffd936c9dbf20de3996917322d32b946062a3c27d8bf35ecda22403ab684cdc680dd166562d018d943369caefb9133a4bc4515cd5f9c08e7c22d153f0a7733eb4eb2cd8a74a4c85e40dadef6858c5927b6eeb2b01e9b7ab02f7048c8869991068b00fc19b9545ab42181dd5cb5488222a402e827f60a8d87b09ecc88350032f998e3c10a88d4733227334812ec97c5e5fa85faee1a1e28a58641531b139aa58bef49780dceaa408986cf3c40e226c60531945a20f91e5dc31ec86c9f9a0545e5fcb79a13b9afe9b133867ba7a38152abc6d9f8ee10090bb71e6adc6a6c2513b066f2565138bada60b0bd339f9be1aaddfc90dd272b4146d0f5830c6a53e295c849c15d001176e7774fcd7619d6ef1a30ba93cfe278ab4806bbf25ce4a4e94163f614e81dff7efcb015997f5138e22b80b2b00ad7579cd84db5d1c7fb16e9e8c5d9a5ba0ad0e0a7de79c18839d673632f3d2c7da2062eae844faccaf23590b2fbf1861405ac347eb9d723ecbde54cc96bc4d8ee2178f353310e5d69230c5db2841d2a06a3a4e03e054d99defc6004a6e405fa89b198a901ea1ae9f3112a29f3aec5698a42794e04d74d761e4aa5ad23de271969baf124450f4796da1eb1c01480436ab0f5d0b1b2e6717dd87eebf137420961f978896077e40b2d2ebb5664fd8ad89bb9333fdf46c33ef3bed21bcb5b4697451bdacf364f85462f5cb9f546657b4744edf757daaa4d3a9a2a6f281184c3576b1db0b540f3b36310020bc6ac0c6454a7cc8ec1182422b17bda202729c270194cd6044210d2b98731565812339edfe5a0dad79ba826d8c566c7d25dea9bff0badf1e4e5da2b884966e03fadc51c6d9bcfe877511157201dab48aed1ab038999e5cc3fe58ccd37d40050dee92e0bd5332413a7f0118724084ee5545fb51942df1ef399f734fb9592555b5f32290c53d7e5017efa2b61e29fdce90cc3e7c1b0e545425b1d3e1acb9089daa786cb0122db3ff27ea0367751a5462230f0f248147ebccba2e16d214e9a0baebe989bba020f95b623cb14acaf2be6f157dfdb1e32627133f0d26c7b65a189f39955ee31d9b507b43126b06b9e4524732c8621d2274438db7ecaf736ab7257ced950eb68bb868581649232793ec83379a16f40781e76f5cc57c48c3f5c2989bea803e1b63768436d39ad19bb77db46aae6e8473ed5dfec983f49e4b8e7ca6bf476ab2f0272c0c2dbef1bcb064d7400bfe1b9ecce13578a20b1d5b48133a74c5c59cae0115bc3b50574580bfa99d58bcad336ee2cca5b7994c784bb90cc8f1b9a0e21b39d5eba464de34d46ac0bbe436c2f419d60d8ab13786f9a841b52710d1b49bec290de317b66b6855abe156c07619a4b998cc582e3f54a7f457f1d2839bc3ebac937ad3ebc6a9e6e845379cf1d66d7c59000e3f6cf6823b005728a95bfb0acd044eb35d5adbe8933a3637887cf91ee74bb910fdcbe797b0c6b1b056500542bd39781bdf13ebfbfe949d7ba0b7f31102e63bfc6e22693f97", + "sha3_256_hash_of_signature": "5b5961e9f346b60c9656399bd74fdace5549879d28b7f80d58eae2cd8d4ddcbd" + }, + { + "key_generation_seed": "2b2bf7cbb0957a86bbec97001b60c7c6ad98a56e94542ff561f78fed211da755", + "sha3_256_hash_of_public_key": "6daed9091e80efc00ec96aae1a656703d2bcd5bc38a0f8d2ed08780f87cf333c", + "sha3_256_hash_of_secret_key": "28d4f80888afb12b08f69dd8c37b42e8942f39e9eaa0c54a9d8cf0f8fc101d6f", + "message": "2601a39b6d7d91de539ef11c3b67ae3eb1607716f587bad5f60d311a9f4fe7f04350ca085eda6d41c4bb6c6e13e376bf8a314ddf791ae18be2ec0544afd3cc27bdf270c4550e9e78d497b92349ac07755bf9167b2958bde919123439d6f49c3408e8d88021e668a0a5fb6799330188e35ec5939b77097e3737c4f664d01d85faad0f583b3e95ede125587e2a79991750d5cf804325c72dc8ddf3471ee8fde02519d2d0ca7edd651eee30b3be335ccf7fb02059bc3a47ee3c056d4929ead4fcd82c8cf49625d5da460daa299718556bf0f77cc5cbadb99b64c8ead4474601fd5c79309d4e63aac392853072619efd7b958f0ebde5cbd40acd57df269a8810776d6dff2e637ea57adbfaa08df8d2581c38cb262dbb4d1f3c65a4fa068539d2056e08dcf03baff006edc688023a20728b227a99fed3b8f2bcbed2e3e6ecd8b8665a2e4d233b78d7c33f6e3bd9d0a24d13c8eacccb53a21dda9e7a34f9a0f031091e65f749c9ebccf3ddc4097a121d8c68eb7883405ee34f6a8b0208ea8d5a3fab53fe2cad1110bfa6e094f78d5314880bb67bfdfbc2df8aa250f1d7200ff9a3247c4976dbd1bbe99df02a3f246e5d466f85ed2f68e0b2de06b0f2448a7b98fbcbf5872bcae71bf0db4e70105b020ff130141e8de86dbe05b7d2a234ce2ea83a38e23a262e46ffbc837e8a71f657e443052e9a49dea4e344d497dd2de2afb4009d681f232bff4feeb173546cbcc4c80c9f85b1ce125be678e5ec62ef04433d55d4b8829b01ac165a440fcd6594f2c0cb456c8a47444ab05a0f0717b8185930d9738e885d24dab98e11ecff7d7a48a4527f94fc4c9d1b9d71f5e6bb39cf92b1a6d0509fffd42e77ac9ad6f50f8fc649b96b8ac08673f78ae8d0ba2b7243452b33aac44b06a2b9be1ad6a12583d3590a3f9af0e0dc35da88a257170d315f32f3a889601d6729433b7ade0f719386723eb2a008634749f5253cb7d9b2fc99a1ae1bbbe7f00a536cd38f8a7237d3992c3897df412f5b1d45e1ef5b5dc974d49cf8dbf785160bc527543458fd9378b3d4d3124214ae5676185794209ad0ee73b063cbd5b7830d00f817ca0d5cbb597c44d28e4885d935b7bf426c1339c500daf4f2033fa6a27a4196f233256650472f205d2c5e00e7087fb73027b0c6c9ac5c1d928ccd190b8a6bb33f512ca8e2369dae6111156de47a24469683f4721a25652ff87474dfd92a028b3ec5bcfc244ce442752a7da1da6c33fc22573bf0b13e371ca9fcc86c76fcf7a1654eef4442e47399835a06336e62952770c6e61c573cfd07b3ab631b8831fe3f5dd2c6df68ebf2f8e02ec9f6b90a371ed5e62c8463780ac453ab6f72d38c8f5212c8b650f63b98e3c0886b6a85ae8e7256c1efb30969532cdbf72184aecbde2a17b9811dd4222d080049c5d36c532cc0e910779d64af93d750ee96bda87562ebd3830fead07a3960cd6de7146603199563693392d3cce1332df35c2c8a2c251911d38e95815ce5a4ce5596e2d77711d87cdd54d22e8f0ab431bf8b24ce9c7bd6d077e436543c70b02f338841af0fb86b5ea4b6a47e27c1d83e1ab06801044f546adada437f3ce7d788a1c92a74ba540664658e70d4f2711979153ff1589792859c3bf122628479c7c35eee951dab8cdb0d4d150c2da338346988d34f8c5e589b231b5e00849611ba09711bd3a0516fd515e6c4ae1e8a3657c282c8120c97aa7a2e3baa22b6eabb8d8212a9a48e7759a9daaa51b538f662a05fb897067b7cf9d2ceb47a1897214ccfc225ce47cd60e86f7dea49e220f7ddd6894b30b66460decbbcb2e42b31f4adf0aacdde544b9124ea5ecb04b03c448b17e8094d489f516d23164d2317d3a1332e0500f1423136c8535d69065e880af34cf7e36db5ff2c18122e41880585b4d188411e86b370a024bd6e28143ea2eae52eb46be334a21a02e21c6755c0182b9a055a7d4c7b056e4930ce63edc79c9fb4e2fbffc58f776086f3487f02f8d1e7c8519c7f452e75ce5686a037b3642b95d7526acd4a81a47112cf96a8da7548016a22e9359198e871dbcc5852fbe14eecf3ccc5eb2fb5ec31d10474df7d63482a03e11f4aaa2eaedb714786e21d03af1cd644d06bb05ff7b3959601580bf50e5f7f82ff42e9cf2ffca0c67ffc52cedc53c7a5c9efb6c21092dda374d1cccbc78bbd9f5ee0fdf6da6ac60c95f7c2e96f17e3c379a52d5dbd1a92dd76d1f5dfa19ea0408e0e7f7867445445cfa60bcefc016e68872fbac9098fd6a8e84731c285570b1beacca6f4728958e7924f7a7b7730b9bdc9aaebd9e045f464071843c650d06c96d487cf8397286f81d93d0cc2008a62ee32421e5231998140909474f6d98541d899ea53714aefe652a3d792e4c72533332c3133707a49293e3b2e06ae18f2f81d601aaddaf2fd09ec59350e0979a5ae2b721771682a1bfb5748d000f9736031ca971288f34993df10fc06a16a6dbeed8cdaaa8127f3b71432e723558f0281459820a0f4a75a3b2716f976bdeb88be9c73f31623050d7c1a96c84988b01d847309e1b6d7b815883f83c9bdb7fcdaefa8ba69e25b824812b7d54530a3ecc96611897661158dae1b4aac112e9ac13d07fdc03dc7d5af23c08c5e4bbff737238fd3f1c06f94215bf2351dce9cae14b4dd4745ac0cd626054469c6a5286ff821ba192706d47ccebc443dd67fddb76797a8b78dd0daf850cb5d181c82298616e1d3a92f7fc82fd256857915773c7ad97cbb9710373299ae8516b8a1d647a13c7be848e0269ed6c8a91dc50d0cad21430a3bc9e718a13d1966a0182d9a24fff7ecbc7876c868af2baf2d8b782172c6719cf140e8cb877fe6d78779e1bb31c70c6c9a6a77529c51cf78a5e4fbd7ff6153b5195817f80603e5c5810c38cf43ca812eca52f73f045e33df4e3d04ec8c5f8b4a7399f6cbbf0d39dc951c476b9bcc002720ce89f09c3885673bba9c90d20dccca4a82ce5beb38bcd60afe2ba65fcfb01c8793b7ecc0f0b17a9da74f2e0fef4c90b5132fd6baf8c010fcb5e8e7faead7f2e0db29bfdd1811072623cee274ef2efb0f7d4191f332aaf20cf36ff89a2edf15f7b284cabbbef46901271d8c1b180f736125c8a44fe164ac7e687e9a58c3b1775238bf1a11f99bcb583d0e3c44bf4f76dcf9496a06f80ca52e24d55b54ab849d3040b4798bf5292b0574672e9f844016a52a4d4e4dad2053207bc97215bcc1bb93271c03c9ad2dfc7485ee2ed399236aa06cf9a12972e21afdc587a6334cd1d71a7539362d714ba26214664e3b4bc39cdb1db847583db8e002a2aab451b4e5bd6fe200730bfb2745d03c82b640f4ccf58701708f724effdf98cb04c78df36b7a866cfd596bf5ea18445eea0e34ed514d0dc2625039049a0cc82711dbbedce339c77f9fa1dc60eddd8d58c8f144b0f3d00227afd8710bdc66d29809728d7fbe85f08aa38aebe5605da29a09cc0526fee84691eaa54dc3744bf5a95275037fa2f600b1f91e502d5d81af48f8ec4c1834fe625fcdf2364067048727559047e07062b4d8a7d3851853bf28be9d2c511451e5fdd9459270328a2612dbff42e1dd34005a3da1226a023162f454923c0337e6c74b44bb27a3b1ac82dfd68b0a6daf93473d97a9e4591ec01a51cb6b47e2c7a85c1ffa73c35e5ce3003bc4534a2d9b16ebf9fed6464cb1e0cc665a451616a62b6a8481e4506a73883198c144a06331224d358196c815c811b103959edca35b26bcf86f41d9c7638547496787885ee62b14af431cab2ad4e0224d33476c58b8b0833bf13b50be2b1d682ca7dd194b793ad2c6e4ee25aaf95459302f0b4daed907a317bcc6a5f8d76ca9aa0d799f8ea39f330d6244bfb9f35e6223a0f665a65f55eab9bcbab446d7fcd424dce87f234864d2c27ee84600ed9193afefb6e7681bc94f514fe0748eb32d32262cab880d79cd4fe5cc963a4f688d448f2db2dcc5b0ca87ac26dd8506512c100273b8d4d902fc054d48d8bf9ee818ad9619f68a8904b613256db78c881cea3373f0cbbac336a78cd91ad9d60126e05cb8c16e9aa8482cf1b806b2f9c57bc8d63bf008ab2e49ede8e788bf96b9f1db2918dc5063f3f1d5b9b1c0327141acc0b4b248ffdcb8bcc127050d27c805e154a4825dee6be9c8d4e42b1f5efc1eecc6a45dbc119afb15ccad19789eaafa8b1715111ae32e2aced2278803b60e2fd63a43317498244a7cf7342342b60462510e19d83240dff5d58e762c093df326ea503fd347d2a92a5a4680d5e13b305671c729179fa21be83b0d83144e63", + "sha3_256_hash_of_signature": "2211ddc07df570abecdfff349af8b78180626d86bf38a2453b224e141e286955" + }, + { + "key_generation_seed": "049569cc5fb969c6eebb8aea1af1fcaf46f8a9e6cd6c796fc7193592bca9cf23", + "sha3_256_hash_of_public_key": "9ac55076b74283414b23589e116e5544c3b17b108cd6425b2fe64f13dcaf9873", + "sha3_256_hash_of_secret_key": "746e5171a5482e1dbb371a2f4b582709940d067fcb31b396646788b7bdf766e9", + "message": "9163116c86e64d90d35cb216fed71bdbe6a0797a48cb915f5a40fc8d31ad340767058b28cff0c240720327e12e653c1f98b5755d8000bc01324db2820781b94c4434fda76223845e0613e2526a95f28fb4a768b1487aa34dadb28cbe8df4fdb510dffe672ff004f37c7ac32072a24c0f12a050bb396ad56346f4e0ba75c0efac162288a7ee8a63255dba5cf451a0932fd56b05e40edd491293e045a6081f6586bdca10b41a6970d8f9a7b3b6b58aa772eefa9ed22c9a24a384d6947770862be4fe45c5e0e56fa4d116b79699ace41e5d9f2e4c245059cd798dd986a3763f527e0c9d5a88a09c4d76d447348509fa7d9bfbf3dea59ea57711a3b1a9352123d4a74df273fa24a89bcab42a6d455b5fe3c503f1ff638280f87c740b9e4c5ff20133cbdfb8d08caeb7de9f26811d437e6ec8c3143c0419c2f5135d25c7f40c7908c03f295fd26f1a03fbc7285196be40adc6fbdddc912b3bc94b0bce08dbc2185ee3cb766325068db55c31ffebe4b1f6848ad4fc201a5fd056916a397abe6a66ff9bb03b037b50ac509e46ca441ed45812e3334fd7036d190a7991e55cb817ec2a63cd800f293277e7d15f086618b55ad395c614d168fcedfb274fdf4fcd50cb976f68a266c5365e02a1ed0221ba4e13e70304824f94251249ca23c089b4d54e02ea03fb7c9841dd30404428aab2519d68cf564d75d18530c7d062496c120a8f5305aab23ae52255ec919eb0cd875422b144bf47f7472349558e746b0eb5493f1fc40abdadd2ed84a8b31221a485052369fd0b552972c9faeb1a78e826ba4dfb9e91e301db589e9d7c256e7051692c48534c6a5e2bf0f45b78aca66d5f53e549827e15d64e2f294f93d43b9f36bedce6cebc05e56ced3f846635ae3c384c3fd55b969ca31e8c625103c2b24e7ee45e92984ca23a331c5b14281b20116069c619d82d6080c6fe35c3a3fb2e73b695cad9c5d3300814fd65738dcc3eafcefcd24361aad13a25b3570d2d509fa449612bdb5b49e0605d7eb78449d1db40660af0f3d8bcd4869b6f175cd28ad72fe2668c3dfc1d4963d0eab309dd50b74b9d2947f86fbe9864ae5d0dc69b55b182ac1d914b11f631193f5f1f897ce52cee97d7ae95631fc2f2a1ae9b672165432eb2e5633b55185afa5e883268d8503aec10774d25d39c800b74405414fb06c55b8c48835577884d6b4f2f128246563066f8f34d76213e0720e899fc1f11a3b0a591885d82c688e40d6b44b54d6c7c6973156e2dd50c40a28d2ebba60f5117d64646caef72974f4b8362e4820ec04f2f373da8d883af27518567688146f16bf4e10969e70be8ace5d2ff6a135db1dd738907ea355fb6d243904f6427d11592672060da14443b55a9089167fc9d5efb2c64b0069795c341f90daff684e566611ea87bc40a4c45f22c23ab6888a754b89e4c95bb54629ce74ec999889c82714b5aec703de7bc080b0d2e622ed53b645688ce164ecdff4ed66c86049b2f9077f2a94cd685294f8ea9cbc1de29a48d39f6b308288dfdb47731e39644b576a298646752f5c53d7943a5d0f7dbbc9604902b61b8edefeb5ab7e5bfdbc1e6723e6047894547e440e918038cc13b47424ccfe1a207e08a40524b553c750683f5f6c960f05836fb9b28c59e1b471fd5331f1811ddf3eaff73798b7ffd6c9714978988c440ca906b4782a410372d70ee65a0a803061708003688f576e2d3a22580b706149a24b93a162be9f1b546680a1db2a8e54a576c28b4772c50a55161b2994514369c2192b2c90017cc8282f41d28099f38b2f1f0d2c0e46b444417a2078755591f00f01df0ce72b1d1bd255a14d2bf67ab3e630f95a5da9bd9e10f08efbf6fe722cf000c32460fa3271f18b39eaa4487c1ddf828b6bedf4523837bb3425ba1c1606e8d5d1e6182aa6a74f068f3e90b42641347ca755779216afbc99603391fcef4e8e5aa202bdca24b83ff42f4f01232d3f2831cda2db76fb93a4cf6e9efb71b5438a4b74c3190a8901d73566c50727559ba9bf6317d116e8f5536bacf064d3f86282e0f88dd40b63e75519c6a8e5664af8e1029fae87930f523e4dc7c2dd6dc3296a42a59f178d438866d929a70951bed05533eb1d818b7c7c595971c26b1d436d26897d6a6eb036a13511ac4a3bd724f2ca57fef07d2c0730800d35683d745125f4237add64b538b7dab0d0f258daf7de1a74f74a2fd010cdee810f514fcf6045f0cc84e2054b5f4ec2772718ffb4cca9c9be77f8f007333860180d60ee4dd8ce976e63ff49aa11dd42fe6946515e59da3e602b1861bd3f63c89362bcfe8438bc71959a617d8d63331a3d903bc5734b777fb14f7a2b063d79ea8637ac52c758ef88df217b95fa8fdf1009ab28d8a4f318f78772568cc7aa9e3b3e001c0111b1751b698ef1b66383d6b3ca942fe4f66fc97613cfbbc03eec9d0b7e08f80939d9a2ea1f72bda7b0d655ac3a94b4c699d3eb1bbd6076e63ef5c1fe9ce258b55d21164ca7ee03bb53d8ba4306f695e648093542d769da95a35ff3a2c071dd8abd5a82e217d82317065d50a87b689ae3a2ec7887957bb243373cf986490961220ea61ebe12ac0287b185070e124fc518c300620b4b6d4f29402b18c2462a7985c00e2a87691053b1fdecb7aa264f33e27c6b201ca6065ef79e5266513aea92e8d3e646453c089b5eba66d14bc45844d0240d2e7737c16668fd53e38a93d6003146019777c03644c300d06927ef6994ac794914efc5be0ca81680ca8c9752908fbd2d56d7fd1fc1c76eed755408f1d7802f0d3d0f347d82b162ee6f0a2a890e083c20b822fa6c4ad627f4ab5d1526d83d897c244d6ed4a427b23b4a0c19f4e8889257c1373764ab7063b5db8ed9c2443cb012381a2b3365eb568649d7ccd52271f25fd22fdc397e4c9c536ebb452cd2cd10dc5010bf433f88cb58d2b9edf2bcbfa83b782ffd4388f1bce3f8f9af5ae6be590bdcecb1bfea846d2f0199eccdb0c7e4d419f69b6a428eaeb462b67aa40340417bdfebb6039aab8242e39f6c11ec136d73fb315cf71414a2a1203af08fdee34ed0072c27462395815f7779012a41ec526be53da954e1f7a7ebbb68feb15cbaea8add6cd0f2fe3d3615991ab54f4c7884e8a80a9535f13be2ed944b3bb315de8af2a70439294cd53f041f41d3562be840c78efcb08661b1731feec46a9091ecede3a9fbc2dae42c72ebdd84308e95644373595db62157dba7dbf124bb45de6c2837b0066673bfd215ff915a8d41637eeb029c345e444251ecbbcdf79e246a80aa4591976a00da06c759c6160ed1986f8e15a562417da55109174628e7b11d49586882851205755b4f99a875ab3599fdcc094e4a2164e1764d24de805fd7b20efef2a8e23fea4e206dfa1fd9c31d90c1fecf745d3eb886190827d952703aa6a99b5000d8ee9d51de94a82dd053b6aa89cd7e94e92d4aa93a9224d3f688b5c834a53f2993638166a3de78aba7cb930cc5845f9915e6523683715a187e940fa2a978b5ca4c3b80db62e96a600f1864bf0b1aac23b1330b13eadd3a2f07ce7181d0a9497c455d228278e5cc3e4c00a2ea3eb8e5b9ce2799256302b0f8f1f829d3a3ae8aa7cc4ea229c5af476c01b8d48a9f6987df57c3469b6ef6dfcb488a3d5b91fe17b5798fe154ab8399a2e75f0d15b2a6aa91302056266b22a38a604edc374e2d2155abca119c11dc6827a47e3cee7032f6e0f59708dface221e47041cffc59ce0334d9b7c5e91c2c320a70ec2f32906624128363c893909f47bd970df652d5e6c2324033f32b1653a039f8c051d9dc8f839c50f5696e9e08f7f1cdac4750b429af03176ff6e643eca1d8fc710c6cdb0d26074d85316f4c9084d5f453f6d36c1cea0e389f3462e1478e2503c1db99fc46f3f0627f173672c21f3cc3b483998192e81efa689819d0007762adbd141a058587e030a3568e412d25662c40acdafc3c6ee30c10cc23e3ddedb6c73085c90c89b1218d67a328f06c3637a786d4715cb9f9d8b0b22d920b68b0557cc80a56fce0b6e2d6627de576e308757a8f37821898e96785ae323e413d3572205b0a5710143a2621c258c76c7c3ff7100a2fcae99c84d1ab1cecf7fc5b1e4698bfa3ba2a0856a65f2d4f291a4a164c0381d70d1213f7e40fc4ba42c43ea8e70043e27c5ab0827559b7cf7f2587d0d2f93c6382cf54e92764d815280d68c554e5b6fbb351bd18635786299dde39fcaf3efa708a3f18701eda1579bfb0bee4fa1f1ed6e09d450d427e4b91f4552f87f31f06f109e74af4bf301481452aafa2146f6375da467ea008bafc3c8408aadd61b07c28c55249ec0c8bfdb00ea", + "sha3_256_hash_of_signature": "9dfe1624c9a50e8d6cfa246d1068da4b3154591f1015edc6820f030e5dc7ea17" + }, + { + "key_generation_seed": "9d89b9a327df0d341cd2968ba9218bbc3e934502cd88919d8bb16dd3d39febf7", + "sha3_256_hash_of_public_key": "f4ed31fd589ed8606c230564c8be3c1f0bd78f138b01e9c672a26e84c09b824e", + "sha3_256_hash_of_secret_key": "7f208b9c142e5aae4c8352f6b2bf0877f7b9a07d40c6ad0c765f71f72d8e4359", + "message": "02c7c4451da90503c43fded1ccb3dee468a6a8d9e56670cd8f6a58e7941f1bc5efa6e2afdc0141a2f7e8f781d79e70b4813263a9dbc8d8a67f89371cfbd90977ec96461b28bee4c644f2c91e96257b1909b84ecb25cf438a3fd6b835e20d5cda56a1fb7995fcaa0ee1b5327fb1288e3c57cbef0554ca5ad6fcd1f1865c6aec6cbdb24495700ab5aaf078d8516ca4fa3a231a97c77bd150b127cdbfb42c03702c9027b2a5f6594b022ef55b63bf3eec27eb0e9529eccdc82bc6ad1f011f167d602ef1f175da5db4028bf08a053af2c728ade93b37edc2a75b7b6c6cf38cd1c07f359c73b131b13df76139dee6795f1d85b47f29ae97d0e40cf5dbb67360044f78940a1e80d9d99fd5ab0185210d8769911bc471650df0fcb9c3af038f7882f677790e146e612fcdd6fb89f90b7e5e46cd648f4bf8f736d69f8a91e4806346b4366fd48d1481c0b47add82003310b0a99b779d63ede1771f50221651b2d8af40f48b92ee1327c85a1d2ef2d86378076beb58556fcaec6029649a0ea5fde517a85d87704210e071fcb6f63317aeac3eb3e9746018e1028c50c790a45b1beda6eea2d646dce401ad5d7850a5f69cd85301920de77ab0d01b1361efa3e70ac05881bc02190720acc75a691d6064f9d24c79dc72476309e58cddf5fb2a253d857a79c8e898ab6adc300eaaf208820cb02f5f2cd317f4052d40de28e52c55a0349dd855d64e8da8296d4f572281e221a3d27ef76fee67fbe5484e6460c99950763b801fce828e93d2a633a1ca5d7ec582d7c463da5a9aa8056bb2173306f3820bd0a3273742789b61af89ccc42b81cc68745800d2a59231d5d28e832f443a871de5b6b10b58a8aa7cc9816014d7f3545ddf1f481b7f0c9dd41b4d96e5db767b74776c2253fa230df65f3e0b944b95ecd4138e2847418b084d9f9e0798cb5247238ec12b88c10a5c0c645e1d09d09059c72e33c28a472fdd8b88eaa93c63be7d980a12195c2ec3105df2bb81cc9c3009f7771b6b813cd12303e3a9961d6731af55ecfe5127bac68d06f835dd5f2d584fc0e648c3a4256e2a3d4b81966010964657f33d1fe0400724c488d5aacf9f2c0b802cd812c8452e5b8e2b17ff4a1289d33fc405f5db4ecab4a73fca3634756dfbf9012c413b6f64788fd0f68f8ab7620477acd3c14009377f3dd54b9eaf2784433d63341323f54d113fd63d7456afef885f13c13172a37a5dc82336b9515f8f7f4903ef6dbe9cb34930743b6ed11265cf94aaf406dea9802d17bcb369ad0d9964792f74d338dafe47ee88b3b74eba8e70774edc1f16fa876fd62b0bff880ce252ee4435b1debf36f0a06a4fb406f01d618c135e6103e2a39f4c9cf41ec93702ba76ba753ab49b5836c20f67d05943edddf47ab8c5b81f4bc22d773305076f7e5b697a7b25b016190072f756f19f397884e0521595326ca591672684a3be17c9f5cc8e8f4848f7136762178fbdcc7bc6a6c6a31345fee687b0505f72bf1ab7eb87bfe5f896cfd42dd67a239c70648b39bc0c84da33ca17838fb4213c38b68f22914fec3dc50194e883720719e9b5f8d037debb726dbd899abd97853c54b0bc347a322bfaf961c6cd6209c98aa81b8e2595fc151b1375bf4fca2dff49df40a3d1c694edff6e9687e73ef62dd42ad7a05195a7f206f097196aa0e4d68f8132d4a00ceded940c4f6ae02e6d3763073462c7a4bb11778290e744471ec554a05917e52c5263ff02c07bee055234eee10b79175dc164ab2051b03598df1d4311e87acf4aec45c55b1a58b0f05ebdabe248a27c0187643cb8f9529d31fe0ac4a28d780196da00dacff5f2dd64fb04e7c159dbbcdd3343bcb7ae188de15d923d2ac0af232c5389dc9c949fce554f7a0425d4f9b28df2ee4b81740c2b5a5b93f0f7ab75ebd360cbc78b11c28608b5bafc970cf3d4455a20a198392d876edcf89e2639b50cd84ae21bd50fb077050ebffb210be711d8ea807ca66493650e909911fd3cad99ab94b2ab2edff192d9d75257818272e147a9c54e06c53210fc091bf4175f2f44423669716fd9a6c4f96a0c4be17839769a806453e55d7357fbfb3d7a458e70957d524c0e896398e135bfa68a0cc136fb93ee7d30ad463e32e152fc32cb8e7f0b05a30eb13c0df98bc187ec0a54856d2efcda10a82b89dc8cd21c67d9b6df3d7005ef3b2bc9dcd5d55b64db40b74fd322cdf9d9911a00b5a02e1ad5ca9bf65d90db709fc1e5fc84be97574b09c83b49963a51228a667bbd84bfd8e0d90ec161fe5ca73bcb8d95fd7afd982ab7ebab51bd2b24cd6d356eb850d2c65593313d8ebb97e7dfa450ae982918582f86a356f538eb05afd460566d79f040d36c93d3c645b636560007d51b121de3fafb3ed70b475aff9617da4b52937c628678b109c3b76bc15bd02b766a394893d8ec966dfd8033d12a8d98ac5be201134325e32cb6786f4faecd7dcd05aef5f3739122b817824a672e71deb312cb7dd6a77116b30715076384297b1962efdfee6d6d2b2ed2ea4dd802f4784872d825db828557d4d927b7232682ad91cec3e508854f529853a8797b7bf7bff8e3c180980ddf4081e96a12a495acde0c73282ac78617c68a55a94573e5a37b859858d1e19adc82821b316b9d346ecfc6dbffb3779f692a62d20d1bc4e730fde2aee826e76638ade3dfaa11057b0bc8a80e8905b15e41d9a4105109f18e7e1362149ae9c568d1d642d65b94253be2b13e7230f8bcf34dc87241d1de72a65bba111c111cbf5bd618cd02e0a06e37f60b3736631073a6be004c1ad5f0091a82c87b276f7c5aaf6938c886a6039df23482e2064f6af05636b4c6ba6b24a29aaf2174af4bd959177203ae9b160f81ca6764948afcdacf6bec0b987c6dbe178dcf47c137c64809483019c5f2072d0301c19c500c60b5ca913c24a8f28f50e1578d806ff9f9b810ca14bf5f2268fa18dec67d973eb1d975aaf871abc980d06222493d900cebd8811fa20d5db8f8036430f8bd7f9554f7cb47f9ebf389f66c3ccf9f42db57affee074ffee4eb3e11612fd8a8fe02cc4e9d2f8bb36c505cece9dc87512aeb5d8ebe33328c5217ccaf2e1af1e38bfa84c0035decd8d8c250fb4d964e8f0ae448aab740d9ee9d794390686fe9a95183f0d5166d479c51014f1f29d8fec616e1a4e7a9c86e2af790bc7bd7bb6f746a2266332e04affbe6b9512e6620681c3317dc846e4fd7974e8ae87e370ecf9dfed574e339cd7e8a663ecd1a7bf5842391913d98686f7f2145bbc420f2f58b89131d5f3be41c85752e13504bcc549a8f690cd2b0e1e29e4dfa3cc76bd398bbf28f33a00c3915dd719f7cb985e9a0a7cc8190bffc8bf47310c71418d7a6c629c491eb8e455148bd4438ba6b7014608b0ce6a1bc5b035bc174c9bffd966d8305fe9e5619bca3fe4b39e6732dc652531819ac828f86ea11360678e786eaa741382d713ae26a608d582a3e4583d45744acedd32670b5ad4a1310301b28a174dc9858a55f0c1b7486cd66cb0635083b0c63016e40dfc533ab80c9cfaf1378d00769dcbad56b09da3a4e6cdbfd8f3fcb951680020dca58647665462e42f42dc14e7b20f262d3ceb0b1a2ba807b98d66232ad7d3839c298564bc36a134cc2447b1b9fe69271960459c0a6f897c1878140690da7d41fd8aaa05a679fdc3037eb2885ad3c82374f4bb991745351292dfd8e54f565e0093776b7ea65ddcd500beb4d15af6029f2630a0062f2d4fb331b47b6a5e139d385016e1fa490eaa209636b1383b7d7dc1148f07ed2cc2c03fa7fee09305f34c57b3ce899c18462b4f1ef88c1ac5259440aab48c5849652aad9d3cf3d31f36c7f64f918868182d36345ba5bb7a4ee088d8b081eb78fe977f5a5295177aa427215bb26d1de33ad4b2d610a47f8c672eeda703a04d0fae4c5961f13ad6fca81863d8a394135565d8b27904a511fd0621a532f84a47ccf4fcc2114d4c369b7a76822959f8caa25a6495081ca9ec3ac3348a981618592c090b6439cda2fbc932c8697b3709323e3388af8efa1b9cdbd65a65c8f0c302330ddbd10e0235f8030562452ede447ee5a5a9a636af6f615b1210aa7cbe69572b3467b643bc5f5ec3f9ad15b3ad918993355e209acbd0f1393076da3b0950803295b6571e476acaa04d48a4627367cb7faa83796c4178ca9071dccb8d3ea70381b61f0c56d515e0a765e266dacb13056317ad8737a1ad541aaccea1641946e331229f19bb54c20bd51e63d63bffa13110a552fd0a95ab984ef53bd639efa0568c6875b2798e3a0578c940c0c4197d3587bcb1cc45a99f5d37b1612dc1a4178a3e288fbd79ddacd049159d6a5416f9ef3f38c74449bfb2e6a894566c5c17b4555e154f29a93241463690", + "sha3_256_hash_of_signature": "740fd755af5f55b320f619f78342404e5b4b512b83d310dafd78f95db36e6dcc" + }, + { + "key_generation_seed": "4544c2f21054605b0eee46f62a87dfcbc3bfec473b9850886266f478bf9e33d7", + "sha3_256_hash_of_public_key": "2a11970bb4e34c858b261596967664f3bc8b17f63a1690cdab42505456b132e1", + "sha3_256_hash_of_secret_key": "b9a2adebc93a4d0a9f608d8598f7127f915d4f583f883e08c99dd18989ddfa55", + "message": "e13692e3cc06ebe8ff9a292d890f0a34dfe9a4f968f196b475ac4df553a30e2fd5df008df4d7508302aaf6389b6a5a9135e9bc8a5accd2bd2df98ff662b763101d31e24e8f182fa50840be27f76ba5ed645bb4d3f7f2f6ce25179a47fd7b6441a9b3a28783ceedb425b2912734a75d7d03811172188253bd8f0f52eaee84a9fb025f95ea1b566c53297a6a090f7fd8b21639523e073adaa750d63da61631f933fedffb2819e0eb3074e9e11e10b102ac88e2c8d6cf408fd241ad301f9b8e18a88b74cb4b0dac76347635dfbb3eecfdf84229babcc003c6e4efb7394e25667dd7fa47d36e027559f53e98789e6e732e6aa23a71607677fb975c2852367c5ba5e3d10b3017ad26f9a38ce803929d08a43646ffbc3980b359d8bc2e9615636d4e5de8de6fb2465a983eb1696e98dd33faeb7af8c2d30506b22390d7f9fc21c7a016fdf22d21ed2ea4175fe9f5f44598ec26452700dc9a495675431e1236865f2f4aa5bc9c9a10eee9e29b1fc4fefcf8f24bf94342fc7e19aa6534c3b771d910aa419ea2bf70e2c1915891cc630a3397551e4f34bd2192b70eb210ea67cf152a35a3f5d0878e153579b42afafe5068b2be2b48127ffb54553b7a9b6f845e7d72c43938ae42bc03e33b836ab212909510aae7dbe8ee6d0eb8ad84d60832f3151273a1e09c514c3aa4cacd15564643f4255f36059022b91ba4137ecd97b34be3308d40ef06bcf4f45ec625b54c7347f52a21815508199c8b7a6212779cd171894da9fc3de2a6ef5d76bfe03b8199ed1dc92b2a403e4da009cbc0fb597c5952be32579eb8e781eb12d935848c051029c528cbb68cbc1de0102b42561e21f48e72e028c2cd8816a9027914571b49d2f94c9189e1a7f18d7d3d0a09b3a36edb8a084ace5fccc77e3e42eda0fbab8c81eaf170103ca757981839c9448362bcaaaa3f20c8dc653aef36953559f3597e1915f02a8d33d0e46201fc794ee055e6d9955b91fc7aba1f136c280367404725cb355fc2f129413581401f98236d2a6f8bed7fdd7ea99060dabe3f0e8ce20b0e98ea80994d1673e8ccc6a0ba4a9d544f3d31bd95c9d3847527a978c1f155efd84b6a7becfb749628ce82e80285fc7272ea05f953404e437ad557f38fd9bbf77a69b81e4441605b23f2aaedb00c7519d8e9cb4cae5f8c3fa74faabf6c12595ba045f647aba7168c65c8a6006733d1341435495c7088c3361b50c43787ec24c24f57323466b5c088e8097b44666453010da38ad65b426e72140af78a5448b2f93df3820f013fb9dcac49604c86f2b2e4ea565463917285f148e8bfa9e11943ad3b86b14ed59a190cae097db26daf8fd2a642676a37dd90c23b52c82ce028b80a805d9ba05457f7b6cbaecba4094822e16c14d6e2291b731d581b12fb16802653360aaa6a7989d61c80debfcce81a36d9ecc84039c4f086a5579d36ff5d0cbe61292e4fc3d14277af380a9c1dbf36c2d61f59cfc0d62524e042710bff5ba719e56ba367ffe849d660b9f7f3b638e113bf2e1a4db1b8f65a0fd680bb2a168a4fd5b4e0edf3208ad47f1ff4afbaa726e38763cb5c84c03da3d1e32cba873b9a0c750922cd3d0a10a4877eafef602f5c875fbf0ee2f4f0af7f308ef934f7e8e74fda62a860bb594fd061d1b2bb32ba613339042fd90e749acef450d204072acf58b18c365e4f4b815f1e837453c4255d53bb68d50f3677e7173fcc23d2b592149a9f3dd615868af91f705387547862d34553fd45b8df643f596dfdb7aba47bd5d91445826c86fd4d30365a2f9a3cc0913de19707d072f27a09eab906304008875b5be3526210d6b8bc8663975a1f78eab9cd7f7305cdd4c00d6277622e50606e1cadd639730101d088bc2bab295ad86ba8e26f5ebcb3e9c7c543e533a7b3c20f0f89001775f714825dc8547bab06f5b99c5305ef18372a184569323fe269d45b669b9a222c9defbb0b2c84f42a57ef343a5c12f5712eec33985df8f0c566d471a9403fc103a3eeed42829d8e3e5c517bde29447841ce96c8ac587df3e4b6227fab386140db0112ed0d2846355c4a45e94f3a0718ceec13fd3caaeefdf0b7f89f502aacf8c9d96d01b5549157b7df2be65bc30c889e69971700286c561df91c8cb923001e5f0e21d2c7a3dfe8d1af07fece1eda20c031b29a4389f265d2c7be64ec37b2884849ef30fc8a82d2f766ace68c72f0a4b72f3b50884749814387893db2370a3410f794c64cd24bf0d13e44ad500ba9816f9baed72f7593f758592c2e974d1207a664b869130baa1fa71dbc55875134e7cfa276e36568f79483886099a1070c14c6e4eb87523e04c0154a2250624261211723453cfad185298de06d08cc25fa18bc58b34ecdf5d9dbb02541bab4a2af110ae09130e12439f1cecc34f9ab5d7be36c827a6f2f6708b543d4ad2e424805e2a74895742b0a5da30cabe4ab45f40cbfccbeebdab9b8eb8f78781168b5bc79e04effe1757ab0547b9bd0d2625673ce528d2b4874d46df0e09c24fc413ef9ab4c3d2e803c1e316d77ff5de3368bb925b2b1f6ffc340525663931f5595c8aaaf9fb0dccdfa4793519a66d4fde38bd2044c60fd1de15d60ba878fda570e7aef6db69d2527a1f1481a9d05ff2f6f621238939acf5d2c37b2bc3a194a9e65e7441764a5ee37b1fef3b8c9c425be1b5ff0d05bcb6a3b91876ec04ed89a31749fd443c2b85f8f388e7070d77dee37e2b666628cc9a961236dd24af2769c1f613b4e77f8e82d1f410ed59f63f1df19bc53a448106de4f8efb8cc37e40144b0f658a4135e25a3cf36d8692def2677e4bea3a9770f19e44d55080625421d5badebef3b39be71c08650b5718a9b2fcefc4becb26c4b63c43f6557dd66517d103907f82f9c2b965b7c5e36059d2159183f5acb8b5ff5e6b92e94d53ab25ae955424e80edec4650be293e836da6148392c500ff4b7672932e90e068569b81ae335b2e5013ccc95f571948d58127eb1269a08d6e897d2d9b60f3e49847c05d0b3ac230a67eb6d38ffdbd4b8d82d7b9ec803429c701f080be86faa165c0111131712db4957fd84a8936ab55558c69d33d5890cadd08d7f0d4962cf9e2f69c7517e79db14b76e6e188f5ed95169a2a7e4c0ebc2175ec2dd44abcf239ceb3e22f955ed25da41768ca5fd9a9ae15faaafeb431958a679249ab8bf879185e8fbf9986b96a92972153b4cd0d1be001e5afae3ad1f0b1191f1483738e728d4ad240538e5ef7bc9ba4d5903929d74cb64241306fdbaaae17b1c3134aed2cc394d3ef9653cc62a29c4b0b9be04e95e072ec98f7a80a7b575ded4a1993aa884c1edffe056ec475d934b4eb0ebf418975728c6e9cb3919b2b67d2c71228a4df1fe2c8388e3a2bdd75549417fe795f1947f857b1c0c9ca021515fd4d79e691493b988080943c394bf29e4190082a94f224afde5853323ea51c06b41547eec0da5cc202a048d77c7b91e794c51e72b02ea7c14578c11d9df48e099465783e496029ebb6d42d9caa52902a4694355db01dd7f5d7c113ae06e3f712fa577e937cd4fb817659f93964e194fe7d509a81c258c69c3415a8f11d35b414339fd1cc1d4f50665d9111592d1c3a3d69fcf6a971c285a94f5ffbfe8d2fd2746dceb3b218d970d670d10135126e479d92000d41eabdeea4c04d1748a4908dd39c60a52aa5fe29c8aced50dc1295b5c2c4a98e3c62ee4f370f4d3e500fe27b66f65bae604fd558d66b7f09ce36c36c8b5b4fed193ef56d1d8df0fe6fe0031466a1c633203966fe83d6bff843657dc0af176aa8d5cb7312cb4e072bcff24d5f3828e29b2037e8d1fb63537c70c27011e9a97e3f04895f4e84ac69c55d450b46d5792a5d790557be64f765fa243afa98527b976783e7acdf76a7e1dcbda72431fc30d7b05197478d8d74077626ff7409f95b24a1f1bb6b803b9f1b9ad5b06883fae6c4b587c309a63f3b2fc9619032157b98c1da9608107e87f4fee0dae995ab86ac9869446cde92441f0b9f8240e6f7f7aa9189d92b7faa3280fa749ba8c7729f8974049c5cbcb8c6650cf1c16b8194c7ae1a82b40b8b04488fcc69e674362fe4821d4c1846cd9bc49234bcc464013f5f9a082fb83d63098c331d4b1c9129f52259ccaf4a9237f8ec5bccf06f230c08ddaf1d0c21c5930f55d3d5f60cbfc447e7fcbc75cd199733f8d17bd043b67b0c138cb0c9c8f2e477728f27dee573796f71b013689b537aead4991e67f2f5eb94bfad9509d7c235c9e55f68f26b9ce8aa90834d170f8b700a40ae9a817d5d17b1644d25bcf1172a5cf0c755a6ec04fafc39db06aaa05f5988e187b9e110eedea9c84b99ad29a4b31950f2c870a1f91daa6a5817faeae516fa42660fcf56000f7365d8c6cc11d4784c6fc02e4d0c727806e9d43b957bba124c980c31f81facc6d46f6c38d227eef8f0", + "sha3_256_hash_of_signature": "b43ce18c46f465f6254fe4b08188dc7cd263f584a82c1b887b832ed17121d71a" + }, + { + "key_generation_seed": "d9931e321732bd82ec9ca1df12ba48549bfc7d3e76a404b71892f4198777ffbb", + "sha3_256_hash_of_public_key": "c3df926f822260b8b2022a1e58e6375de09c2dd6b65e4db15cfae00ebece625e", + "sha3_256_hash_of_secret_key": "e2eedf37b1967cf0fe73ad27534f5d68898c9ca00097a069a41e7bc51b73a5a9", + "message": "1f7ab96e8c14d1a5094672d7034fa8f81703a2cc18983c972cc66736cd98b031ac8a479ced21a1f634938df85f3e83161646db81b9ac3ea22f80980b8e2eba4e9975714e5a98985817f426c41f3968349686b69af917564a2648401b8fa127fc3200dc16a9e663d1d345ea83131e21229dd39e70d7270de7577a7e9635602fd2c30efaf204a9234f0a73d21375658b0b0b04927e67f3f5534614edf5137badfed914a49aa301000092da93b3fa4a0ff592cc3a53f4a75b54fee775efa421eefcd6e0d32fb5cdc096886076da940b26c6e07f12f6e08fa7b3e2dc42055308e5607a2732717ae592a6909c6e084252a5b08685fe8c6c1da387b0aa9800b67cdb3ee2fb21b9be5e6b79ab545563068441c0c9c1e68cef6028a5cedf27d3ca47d95094c9e1e68b8449758be3ff8fde148abc420295dc76e3eba8e11433217fdc3136551a5a41c1c7e7d6ef43601946897fda54842d8f73faa7eb7ed0de544fef2a95c6fecb13c8c0f14b5b22493f54374184b73d5bd47383bbc5dd7bc1beac0cb8e66d2f413a9dceb7e1d0ee2d63b9eb28db232c33a95b792ae67d2591f5af59ddc45771a0e7195c4d25e7f4079359597678b0c0a87df3d66a686a9215dd566d4722c212ad05a23e1377e37e18a6ab3ab8bf5cd47bf1baf06eb05e4c150ca67d7e52bd297a08cfc97b575752e686b83575f425f3a450bb0f596a60e41f7183f463007fd019ee255bdef1d98b7a0a12ec33b3e2bc9bf0cc8f4860debcfbbd5e40b2adc2cd10ec35a341be7a49f8d204fdae86921b7de5ba700a61e2b041a8ea7040acee844892e5cf025ffec5322ff6d765bff1107c967a12eccb0489f64f8c13bd7057df76485446641aa7a560c7e73008c46572628e1a225a8d3f6d68ddc9759a952fc07cd43de4434bd3391089e900275e9ebc92563ac1403bb7dfdd182092130e3e6aeb7b666f4ba66c38bbe1f726f40a07df6c42079a6054399519e26d765ca065f4ddfd27a29cba292699cd826fa9d3e7ee31b0d76813879db5ec5c7f454095dc3bd27323dabd2dff949ac760d6137334507816330fa67d886021661adc69aebd882a07e01b4b6e5492399ecdea99222ee785c810b30409dfaf2a3ce5a05d699c2368249c9588d86feaa778b4860d6dd442088a21d2d9d0b49b15ec579776812af8ad582f1c44bb6432d7472300b5440a382ed87ab64b20373a0abdbce391d0bffc9c543ec686449fca9d04b7141836a416720bdff250a06d7651a1f98eabe4b340b2303591d0847aed6ffe423b6dd8c0c03459c381db506f531343f82c116323899df1e5d8db8997bec12eb70103f0bf2b3d53c4d4694052606ee32be4f5b35450358d7d85062dcf7f0bdb51364700baf92cd6ace4e2c10e6cd9a332716f5f4bf7598466a99238357798a499c9b8be77690635c57e7d87a904b3f2278c0b1b23e5860b0532f152e1626c86fd855f656b5d070bc81ce4634a87c8ea6d6a433c02dd2e6d6561b25968b149a6f3bba40b749f188b84314b5778a000cae91a53d59860ee6f7df38ca0935cd64c08a34bf19981c17951b9c39a847d0637441452e38ce5e1d9b99bed51b86705cebb8d3244c40bb8d70f846936a2be29c21604a7e6bd3e655022b929954f6c9a5743f5fc2127b49956d80128dd582ceaa06fc174813e5f5e6a0a4d7d26756fb28a6588e9410722591cce2a6c6ed0976b98e1fb0c642d5df8f08e96bae1fe10375fa1d7c70806101570fef1ebc8f58664281e2b61df2081b655013aef54616308504f5f4a1e8f156680163489d3fe7bb0a514f1d2d57ee6302853d7d03c767c7bdfb79e2b8c80403f26f6edbdd6a890a0a0b9b76d334e0f729ff9c47bfe960a1c3faf77e81b9ac156367423dbb4d766a1f3b1e67595effd76287f22bc37da4f0204633e804002eb7c1ad0836fa4d01e2fcdeab8457dfc3d8b7f1151bef3574f8f4653aa3780003787b8891901abc8250a974c15f2dddf9e1be6798647eed710d06cc3fb4c276bffa585680fc632d8efd1614745bc3c72b82c53feae935ea5014e2b321f69badf570fad878c9590fd20fb7bf1b31e373da93d1a8c63ea45e698ce060fe70aba0fa84f37e836f2ad2998f07101d3fc7ca2b08b1398e1687ed5a8ce860ef9b4889ff436b74d13281d1f6a7edf1dbe8989bfaeefe6a475e65217643e757006871e664099f5b3846553603cd9eef8fc195807361fbfdeb8dee6a0b79f009c10df397ffb865f4ebd0473d458d553358029c6b5a95d6ffee9b645311d10a8f479b7e5249aa87e3ded08311b4ddf3a458fe61ae294a22643861826acbbc9b0ea8b73157ce15d1ff35098ae67159b07ca7499398c26776dd9884b5d3786c87d48e864d8bbe2b73e2890f217e135bfdfc4dc5e805d9cefef5268e33db611aba6a5d57ec82b7246a63dcf3eaf3a51cf503d65c206d2362421de774158aeaffee45a6b5ad5cc0b1de0e2ea74e97913729a69e9c00a309ddceb7738baf4757ea9cc96e055bbdf692b12d8b01b92ce5ecf3d52187402cb7fd961a2672dc1875b6ea22ad7f5f42b1b52ba2d780f2e6c5b25fc7e30b1b663e3a09c8ff0b5c302e0e7f984ddcc62dda65fd996e17da72f02a16c354bbdad44c5b5044759bd53789b98bc58cc25fcdf10a9cbbf0fd6abd58a4cedd92c5d85ef22b3c5ee5d9440ce42995517d2f7352ce997f51a36b9fa5703b4c6491ad01f406fd1b5bf85321026d28b51354dadedf057b37743499a986469f908a01f3c1b74def5d8e2f57ed25a80720b540333109a0a65e7984b557f65429f3d3bd7ec3732a10d7af36dd5d2414a09949a0f57f37bd9021d2c482e61437cc15e9dfdd92d4c212c4fc6c22c54591e5afd48210fdc88040135e433f50e45874e0d5ee2bbc857f2c80e2fa4fc7acfec8eec0cab351f677c790787c715945c21bf923edc0a58878ae09acf5fb5a003c9c0b6e30a450ce6dad4b626108b88e89f1e6a7bb3843e1ec8aee35af69e81773cff71190f819ccf24142d60ac51b80b61019ec7ed2efb6c5f18b499fc9727bed2e3324f8b94a522092e0a98241e29f8f14c6561df3fea0824f9cb0fe10bb497e427ee62085e7aabb2900fa47bf27c1638bd116c5555c076deefe9754e8ed333d72ce9423e27ef640fd5199c0cafbcf2da1c5c34121a69e7e0deb3c268fe60c6797056383da43e6f472d225116f63124498271d3d43aadcc5871f2349ce040be068d72eb57b7827a7d9aa01405ba0ab07e684b91ef05418948f6713aef1f4948399e0e6130740cae3e481a6366295422be3ee2e892aa9fee86a6e23e2ebcbe654989fd93d1c4e7d62910e1223bd66b7c54f8dd7d373986e5d4141bf0bde98dd13aab7d598d698660f11fa4bfb0ad09d5c27b65386c8673e6c4ae9e8e30f8dd1a5a3fe557a3c29dcf99a7c376200ab595c49445e740e3daec07bc047fd6ea4fc6cfdc23d7449f9d1170fe635ca36d3de5b57f1cfb182de240cd4c1e480600c449d1a8596d8315906a53954201929e7665dd2e27d590d481dd394cf2e8ae19217f1ff0cb511def7460dc9e49c21607247857ba744b1384344b4c2d8ce987512376f66f1a279509281242a7a2a58ed500395418138abdb9c5572a258d157f4d3e88ed216bbe9cee3bd054fe61f94c59a4ad19aa62e456b86cade61622a6fea877575eeaea20c76ae8a89e7b44396bae0eeeab1c23f221a3df2b2cc683256a4e5c8207eda0b235562ad3b510f9d3fbe0b51cd8f238a0abd2ec182681606c8fd111d8ce1ec1cda6db4572303ddeb925ac1fffd75e321468266790dee6bc0e85070cee749d9e46795936324dd1388e1b11aa617500534b8daf2de12b035f73111b770f5f56f5c6a4152c45ce0e112e650faa9f3c7e59e3410745c29fa59cae5cc37fe4c6594990e50df1576b69b2b292afc58a804743f49dd7c98c1768fd19ab4213ae4fb197492af5bf7fbc6c8b507673539d8515dd527fafdd8ca3eff629caa720aa11e65922678447ad4ddf5ff943873df5203afea4130ca5f633e104ab083ec690cf092d208a98006e91bc7e33731d18e592869e564e6d3ff8bbbbb9837ffc1f1b92de0f5dd4a029c51e3f64592cac3de1b4ca5414f894b7b0b7d73d6bf1da4b908aceab47771da56a8b0536301fc5fd270caa55ce171332f7db2eb4619c4b2c1971ebc0ab8b0b11fd54c24285da8428ab9e0150d8897216b133ed554de8cee532024df8b8d9314d7c9a3ec60464f9c7bca8c3d4fba23a7b543ac111aba8c8f1bd54a243d565dc062f84cccedb0a03375fdfbcef8ad8cafc440d3e6f988dc607ecb947673dec4ad48724c91a6be22a0027e42af6d94d26d188d0b7b3a5af012880fc0105dd2f11171742321dd41a0401415c58ad4dc445642a2cbb466788f54d270bd8df25602b298b62b6d0fa3ada97008a99b73a807092f8957f17eead9d53b1128fbef1defcbc607ea92afbd353e95f52d33ab7c1ebe2", + "sha3_256_hash_of_signature": "c07f2fa459952c588ba1dc7489b05502ec990019c3eb366dc8484751c86d42be" + }, + { + "key_generation_seed": "f838451e4a5929b8bae9084b40b1dc0edfb76a9354bf27f981960c88b0ba3a11", + "sha3_256_hash_of_public_key": "25e86498700604409627754ac24b3ca0e1bd4269a3c2e6094f7f280d9ccfd79f", + "sha3_256_hash_of_secret_key": "eec58d71b7d4b412332cfd441f4223801cc4442d7bab793b50ea57d646c990c1", + "message": "de897f02ae7292abafa6a0cad52929113410f2ba972b4184e894c4d31081420751560956f49ce2b772635625afc3ca6698fbfde4d0a05ef243df190ba1ce780eb572590e01e6e283e1963f2b0722b0ceb365552f65bd405f1a284ddbed07ba61c4453d30cc28c83e41590e09d7bb6932d231285205d61332fa9263b8a2d3d7f7fa20f521ca4b49f249896780e08c2dc41669bf0777278f87bb1f72cddf4b998062b1642791f81ad474d6d8f963dcb4458ce11108544c41cdf19145b77038c7e8adcd6501508c53b25be6e787313018620d1ba647cca4a5a8399e11815eaecec6ae66dbc576699bb0ab44de111ab6f252256389efdc0546e641de87fd6a3a724716257a9174f39542539a593864441eb79d499fcdf2f1d053cebb3a1fcc09419d2c553c2265b3dc3943e0341bb49130e9981ec59945fa0b23e9dbdbf352aba0d925c4333f2ee1f2c83c847efa78bb13263b893d7cae029bf08cea2a5d1b5b997e403a489c6d9a124fb8386fe58c2476894e7754b8e5a162102a119482b5e59f8d89c8b1dea70b6c80641c77bfd12d45c5b3ce0021ee500a1665abcf740794e0d3e7e8cb5804a1e0d0c81a107dee80bf63bff8ce2ee2dd602df279de39c579b417a758356d2b48b41e83495dee9adfe4506e03f19dd096e81405264d408b2fbcdbf41db5ced6fbdc2645dbefe5bd038382993970c7686dba3fedc24e1f91ba4b6cf70b2e832b97be24b6393273a519db0b4446e98d77e86ccacfbeccb18939013c66f7a29b10de2e88fcfaef656b858b7dfacc4f21ef5f328c0ef604fedd993510ba40530b79525fe8d336def0e5c303539e664a9360edad7268f70df4de199ab3f70eb2ba65e2752bf5fdb1e853e6f4efcafbb31d8cc23155413be31082da958b01682894a9057cab66d4d64a6f3b1d81c5b75815a3e0caf6486b17339174276a84e11c117b060302dc2ee06a03c0e15395c0dd32661638f059a385578c1b792349a41c511d12ac7185b060a831ee296e6626459c2750faf3afb579f6f6836d566c00c979b5130e8e50431e914834cbb3d26f6e5ba50bcf05d50f699faf10767aa2831c3557a53af14bfd9f23c00f76c2680c7dbf4a9b2a425e34c943228c3ebe55a0960acc757d7878f7943e2e8a1cbc8c0d2139a6a6459d3492a1a7757f71e90a58a78e0ff9b04d059c5d131f6e3c30742fde5506ae7860045a4c903de96dc43ac6a69273bf8edab7e7fafbaad9efa8fa609961502efaccde63a6d98d8d017075487c608ff701a7e3381d7a2acb134b198950ecc6970a75af5625faa4eaf968cce48ffb673f4f365802a984c609c33ba312140a60a6f0924e945d11baacfcd643c874d352a90367ea4c59b63665364832b1a9a9a01eda92c64f393c357158973fa7c6047b8b5e27eedb28e26359402b63032f8b230f5aa968272819ca486a8bafd3d66799ae951cabf04ea81e1e7e4632b915d4e8387c7d1f4fafe1c1fc8666fe0318403ea0027487e947d844a7fa28c0523a64ebd95d2a8abf6a71fefb5bc059b2cbeecd4375f3a3f109dead98539244ddcfee9e42db3abdaf943c445712ebf19508a1ffa6133c5078c1da69a32cbe729a8876c4c73cb232024a87d87fd5f9456d3d4a936cb4ce2e00ef415406d66d344000a4a95cc9651425a16021336c4beff310210324c754bbe13cd0066c507413671c80cf492b4655d898a18a2f4db5a393400c6ad821580b0712d6c919c62e87fe212260eaef6876c409fca1047a67b223e0766144f3f676f051fbe912c4ce4a9f7b85459da031ec47c621f6ef06cd1621421fa52b047b51c944dfa94807083b4ed40d533b19813477193d1e4e96c8d76a5af3100fa44a985a6513060b08a7f3848159b3cc551d43370b223037753b824a099a7c7df59305be09e2e79618c83818bd542f39380126a927190ea5536dfa63b664aa7601c6d82cddf4ce4006e1af2601ec453971828cd09c29d2f3ea6392b58d38bcf40bf6b6497f6b848cb853b187610cd23880cb09787c76087356c66565c0399be746a81753442e4aaa54e84f1d8c2ccb2d00a551e960203d61e71a72e131ed1967dd06e72c99264ef2ee5bd156fc869b5031ba23a6d354d7cec58f339f6bc2dd1c547f07aa733994860197dce5bce6024a74668ed89a2c9cafe1f78b31638c3225d96009c260fbd28c1f0423e75c9c01a0f9e62b7f265fa3817f441f56ae79ba54a0c107fd7946a2ddda60d0eae428715fe2b4ff93bef83cd10e5e17760fe028f1aac8084a43edcc12bfd3265d13fa94d9704809a50881d48f0080a976c5bf31b353b9043c0f0b69ae6f2b8badd056752f2fc9e90c4b35850c2d45b9f354b41ed7826b976528875547a0c389b83725e26c006cc8240e380e3eb554dbf2133a131743539b1d174cca6b135c59f81d499631bda4cf90ded836e8c24c074a0bcd83271309ffef320791c9030fc2b1f53fd2de870e54eba20ce9930c279b48b39cb481737f012f65933650374ba39e2222191b0e3c7db9632ce9cb077322cef97ed832ddd8aaee53c52c03d2aaf8eb5597d8d6467a406bf428e2f16462e0c0d486a1c1c7348cbbf92633ec4ffa75945025a3c92095317e32290d4cbaa6ca40f3f201975f3fc8b733d1467c094e075e8415352e3ae51a6c5169a4aa430bcd66ff39b184f5b7174042dfcc6840eef60ccdcac12d012ae4f24f7184a038d8d9964ab405366740600b98cfe2e4737c8d846fd4e9b22b5047110d85b37bdb9e7e3baf5298bbdc1050aa20f14e34dec283830f5fa9c570c22ca659c1276be8ffbc0ac3551db8488855ae7ec21e239e88a0f68227d17dd87ffa3b3d0535f9e57807755de56a65c0de9f4a79f8746b20908bf9416a86f62ee2c2545bca2d55cd4d45dcdf06dc879e1b6270a80778d0274aa658395d800eaef367df4f4d838eee0a66093e0f419b9edc5f003e31cf0eb7e1cee9accda7a2dfc920a4b5222389dbf12ad17392850c434a9b3c260159b0f52e78e7a66d28dd5b3c77662cfed2cb3dd5bc3cc26a34293ebf1fb3a9bc59bb0c104c5a9387f3893a65d145d424ce741a375f9c65e733a024e78fe274b29ff4b0eb6f21fafc31453eaf7e48fabec5711d3898b876f59952c73123281a8e85148cef5a166bf45df36053d57ae6f29d3e334bb2395fa236d4daa8a4fdf99d80a9bcdbed36154bf4fa3d463d51974032d7b88b2504317e14165b1c3fe3d8fe366fc8284321d80f9cf512f418c63f73b7c29c07870332387bbd1a870ac39485f64086006cfd68c8299347615a423736c01faef2da56cfb6fc966948649324e22d4551b9f50654ee505547f7d0b8481adf6aac3977f49d7e6ae5c4248df7b43bda7f082aacfcdcf1c1bc04f2d45f5e028498ecbca47ec4d1ddeb03a2ab27be9e4b80585145676f8ae7a5017bc5efa317a576ed6e423d5a0495b8dc619712a2c3e6162b04b9bbc7de4be6532f6c1c019e702c014c60189a2612594bcb18317804c630264d07b7396db562777bc305b885e00706ff6d0208737bd229bc7aeeff5fb770a4c057b347601f1f6c16f60d4a53a0b32631ad2d41fa307f6630228e1807d22475d5e331a50a680896dc606f3941ac08f8ba46de5a49f5ed6a94965334fdfd69c4a6c7973d9615b3fe576b15aacb9b98d9e498d2a3a89b4f8eee715ed5f29f13dde7629bb386f7cc800f16f3b5ba8bd0e14cd8d9bb0f0aa615be9d7557f6efd00f7bbef9989e7f463279408e6ad77e100ae4457d57424f2b1caef43052c5b25c896baa1c2fe67d1d6f669311f17d39460f0b176a7727f53257a36faacbf3dfe623d8f882f8ee41ba1ce387e1d1860f4babe26ed678395b9979d84dea5c7b38905d4c7fd867ed7722d066bff3a833d3282bb40d1cd310dc8dac9270a49b65b5181eb30f166caf0832a8dc56b9d135550b506d98d036be7876836aae669507990de6d03e78a38139cf64f65fb410f192e30b045c93fe259c10e0c5b56a2b5f0605da0851104c4beeb4e3b30135cae5a6c68403c63121b0993832834a3b5ebdd345c41b26dd219560b624024b8b945a10d385b3ce4e0bd54e10a64aca59d283302028a9592120d142cceb1cc30e1f96ad041f1e17bcdc3c68c2ea2e0d65d6ba3696166cb365cc461abc4d67d504e8290eb452ecb77f6d5faa5053d01317646242384c5c510bd43c5780bbd01ebc3af33d29d8a09ef39ac85e70398d2a64dffa72b3efd8d6d57aa2f9dac0cc6eeab27b69fdf2403a5fede0bfaf441619be03fde44c49ff0a34e9c37d2b9aeb726d56eb646a67bf349323f397db056d71de72a2597d780942554c8f8273e307dba6bd02e944e0559509e1f28b511bd709d03ea2451ef234df6f077e06aa01e2806d5bdf89df29f1b3d8c6d8014496ad83857f7465f1072e88709d0194733e1fc8c9f092df5b9802fd2ddda8b142217b9532d8604e2f32d06f6400025930da2be9b25529788e6bf4eb7f84c272df455ce2ada291cfdb5fe815129e4aed59625c879e99b3e3c1b6c5d7", + "sha3_256_hash_of_signature": "f62dc229e8b1f01bf453cdb85fc6db1c7372a7679221c935b8169486235a1d2d" + }, + { + "key_generation_seed": "8e4334b2589d0caecf0fd9ba584ea26a4123d4543a8a0fe126d4a7e07f6067af", + "sha3_256_hash_of_public_key": "5a9230857f1486f5a435378ddcc582a390ba6e487b0a797dc0f7d468be06e83a", + "sha3_256_hash_of_secret_key": "a2340ede5697062ebf1f0669f5b94515007e92c8ea3d238b9de42aafb8b0bbdd", + "message": "525e8b98c55864849ffc71ebc953f7a0eca6298f6aa15a83bf6923bd5921b1c86dbbfc544a39c364ef6d9281481e946c994f96829d6639727a5345560d8641e9a510f913f7fe5592c2a40cb278f5afd8d4504b5387c20945654f08168247a98f56a43a5020955f882d2d93781f4a83676b08f50341e953a5d1b67de7f6d1be3d78d5d060aa85b5ee4271763c437ccd595890dbc8fcfaf2754ae9349ba2fdf89847a15188716c0ec672887a4b9a15176ae0c5138819ca232d012be1dcffd29f677442083087c127cbd80b0d9cc0962bc8318e734910d1e2653bbf700c84bb0919e12df331ccdc7128b41f0666f6419afbadaf673be16c9177d3cf113c6488504de088149bfb83eacbbc400309b7ad753f7b2f5aa89f070c9d14c084c32df91c5f7cb6a7d869d64f4a05af80a98be7517ed784c17b0d7df96b9987b7ea7a398ce018ae6e13e1c0f7aa040ac3ffd273bb9687ad6fefdb211061a6228967e9dfef69bcc1c5d02ee56d49a93c8aad46d08322a2ca246ae8c3edc071d063ad605a97b8ae94d58e897a4a6310bcbf55b0cae1aa81769d30b46f883eaf29d4b5fea32f2dbde49360cb6235754bdc305abb5e5395360097378656e2bace675448889b0149d6086c51e9c3af07a76563164864f131cf9c0cd475cd4a58726ad237cfb76aca68032351fb24711da635871386b4bfc94b0db6d35f07d0196f75cedb92efbe7d653e0ff9326a596f9166ff6cab73125dad27f361d6122ca531d86910187e75f849edb52db26c96fdf05925dcca232480d3f979eab07cca68fc9069965d12bb666a180989ad1fbee3fe65e746c5a8f64dab2e370f0487d001121edd0d0d760531af46da65c75de11688ebf31dd2ac95c188bcfa07ea798609f3ea8e6364a43742a2825144fafc05abd17476480812eb2483734b13d075b3ee3ad510b67cf7057014351b2ce5357e3f12f43ba74ced614be3a9ac0e26763e9ac596f87ae98f72abe0de213a81a9a03e2b82f2312c1a186dfcfc3db346feb132931c793ecf837f57d8e326101f59705b77a3083e712ce347c2c29c23468b0c5857efa410197833987c61ecbc2a855ef78b3d7b1b697ab9844aad07c4b8ef666bd80daba5fcac900c5d358a11676ffc89dff4f36f29f14d9f9b854dced41ffc4b36381449d22801c19bf8e8ba1f07a1b38ffb527a34d009c4064a1e606ff2ab90ab2e05c156150ec14d7dc792578a16f46650d0abb61175d1817e2c38f109ebc01a3abb358673561691185da32eeef566c1ba1c72c1f08cd1b427b552425501b8783116f2eb0cff73c5d2def18d291c106980135821a77428fab20a935ac8b6dd8edd1a936225344eb103de0d5879cca09359b5b882291c0fb1fccf167c30dbecfc324ac315713cd10f35b72f0d4871a7cbaa2b4cc2bc2598f23da607c94a063c9e2013b0eda5f3bd5aadb2c429177a4bfd7b6181ed5f9a55c1f043da8155c9e7bebda7ea07dea49938fe07743df2295c220eb53348310842b1000b7a02ac025c3a94fa82d46ed7e2712de71b149742731ebe62e225d21a7f29d5f3a8a62b71fe16258570da412c07cecf82b2064ab5d98761c69fc5e899a8e174875b3179deaa0bf4a0261da9bf39148440dcbeb0c887e41fdf751505de79aa1f8593f45482b659f5b5f4cc3e7bfee59def49458db195a1a692b8af4aa44ccfb00b753ac761181b8aab39db82385ae776cfc585f7873613b62de55bb10a6b2f27e631ce41436c3fe390163e6f4ebd6b501519c96c06fadcac8f75920fe1435542fdf535ead6c0e3f41345996063b95a208defb6f110cc861580979bf4422ed395ca218cfc3b22c0ba8b31cb9eeeb51c3df35fece92795cafb8440f522b44e21b3a18d5cdbc296b887a4b927f36715e4ac2cab043d8b69a8704d6be24c725b0c2e814bca7b040c27fe8f4c14911051039af13f44e0485eb767f5404cfb6fd19da24d82fe24b53033c83dd8634e2e28aa330a81f14bac1c57dead7ffe39994d9d094383e14322e146a3df27a776e2f09a11ec9014c809f8e543594d6b4814918a129b36fd25015a044e04d3f081d4d201df86a0fcafbbfc695088170b8246776b6a28e59449c646d1e706cea96b12683cd3a7c60459d42989ca46694b0089cf88e9aec5e110f69fe0e3fe20d18309d1ba72a83a34813b771484505b08548fe5d376aaa0c414260ea4bce5eb81f6545cd5203026264938905be1e252574f4b4e71c6e12f99f6efd35effd64183cd0665fe89d6a357b1908e083511dce2cdf792a608044c31418c433f86719e156af3ff98d0f54ebeb9f9fbf24588a5557d310ef9d7cf5dd8a68512d8cb15114773c69d7b40c927858afc049f7c6a89841020e1c313c5c38b988ef505ebe6c15fc1d6ccd8b472f90ed64da895d06ac01bb99f455a195a670d22dbd5e3f03ac84a08831e9842a566e9785a0fd4c460c5cac154d705dce1e7fd1c45baeb23976af881cf5628f3cd92ab19bae8d45a03a859518e4a1e558fac2b48a432e46cf274e6496b63874ca4e4571132568aa43eec3d2a3948f40d327976a6d28cd816cfbeaf8fe126913384061d219f51179f679081503371ea0b6bd7e9524b0ece2573304ecb4a16eb471ca0817c0c6ede751f283aceec5a60c2796c6261ffc6226e4813241619f465dce67b38e1d5a647b079503144907307c7d6eb6e6ec1936b5c94fcc08a882b4555b19b33a9bf22384db38473a313966d157daf8aad41ef67d3a5fe723559096ab1768ff69773eb9d5c88d6f35f00dfa4473df71c7e9e35393638ded05d05c105cbf37711d38e3eee35e8cc0029b3761241fd1e56969e09e949690d4fe25735d774e777a2ca17fe058e14ae6806f611fb1e9fcd516e20499a704b67990716703a4287b50ab45d155d40edc0aaf97f5b87551c236cebe9cadd562b27957ead251f79caac6433f228b50167fb1a753306fff08b53a8a3cecc226857a321700ebe23ab4d6c35415ca79b682d6cfef6b1341e7ce00cb9870f432b63a2d9a9a43c87d28a95c514582812da37738bda6cc76142e08f69ebaa5acd0403100c2343e2fa088441e9a55c720bb509bc3600c27c1d39157e049650d1749751efe55a72349e2a5b714556ce2188ce972287be2152c7e58d3fcad43a214a4095de55cae9f627d8b9018daa01547842fa1ad14d67327cd47eb9b90cd94afdf5244de57e527f17894a410fb4210e06632e88a398400b0aa48cb3feb9a90acc668615d193d5a98158092fbb59ad2d6d4ffee433a2a6a971a228685ae5bbafb3ab28242c630af4656c5071c545618a0a765fce41b19970c2152d44c349d0cdfb29673d1a42ffec139d1c9958b0962f7b57f80cb8fe6331553b0df93da9bfc722b1c001f48ff9c0fef032610a1118ac9ebaf9202dffea605272a50a90768f031c72d570c0aa5b0d4fee4ad568895274388104c0bf88d03fadc3159d6cf28ac6a7e3e5cf6fe5c6658128cbf81456db8c29a76f9c75230f3837f1a94cb83c3aaabdf4b29c9045b45ab9552bbb6c0844bf2926267c0d74d3337249d5c9610e0f6ffd0278f12f39c48650c048d61a3fdb8e1a2e08ccca68803a55b39bd39160b0420cbeac7d8a55f571f490f694a7aa8b725ba84238ee1e711864aa1f74aff252c088e36b79b09c80278dd442eaea8c7d5833cd1baa18bdd866689e663eadd0eaa6e0c78a3e09dffe5f6f1f4003de24336586b25dc5ee45d56f31d8bb2de31b24e87172f3f1b26d400b08d50ff624e456183f269cbf06b3707260383174fda152e4d0c528a90c54114c4f278d0fb35b74dd3ecda14ee89d38e3227a7e18b068f134b22154348867a61719c926ea3320d1be0b9ed78466b2ded728ca04c15ac144185fb2f5084511a38cfd765659351ac1ac3e5f327d9f3de9b2b003758da78dfd08faef3625cedd87c8a55a3cd0257aa71b3788fd2449efd1f48948cb304468e3ca07ea7044fa185a2b91f9761c6532b9273db74c66b2de95ab19e5102cb90c719ec85671e2829b182bb6d09323248d6584f0ca67d422bcda65a0146d8df27ab4ae651706d5fa33b5bb88adc2a1a95105d55cca8439a5060d110760dee8b855d0839053be595278eae66542736d25c93d8544c6e55ed51ad6e7029c2e6d32cfa8844bc14972809e31754af84bb479c504ee77cb65ceddb6bda613feaa2ae6598d1f4975d0fcf9d9dc787eeb5c03f8b0bf438e83c38e2195ef1d35d40f5a14e194bc1bcc64d02ca722e7da28334e91fb6654d708c5b07946cdf58747086eb3ca59d095eb27f1b7e6806d3a35335b2265031a1120f28eed8b4c5d9af268502727c5d23152149c98e6970d4dcc4b9d0fecfa6a79fef82cb233e71fc8aa999df66ebf5a1db2ed1583c65803fa8958f49890d13bc05c6a991f26c31766bdef9bac601a47c8c3c5e395fd8f47e56f04439e9bc8e9b1901a529395f2d57495d70d0712881d298a60e3e013326cd56bf9f1319ea8d6a6511eeff373f081478a51e14f0aa4a33c6c5ea7816380c8984f7a5da45b0c4b6b550644e65a5b2df059ed050936fe6f073b4e8056accd3eb65a0b", + "sha3_256_hash_of_signature": "1dad250ba5858e5e53dcfa8251e37251cb90403ed50d7078699397ef333c745b" + }, + { + "key_generation_seed": "37519a02e8021f2257259c0d2e499af3533c8ed8dd5bf7751cce920d79b518fa", + "sha3_256_hash_of_public_key": "266711ee1adc2f0f9f8a0763f9f419fd967f4ec263076db53c72fa719169e5d8", + "sha3_256_hash_of_secret_key": "410f6ffd8069f639fef1ce2ad8b614a0c1781fa30955f10d16a48a626ee377d6", + "message": "00769683fe7bfd74b3acd21af3898b74ca73dd126c8315538937cac4ef0ad4588765a26dcce1c90c559ce691e7eb3e0a497d357e1ab583c761439c0a66d1164518f01b6894067925753cc2866a91552fcd0ef029c2284c620caf364de6c56eb41ee0e4431d9be22b76451d132a3f9ad91a53449be820a7acf56f6adbc7107c7c729ec8a64fff6a24b4cf83ff4e945def336dbfea6067fccbd1cd6b5698adb1ad6df03fd0a553457b8e9feb4a1243feefc2df7f66ae3eca5bf169f7891adaea8d5c59012c7aa00a5a86b0a33d0006f8ad5a01c60abbda6d249d3fac7ebfb85103a3a747a45d0adb7def52ed3a5f1a620ee383a9c0cce1900e413fc74a7a97646111d54783928b15bca783d01efc67f49ce6f781e82d25d3f30561f507e3831cb4ea5b4a08d5489830017270b63d8298beebf48eb56bda5685d5e1e06404eb9a6c3790e9b29c99168b10badf8fdb03f3c568672773eec96428149ca272ea5a8083f8208bdce361e7d40bc4da75029d4a18b0b6ad615dbf849935d4755cffd270a52fa290811cd55bdca38ed89f0066adb9ba7f58366379ffe1caf3a9127e147c3af3dc27279391e0c09537e81e20e7b9fe4fe3da970fe50bfc96555233cc9e61d3c356aaa8eed5a8aea2327d7036ee03e7ee40aa35e9da4544b121514c261ec1cb0b2d75b1d5ce129e47f89825f69ba8254163179fc1331a917ae9c5a18556a10c5f983871b1258cb6fc8ad207f97a220c5598860b6c56f1eff09de6000241e901a89e107feec15833d34d6eb12db6b188faa0b858a5b9e32f84f783b43b6f8a3b2e4b044cff8902e1eb0c527bb4e29c92acc9dc7e0d9ac6b3a021415768b21dd9695983ee89c871c0eade0bce4fb72e682dfb5a2bb7498bf4d2c01240f67d1b62baa4e587069c16e3032114b14a1c4288febaebb4c75c3c05924a358c4bb7df95ecf81d67147fae3f605ede61b7ba164eba1ab36ece97db0ecb32a673e899b24557d8987af3adc57a9da609914c9b2d6d8ac58e5954e0db5aa9e75b444700b8f704e15a6a7bba81809fa8801c6ceb5747a44ceb8f99cfe6d8a2a03c03451e5f3d392725207f3dd28b2c00004425b7ae05fa3769183ab60857b27ab08bcc4321d293c93d1d850d4e7a81b14564d7b15ac0e3bc1bfe0561622c6aa06923eefe163629ede8ba1732dbfcad52d3baa6e11e569ea790b36a8472b2ca37bd5c0edd37d8f164b874952d00d592fb705c6b3110a12b03829c157191d33c579593e7828cda5c24a284ba2f5a42f0bfa601a8f6d3db1ca6d703ecbd261629c9f96ebc0458737b9951219e5b1f86192e2a85b47d80610a0acc8b1a70db2916f89cdb2c7f8943471ddbabd2a3536c5dc8a73cdeddeaaedc86fa148d2ee479f8465558852fcbea0dd8017f1b976281a5014319c2c3caccbf571d9550215b24134f6daef32716802e7945cb3f97afc1ab1da17d0c41b545a750ef345a6f88ad5ff52d512afa6558335b5eb8979d8e6dc1da562bb997e7d152d9fa3eaa09119c3474e11218230d8a56c19ad87fde483fbd6ddde9acba813bebc8505a323c601e5b5251650dae9334562e3dcc38a28bd7ded6942d0cc2014235c1b66cf4a57ba3010b83cc7050309f57a27207512d195d070db3d10ffcbacdb47e4231142bae588f92c5b0a71abd67ca9390c2e05fd2cf7a1fabb14c5a7ae3773c66db1f055214479e388b5e6abf0df8fd1b0e4f90828acc397643cbc274143fb4331262a20634877be4c7489c1ae9eaf90bb2a177a6b5ac15cbda27da0616e5f87461554f5686a7bd6d047ad0b98c8cdea3db78dd2970c78fb861f2a92ddc277876791c4a30f525659557831f4377065d19acb384cc68340152a6de6d84cdb58f433923d1fb8cc6b10bacd95b9ab1b45563998620d192032269fa8301c09a29c4b5b20ca0a3d63a4f5984b7db0f5b17417dc7b939b9b177bf423e2f3d57dff296e6e4ff0fb1744b13731206ead54ef0aa1da09bea8b0ac0ef71b73d009d30531de9fde90d86bf5f20d8e5a9e324e657a98f8c0031adac4385157ba4e28b48aed957a5b36c3b49057f8eca7f56808f794014dad170601070607010e004f42d01cc63b2a1761126ba045f1165e25fdd05901fac6b76e777faaaee6f5ed94302e2da28046b4bc60228e1b9e194f364e377f84681b3011583554b76fbf8d7456dbdea665adad6aa0556c8cc714f217a518a98615c4c1cfc8adbbd4d12c5bc23ad7a0f849e32fe2005334b55d7bcb43d1c95d4793e7c3882740cde8dd24b367294496a3e2f3251a66cdaece9e0a73d853f8d4e3a4637836ded68cb28ba4fcab02d61fb5cfa581792e636217f3238d78912ea0863816ffb2f388823174b19433c2b14bab69e12c3b791fe683744d4519455a52555af0d7e12749f6094afdba00fc6a609c7578c531fc4c3c3065ebf78414f112014726ec2230f9bcd9c15e36283144ccbe0d1785b65cf49ba8fefe92eb6907c0330bc98ac172ea9e8dd4df8974dd6b6772bbc6ca8e8562c5ec0b6592de7440ac915c35e0ac8087f22eba110ca3037b469b1d5bc92636d81881e38d8bbed01a29b3ebcf0c19eb95bf999eb848022592aeaab649ce19824ed9d3a32d75fba556ee07606a306d1fcec2e24b38274c361b7bc96ce37b7f4fe434eba17ac2a097051a92e4ec32e4c678f7762e8b96ebfd2600c0f224b04b2cd7e9f4ad327d53603828015e9cf45969800f02fa5e0ba26b8c844ba1fdffde44303ad0389c1b31d582877ca6bfad4973ba35fbb90ecdd95f430078bc39aa89434130a5fb8321e51f9624090d0277a9f112ee8ff65d3dba999c7c08727d0f08dcf00ce22f62c955d6a822f247c8065ab94ac442e1cb5f31254816794cc2556891a523b8aef09d3b9e07aa8b67b3b87567adebdbdfb93ba9a082f72052572c97e73af16cfc42d2a51a3683f84748a338aab56264753ba4083d356a27c71f47221ed8340c50afd46cd207c4f9634ab5a44888a4234770c46232c35eff83fa950b0a6879137dce209d5a1f26809b411f046f51ff084f15bfe03292ee845d3044235adbc299925235462e67f803daa1426f0e116b93f4532dd2784f7f87ae360281ce21f70d230c242e1a98de8fe1d6147ad71edec89e24a5980c45fd91e23516758af71df8e0dd96929d4da61a3baeabb96c9378986deb4c9101175e3af1e102b52a8da27d916ee4a28263ca485cfe87ee5436249c1a2f933669f6e3274e9bd93092f4a798ae85d6592ebb54dc65c28ba08582e275972b0a12c22a7792ccfd4a398e504c6fb2cf5ef1f9c268540b4fd7d07d59c49a559d86a56a009c4c18a3fceca109fc7a45c6e842abc22053e84878c4805d96ac96ba00fa40fc3b50407141105845055447ca94bd27f234183c2b8bf37f5cd249ed0705afaeae59c8be8f6b38069d67fb23f74284e8185c176b58b482900a3e09774383c7ecacf4fe5e580df99db102ad4018db73c73a635d3fcdc833b000c948d846aacc92ed54ffb3acae1bfe205d6b2312658f15decfa085d13bc3757c754c5704d8089563e0ccf52b04a49df293cafbbc2fed5d9551b5a3897ec7beaa56a4034bedceb4840a9bdfbb8bf47d66dd3a4e3eb1666372c6b2c39a48d52761bd36403cb130a087685e2eabb8711c11005ea09f90ac49665415c56cab6fd2719c45b6800df914f8ff327eed29d9b9a5bbd6b80b8bb31ad1522803b2c8d89166d5c6b2ed47bc5bbbc4abe6709d46b856ab81ddf15f098a9ab76a8257e7e5c2e7dae53fbd691736f0d6bafe0bb939172614e99c7d7e37754af6c3c637d076a43dbd70e5eae910c8170cecff1621e382d2977635b67f4fac555419f8a0bb76ccaeaef4c7385d293c9595ae10e5201c4a31b4c3ecb9f3b304efb1886f9c58a4ef04e73341b95d9bdb85d706b2a8d3fdd153743a8bb7b3289d0fe79f6a3b9e0fe160dd6700fd64fc87d9ac96858a6d395fef6f3d2193ebae7c3a92e18746a7f12b244fbc5b1df0086cc7045036519d9d7bf8e92b850ea0d3d1e775dea362362462dea2d3501d39203e2879070d1f7ac92fa1576f6d12886d5b979e3c788c09a769ef4ee45e14cd8e7553ebeefcd31ff3d43d4988db08f6630ba8ae8c7250ac42a3d78edb967d59310a4a224567d8797c42370cbd2302a3f49abeaf85fad9455f98b61ef2b5e34a5c552583872145e191bbffcaa526f5e38e497a1a1e1220a0f283a935ecd366a9069d5a2a80baba3a22fa85a2557db72d7e29eb4e33e8ed8bb4ec2ec7c2e9cedef46ea955834acf8c9ab23b78052446fd73c9d61683d7fa0088db97d07cc350af0b6b2ad7e66a493af814c11f8c0f2fdf0df40aafd0d218c00319c367e98d7f10c74ea06d31276f3f216e1cb2f12033915008cc83b00ac60fc9c2fb7f97d6e8cd79650d0f9d82bfd9cafef668021d3d165f3fe84221998bc8c29aea0b5b7e0f1f25a0d7447e806cc3fc39e6038be3df9ac01f46222d3a609f8a026744ab4f58a734e3782bec301ea91f2d8e2242d04a11e82474002143223f29656b1a7675aa5ad181004c4f1381df6a0f95a0186e82c04b4de881209e9ccca3ee5b1def0b02353738d92a07314403a1a2721c256121fba8b8ce9b460", + "sha3_256_hash_of_signature": "56f0e1976ff420cf9e51e1cc35abd7a10a65ad38fede22d905bded14ef6538c8" + }, + { + "key_generation_seed": "690482bff6c1d0ba6c071dd395adf69e55e1bfc4e0992a8650ffb5e60a02b172", + "sha3_256_hash_of_public_key": "1f35185b3282324632dda4d2271e01fca64fbbfb0d334c485390179c5b6a96ac", + "sha3_256_hash_of_secret_key": "517d6912e7cb1ef3418f2b1fe4261102705eb7c111a8481b82f913271e5f83fe", + "message": "d21a6bb3a2356805e678673c45fb055fc5266e3f692af9935aea307f14a5c41b979966a5dfe42ebfed1487e4822b74ab5af28995e085ec8007eca4977c63ee5299fec63dccbc42eeacab488e574249e9d856146750ad97c8a443485ec1c5820beb0964640010f6407140791e74684dbb91052e2d8bef7bdcd78b2ec03c97a53295d683bdbe32a70dc19a2f75b8613aea9616ae0e280179492820f73fb7fa4121e673fb5c328f41b67ff8ffa7aee6564adaba046d6e1d6aa13fb24965390f829246dfa8763851405075f76cf94c66ffc3308214df0960c649aaedc22926ce9357d3875f8b71d68d75999aa3663c30a9edf07228bf7dff49ec1e6c7a33d2053597003b82392e826ebd701b4c981aaac9951c79e08f592c2c0637c8e5a7f9dcda599e859c317d4888b4098992e0e2d979e41c703686d577e5ba6001ec4f587140711293d664963632f87ea0461e0e0c5e9d8d292fb409f9f9ab172ee17fc8afabad06e42b437ce22924eb5dbd3a80a06962f3b37946259f9c75a233cb2b4abdc5cd1b648faeb1be8630db40d151b8fba693df2c5bdcaa14dc4783f450b6bc407515ceebc5c9a47bd1a141384f0b596cab1135c075651cba989c190f3171dc1d72330edaa01656813c4b7811715060b023fc426745c301b2a91e0d08ed3bded438c4ce6799c35f3981c882a0bde4a2feeb1a52cafa47b0c48558fc43f98fe08f03a71128362bb6fb9da6a22249f4d4352ae7d3dae85de497e2411eadcfe5bf1a3c075c45811e0097ecea255fe15bd8321fe8b546a8cacfb899eecf5419db363c7567c2fe7360b36de14674f500a31d3eec71451a7c0d5576a8939c0f6d4d9f2f03f3c516ce25ce73abb35c73aa94f6aefae6ad87052d6b195fa43586817f5bb974aae7f1b8608922411aa5b0d7d574016cbd3ded13395623470a108fa0e1d3f9faa7e1e5031843f2a23dbce8b196315290dea5795e4115d53dc570a444064cfa3c9457dbf3ee323b1966ecd2270c32910f8f430522471258a1f1955a6e1dd8c84ed9a566499bf85628615351abe84b401421da2cfaf575e2644c9304c075ecfc374066cec713fa4c0d89043689fbc59ff54b8f97ee0a3b0989bc5e4ef83cc9833e75bc8b67bb5ee3c06ea156611cda95a6702416807530ea206ed89835d20805ea988b1958569cdf7f809996214dadab4e20bd44917e3410ec6beac98fea07f764e85b66aed5e17cf675d2ed8e63db728fe75158cb31779e31379648b43d68ccff3780854cf03535c57122019456e73cf06769bf1fbf558542241ce665bd10f921828553585e0cf664cdc6160f9c47fa5330591b74194f4716056ca83993efec4a52db9a1fbd3b2f504ac19667325167407375b6d7de739f07947b511c8d475744e5c29d6e286a37f1ff8317bd0178f0e306a38fa6e75f4a80427feb2c91235d3e7f20d8101cfc03bb73f44ef59af3526e9afc580027a1dade37654238b8ec7af0105248fe30784a88b72e11fc1bd807e47a349bd29075befbb29730ef8e85e3abd5105559bacee74aa27d90d360a8d629dbec95eb34c7f7ca20096ff7b521e40d3944a975436896f372eeab6b8615eb91697965bbf955779dd3047f7e3bf029e3509a5780247445d6223d085afb4291d976efadc41e42dc2c0728d18f6155654a332fec72eb6aef8b92c1d177e3dc28c31971bcaff76ddebfd9588bc244b116d409e58dc5ada1648663d603c47faeb814aaa7eb9b6264356f926c18b9357bf426b89ddc8eb9177eceb5c6cdc64dd8feb7b326bc1ba89bd9035235da0e644ef959c58dd97b88d5c749b36931ac2694c67151db0894652e99254222d37cefe9e27b3dd663a152dbe29a3639afe42f4578937076180563aad6ad739255ea012a17d2a56627d84c44fbab261d392a966cfe19278799cf1634d42384323c496190d4b9fb662694e3887ea66ab9e8b195488c8dca47c8bc0424247759137cfbf86dedc3641904cb6facbb30a9fa84acf69a67b4afdf4c2aa420fc0d90cefa0dfbbcd3072d9f772fd6058e2bf0e251be93b00dc43765b53db51b22f12d3ed0cc5655e4aebd9d923f99a43e4461dcf5992030e66a1cdc3a65558d9bb3a39788d92328387d144850dd3706fd7a079e3d2398f542f91a8aaabf0c5068dbaf1fcc5160398abecf74884beb04f3a3ea38bbb80d798f5981b3f2db6c7b33f867b7dc06a4417e30f94cdb4f523aeea0be12bd75aaed57520db0d4b4f013be3a1dc7ae5c58fd1de9637f7d82f697b7e92da427a78feec6a5c0255eb57a43dea6cebc8805bc04e04fe789e222b1e2642d26edc14fb36ecc6092b3060e45eed6c5b35de8741f72933930ecbd7338cf39474122357365700cb50c5eb176fb92814fa7f4032570ccee6b859236ad5da5f1730129edc7be218ba9874620f6f0ebc45e0bd622f8fd1ae6974994af95c6519ec1c46650c073d194fa6ebc62f405f63a3416782a47872c7d77d648d0a1c802ffdfde5fdc112c94cfc68f401889efc522fe488fdb5384c0d93147ab6587659d936f98ecfbcdcfbf8b352d605f18c855e2559743ed97991c5d50df44a7b929303835654a3955abc5bee6327400a7ccce460b318d8b5ece5b12f606adb3d7b5ed59563b8e675e78029aabc234442c2463256fe02b04f556da35c4615d14a9f4eff17db0db81de4bdd894f6628a120be2d4cf3e1f46d53817899657035a76137e23c0b0e8ddd29465d7f15628fd435e6caaca4194fdbf85fdcc31d5dafcb52568b7c0cfbe713bc85fa424ba3abe149e4035fc86807a8b876d2163b447cad5ec0e6ef38a1d591afb46267f9dbf142cab1cac1f73beba212992fc6d4647ec17848d1adbb1901277a5078dd72d9c9184e893c0806e9b4aff0a824670d438620f2a7e8d2965b619d291e5824c014fc888a36fbbe17356431f0039038f9b497902aed969f9c488390b7087763638e976801127baf1f53803c4dc9649f0ee85d67b239e2bdafb2bd75f1d1da22a56fb3af10a9dde7ad306c4af8681029316c0e1949228e6bf5adf942f1c0ef92b2bcbc0c70d49e5808851444240a78b14d21b54f66271482f49b85f5180b268050327368496cfa8b54ecb97ee6d28eb74a3742f68583da046809002c22f7b31fbc0566969f9a15cdca892c4beb101a2ac3526c76e9d30982c9b4893450fdec4001d2431828d24d8b1a67df80e2e10ed2ea8d723227055c48006665f7da8e032efdc70bc7eeb2b369b551fac542ad6df1a23107e2b3c0e3ccacc25f26404c085cbf56e52d35d7948db9fda6dfc24709994719d8ced41a2cc9b3c4b2bef0967cb71861cf0e6aea9bec9395726aa0e2f1a7247ed0f6038e3df4bf566786073590dcf97f8f0a99658d8f630a2d130c46cf4d26c669360d0f70b75f904c9f923ab285d5db129f6c25ad21f9e26ac844d07a8eed86c4e224ebfc5b3f720d6f94b0a01b1433c46b40cf84e80f7a6afa7bb8f9acf818ad3cab2ddd6904c067bea4f1fe79b83cb0aa8fc75b6b096bad6fe94abfd48f8efc0f2b9a02ebda8fdbdbe1c77f1854edba18aae7f31ced9cd34c1b355108df18a8953932f7554af05b203a96a9bb93e0eff51d7f93b56e351562cf85a2d35eae2c2427b89a8662a1c723d4f14e6eafdbd636c2bb7ade29c1a6bc8a463734c808bec68b1e9a31af6e29b412f1cb8c90a9911ac5c3ea71e46113d2d7b1ae2d8802b06a770fd0e9e4652895e42181ad09bb541e9493f258711bb7bedd3e7ca8b8ce875669cf80a6880eca3f13800de7011ea67f443e505c4fb455608ae586f922b3c83fd33b306bdedb86223c33e3aa65edc93cbcf3a03adaf9f328997951d59a9200c0ba2618e3596af176b43122cedc52b1e006ea6d12dc236a6fcd7cc46825f2ef7ed71683a731d746fff2fe54e0b392a8cbfa38873196bb2b835dca7cb7c3ed9a004c7a329b9734a111744bdacdb669e69e9df1e52f07c513e3752a0ccd81d7ddc4a64868b7bb2bbbd2095373480522be10615248a179dcb61dac90f7fa5fa9b84f190a9c62b5ff9cd473a940f03e7107157d7eb60af1e3e384ffe8a67dcb2389b3b0fab7c789cf100ca95cd6a85442cb9a2c243fb9d454b20bae5762d72b8fe79b4df81163d61de4578cf976992d8b9989fc68089f811f53db1e1092b60220552876b818bea981571898cd6ab7b5f13c46b0a076526e3241d65014f855efd7bde08ad91f259dcb64e94ec3dad97811eb024ee1d341521dc92ae5e93c73422088976f2d27d64e1d193b955e6736ad2bccf3c1a53d590576434acbc0b687f27f255fef354e68aca47160efa7126f908e08e4548c11546d9c412d685fa84d2eb4dcb2bdfc48e2fa8023548198ebb072a48044f4391143e3bef4ff9066a4b0d03adc826819d67588ba84f99da27424103652acc039ddd3b567851cd78e4117a8b93afe01fc8eebdaa1acb8ba9d095789e76b9d5ab9ee177a15d666ef171fe1d4bdccfe2e58ce669b561f63028c6ce26db5c8182fe048680b175c7ab407215ff3a7801c950d509867ab1b0bef89b3e38a387915225ede76f91aad15a85d8c46efd588bb3baacbc52c036211512473420f3f061f5f53e9353de0780425745a76439b3811511c86ca503251f24113384e1a24a9367536e796ce08b896f572489a2339e82a856c", + "sha3_256_hash_of_signature": "5c9a5ff8053860a1d1e4c824af8657a236b23aeb5c9abbeffcf1d55ce854fe30" + } +] \ No newline at end of file diff --git a/libcrux-ml-dsa/tests/kats/ntt_helper.py b/libcrux-ml-dsa/tests/kats/ntt_helper.py new file mode 100644 index 000000000..0a05109fe --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/ntt_helper.py @@ -0,0 +1,409 @@ +""" +The class `NTTHelper` has been defined to allow for the +`Polynomial` class to have some `n=256` NTT help for +Dilithium. This is ok code, but it doesnt generalise nicely. + +TODOs: + +- Build structure to allow this to generalise away from n=256. + +""" + +NTT_PARAMETERS = { + "dilithium": { + "q": 8380417, + "q_inv": 58728449, # q^(-1) mod 2^32 + "mont_r": 4193792, # 2^32 mod q + "mont_r2": 2365951, # 2^64 mod q + "mont_r_inv": 8265825, # (1 / 2^32) mod q + "mont_mask": (1 << 32) - 1, + # "root_of_unity" : 1753, + # zetas : [(mont_r * pow(root_of_unity, br(i,8), q)) % q for i in range(256)], + "zetas": [ + 4193792, + 25847, + 5771523, + 7861508, + 237124, + 7602457, + 7504169, + 466468, + 1826347, + 2353451, + 8021166, + 6288512, + 3119733, + 5495562, + 3111497, + 2680103, + 2725464, + 1024112, + 7300517, + 3585928, + 7830929, + 7260833, + 2619752, + 6271868, + 6262231, + 4520680, + 6980856, + 5102745, + 1757237, + 8360995, + 4010497, + 280005, + 2706023, + 95776, + 3077325, + 3530437, + 6718724, + 4788269, + 5842901, + 3915439, + 4519302, + 5336701, + 3574422, + 5512770, + 3539968, + 8079950, + 2348700, + 7841118, + 6681150, + 6736599, + 3505694, + 4558682, + 3507263, + 6239768, + 6779997, + 3699596, + 811944, + 531354, + 954230, + 3881043, + 3900724, + 5823537, + 2071892, + 5582638, + 4450022, + 6851714, + 4702672, + 5339162, + 6927966, + 3475950, + 2176455, + 6795196, + 7122806, + 1939314, + 4296819, + 7380215, + 5190273, + 5223087, + 4747489, + 126922, + 3412210, + 7396998, + 2147896, + 2715295, + 5412772, + 4686924, + 7969390, + 5903370, + 7709315, + 7151892, + 8357436, + 7072248, + 7998430, + 1349076, + 1852771, + 6949987, + 5037034, + 264944, + 508951, + 3097992, + 44288, + 7280319, + 904516, + 3958618, + 4656075, + 8371839, + 1653064, + 5130689, + 2389356, + 8169440, + 759969, + 7063561, + 189548, + 4827145, + 3159746, + 6529015, + 5971092, + 8202977, + 1315589, + 1341330, + 1285669, + 6795489, + 7567685, + 6940675, + 5361315, + 4499357, + 4751448, + 3839961, + 2091667, + 3407706, + 2316500, + 3817976, + 5037939, + 2244091, + 5933984, + 4817955, + 266997, + 2434439, + 7144689, + 3513181, + 4860065, + 4621053, + 7183191, + 5187039, + 900702, + 1859098, + 909542, + 819034, + 495491, + 6767243, + 8337157, + 7857917, + 7725090, + 5257975, + 2031748, + 3207046, + 4823422, + 7855319, + 7611795, + 4784579, + 342297, + 286988, + 5942594, + 4108315, + 3437287, + 5038140, + 1735879, + 203044, + 2842341, + 2691481, + 5790267, + 1265009, + 4055324, + 1247620, + 2486353, + 1595974, + 4613401, + 1250494, + 2635921, + 4832145, + 5386378, + 1869119, + 1903435, + 7329447, + 7047359, + 1237275, + 5062207, + 6950192, + 7929317, + 1312455, + 3306115, + 6417775, + 7100756, + 1917081, + 5834105, + 7005614, + 1500165, + 777191, + 2235880, + 3406031, + 7838005, + 5548557, + 6709241, + 6533464, + 5796124, + 4656147, + 594136, + 4603424, + 6366809, + 2432395, + 2454455, + 8215696, + 1957272, + 3369112, + 185531, + 7173032, + 5196991, + 162844, + 1616392, + 3014001, + 810149, + 1652634, + 4686184, + 6581310, + 5341501, + 3523897, + 3866901, + 269760, + 2213111, + 7404533, + 1717735, + 472078, + 7953734, + 1723600, + 6577327, + 1910376, + 6712985, + 7276084, + 8119771, + 4546524, + 5441381, + 6144432, + 7959518, + 6094090, + 183443, + 7403526, + 1612842, + 4834730, + 7826001, + 3919660, + 8332111, + 7018208, + 3937738, + 1400424, + 7534263, + 1976782, + ], + "f": 41978, # 2^64 / 256 % q + }, +} + + +class NTTHelper: + def __init__(self, parameter_set): + self.q = parameter_set["q"] + self.q_inv = parameter_set["q_inv"] + self.mont_r = parameter_set["mont_r"] + self.mont_r2 = parameter_set["mont_r2"] + self.mont_r_inv = parameter_set["mont_r_inv"] + self.mont_mask = parameter_set["mont_mask"] + self.zetas = parameter_set["zetas"] + self.f = parameter_set["f"] + + @staticmethod + def br(i, k): + """ + bit reversal of an unsigned k-bit integer + """ + bin_i = bin(i & (2**k - 1))[2:].zfill(k) + return int(bin_i[::-1], 2) + + def montgomery_reduce(self, a): + """ + a -> R^(-1) a mod q + """ + # t = (a * self.q_inv) & self.mont_mask + # t = (a - (t * self.q)) >> 32 + # if t <= -(self.q - 1) >> 2: + # t += self.q + r = (a * self.mont_r_inv) % self.q + if r > (self.q >> 1): + r -= self.q + # if not r > -(self.q >> 1): + # print(f"{r}, { -(self.q >> 1)}, {self.q}") + # if not r <= (self.q >> 1): + # print(f"{r}, {(self.q >> 1)}, {self.q}") + return r + + def to_montgomery(self, poly): + poly.coeffs = [self.ntt_mul(self.mont_r2, c) for c in poly.coeffs] + return poly + + def from_montgomery(self, poly): + poly.coeffs = [self.montgomery_reduce(c) for c in poly.coeffs] + return poly + + def ntt_mul(self, a, b): + """ + Multiplication then Montgomery reduction + + Ra * Rb -> Rab + """ + c = a * b + return self.montgomery_reduce(c) + + def ntt_coefficient_multiplication(self, f_coeffs, g_coeffs): + return [self.ntt_mul(c1, c2) for c1, c2 in zip(f_coeffs, g_coeffs)] + + def to_ntt(self, poly): + """ + Convert a polynomial to number-theoretic transform (NTT) form in place + The input is in standard order, the output is in bit-reversed order. + NTT_ZETAS also has the Montgomery factor 2^16 included, so NTT + additionally maps to Montgomery domain. + + Only implemented (currently) for n = 256 + """ + if poly.is_ntt: + raise ValueError("Cannot convert NTT form polynomial to NTT form") + + k, l = 0, 128 + coeffs = poly.coeffs + while l > 0: + start = 0 + while start < 256: + k = k + 1 + zeta = self.zetas[k] + for j in range(start, start + l): + t = self.ntt_mul(zeta, coeffs[j + l]) + coeffs[j + l] = coeffs[j] - t + coeffs[j] = coeffs[j] + t + start = l + (j + 1) + l >>= 1 + + poly.is_ntt = True + return poly + + def from_ntt(self, poly): + """ + Convert a polynomial from number-theoretic transform (NTT) form in place + and multiplication by Montgomery factor 2^16. + The input is in bit-reversed order, the output is in standard order. + + Because of the montgomery multiplication, we have: + f != f.to_ntt().from_ntt() + f = (1/2^16) * f.to_ntt().from_ntt() + + To recover f we do + f == f.to_ntt().from_ntt().from_montgomery() + + Only implemented (currently) for n = 256 + """ + if not poly.is_ntt: + raise ValueError("Can only convert from a polynomial in NTT form") + + l, k = 1, 256 + coeffs = poly.coeffs + while l < 256: + start = 0 + while start < 256: + k = k - 1 + zeta = -self.zetas[k] + for j in range(start, start + l): + t = coeffs[j] + coeffs[j] = t + coeffs[j + l] + coeffs[j + l] = t - coeffs[j + l] + coeffs[j + l] = self.ntt_mul(zeta, coeffs[j + l]) + start = j + l + 1 + l = l << 1 + for j in range(256): + coeffs[j] = self.ntt_mul(coeffs[j], self.f) + + poly.is_ntt = False + return poly + + +NTTHelperDilithium = NTTHelper(NTT_PARAMETERS["dilithium"]) diff --git a/libcrux-ml-dsa/tests/kats/polynomials.py b/libcrux-ml-dsa/tests/kats/polynomials.py new file mode 100644 index 000000000..0da011e96 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/polynomials.py @@ -0,0 +1,491 @@ +import random +from copy import deepcopy +from utils import * + + +class PolynomialRing: + """ + Initialise the polynomial ring: + + R = GF(q) / (X^n + 1) + """ + + def __init__(self, q, n, ntt_helper=None): + self.q = q + self.n = n + self.element = PolynomialRing.Polynomial + self.ntt_helper = ntt_helper + + def gen(self, is_ntt=False): + return self([0, 1], is_ntt=is_ntt) + + def random_element(self, is_ntt=False): + coefficients = [random.randint(0, self.q - 1) for _ in range(self.n)] + return self(coefficients, is_ntt=is_ntt) + + def bit_unpack(self, input_bytes, n_bits): + if len(input_bytes) % 8 * n_bits != 0: + raise ValueError( + "Input bytes do not have a length compatible with the bit length" + ) + + r = int.from_bytes(input_bytes, "little") + mask = (1 << n_bits) - 1 + return [(r >> n_bits * i) & mask for i in range(self.n)] + + def bit_unpack_t0(self, input_bytes, is_ntt=False): + altered_coeffs = self.bit_unpack(input_bytes, 13) + coefficients = [(1 << 12) - c for c in altered_coeffs] + return self(coefficients, is_ntt=False) + + def bit_unpack_t1(self, input_bytes, is_ntt=False): + coefficients = self.bit_unpack(input_bytes, 10) + return self(coefficients, is_ntt=False) + + def bit_unpack_s(self, input_bytes, eta, is_ntt=False): + # Level 2 and 5 parameter set + if eta == 2: + altered_coeffs = self.bit_unpack(input_bytes, 3) + # Level 3 parameter set + elif eta == 4: + altered_coeffs = self.bit_unpack(input_bytes, 4) + else: + raise ValueError("Expected eta to be either 2 or 4") + coefficients = [eta - c for c in altered_coeffs] + return self(coefficients, is_ntt=False) + + def bit_unpack_w(self, input_bytes, gamma_2, is_ntt=False): + # Level 2 parameter set + if gamma_2 == 95232: + coefficients = self.bit_unpack(input_bytes, 6) + # Level 3 and 5 parameter set + elif gamma_2 == 261888: + coefficients = self.bit_unpack(input_bytes, 4) + else: + raise ValueError("Expected gamma_2 to be either (q-1)/88 or (q-1)/32") + return self(coefficients, is_ntt=False) + + def bit_unpack_z(self, input_bytes, gamma_1, is_ntt=False): + # Level 2 parameter set + if gamma_1 == (1 << 17): + altered_coeffs = self.bit_unpack(input_bytes, 18) + # Level 3 and 5 parameter set + elif gamma_1 == (1 << 19): + altered_coeffs = self.bit_unpack(input_bytes, 20) + else: + raise ValueError("Expected gamma_1 to be either 2^17 or 2^19") + coefficients = [gamma_1 - c for c in altered_coeffs] + return self(coefficients, is_ntt=False) + + def __call__(self, coefficients, is_ntt=False): + if isinstance(coefficients, int): + return self.element(self, [coefficients], is_ntt) + if not isinstance(coefficients, list): + raise TypeError( + f"Polynomials should be constructed from a list of integers, of length at most d = {self.n}" + ) + return self.element(self, coefficients, is_ntt) + + def __eq__(self, other): + return self.n == other.n and self.q == other.q + + def __repr__(self): + return f"Univariate Polynomial Ring in x over Finite Field of size {self.q} with modulus x^{self.n} + 1" + + class Polynomial: + def __init__(self, parent, coefficients, is_ntt=False): + self.parent = parent + self.coeffs = self.parse_coefficients(coefficients) + self.is_ntt = is_ntt + + def is_zero(self): + """ + Return if polynomial is zero: f = 0 + """ + return all(c == 0 for c in self.coeffs) + + def is_constant(self): + """ + Return if polynomial is constant: f = c + """ + return all(c == 0 for c in self.coeffs[1:]) + + def parse_coefficients(self, coefficients): + """ + Helper function which right pads with zeros + to allow polynomial construction as + f = R([1,1,1]) + """ + l = len(coefficients) + if l > self.parent.n: + raise ValueError( + f"Coefficients describe polynomial of degree greater than maximum degree {self.parent.n}" + ) + elif l < self.parent.n: + coefficients = coefficients + [0 for _ in range(self.parent.n - l)] + return coefficients + + def reduce_coefficents(self): + """ + Reduce all coefficents modulo q + """ + self.coeffs = [c % self.parent.q for c in self.coeffs] + return self + + def add_mod_q(self, x, y): + """ + add two coefficents modulo q + """ + tmp = x + y + if tmp >= self.parent.q: + tmp -= self.parent.q + return tmp + + def sub_mod_q(self, x, y): + """ + sub two coefficents modulo q + """ + tmp = x - y + if tmp < 0: + tmp += self.parent.q + return tmp + + def schoolbook_multiplication(self, other): + """ + Naive implementation of polynomial multiplication + suitible for all R_q = F_1[X]/(X^n + 1) + """ + n = self.parent.n + a = self.coeffs + b = other.coeffs + new_coeffs = [0 for _ in range(n)] + for i in range(n): + for j in range(0, n - i): + new_coeffs[i + j] += a[i] * b[j] + for j in range(1, n): + for i in range(n - j, n): + new_coeffs[i + j - n] -= a[i] * b[j] + return [reduce_mod_pm(c, self.parent.q) for c in new_coeffs] + + """ + The next methods rely on the parent + `PolynomialRing` having a `ntt_helper` from + ntt_helper.py and are used for NTT speediness. + """ + + def to_ntt(self): + if self.parent.ntt_helper is None: + raise ValueError( + "Can only perform NTT transform when parent element has an NTT Helper" + ) + return self.parent.ntt_helper.to_ntt(self) + + def copy_to_ntt(self): + new_poly = self.parent(deepcopy(self.coeffs), is_ntt=self.is_ntt) + return self.parent.ntt_helper.to_ntt(new_poly) + + def from_ntt(self): + if self.parent.ntt_helper is None: + raise ValueError( + "Can only perform NTT transform when parent element has an NTT Helper" + ) + return self.parent.ntt_helper.from_ntt(self) + + def copy_from_ntt(self): + new_poly = self.parent(deepcopy(self.coeffs), is_ntt=self.is_ntt) + return self.parent.ntt_helper.from_ntt(new_poly) + + def to_montgomery(self): + """ + Multiply every element by 2^32 mod q + + Only implemented (currently) for n = 256 + """ + if self.parent.ntt_helper is None: + raise ValueError( + "Can only perform Mont. reduction when parent element has an NTT Helper" + ) + return self.parent.ntt_helper.to_montgomery(self) + + def from_montgomery(self): + """ + Divide every element by 2^32 mod q + + Only implemented (currently) for n = 256 + """ + if self.parent.ntt_helper is None: + raise ValueError( + "Can only perform Mont. reduction when parent element has an NTT Helper" + ) + return self.parent.ntt_helper.from_montgomery(self) + + def ntt_multiplication(self, other): + """ + Number Theoretic Transform multiplication. + Only implemented (currently) for n = 256 + """ + if self.parent.ntt_helper is None: + raise ValueError( + "Can only perform ntt reduction when parent element has an NTT Helper" + ) + if not (self.is_ntt and other.is_ntt): + raise ValueError( + "Can only multiply using NTT if both polynomials are in NTT form" + ) + # function in ntt_helper.py + new_coeffs = self.parent.ntt_helper.ntt_coefficient_multiplication( + self.coeffs, other.coeffs + ) + return self.parent(new_coeffs, is_ntt=True) + + """ + The following four functions are specific for dilithium, but + act naturally on polynomials, and so are added as methods here. + """ + + def power_2_round(self, d): + power_2 = 1 << d + r1_coeffs = [] + r0_coeffs = [] + for c in self.coeffs: + r = c % self.parent.q + r0 = reduce_mod_pm(r, power_2) + r1_coeffs.append((r - r0) >> d) + r0_coeffs.append(r0) + + r1_poly = self.parent(r1_coeffs, is_ntt=self.is_ntt) + r0_poly = self.parent(r0_coeffs, is_ntt=self.is_ntt) + + return r1_poly, r0_poly + + def high_bits(self, alpha, is_ntt=False): + coeffs = [high_bits(c, alpha, self.parent.q) for c in self.coeffs] + return self.parent(coeffs, is_ntt=is_ntt) + + def low_bits(self, alpha, is_ntt=False): + coeffs = [low_bits(c, alpha, self.parent.q) for c in self.coeffs] + return self.parent(coeffs, is_ntt=is_ntt) + + """ + Compute the high and low bits at the same time + Not in the pseudocode, but needed for the more + efficient signing which we implement based on + section 5.1 + """ + + def decompose(self, alpha, is_ntt=False): + coeff_high = [] + coeff_low = [] + for c in self.coeffs: + r1, r0 = decompose(c, alpha, self.parent.q) + coeff_high.append(r1) + coeff_low.append(r0) + return self.parent(coeff_high, is_ntt=is_ntt), self.parent( + coeff_low, is_ntt=is_ntt + ) + + def check_norm_bound(self, bound): + """ + Returns true if the inf norm of any coeff + is greater or equal to the bound. + """ + return any(check_norm_bound(c, bound, self.parent.q) for c in self.coeffs) + + """ + The following bit_pack functions are specific for Dilithium + but are currently added as methods for the Polynomial class + as it seemed the most natural way to do this. + """ + + @staticmethod + def bit_pack(coeffs, n_bits, n_bytes): + r = 0 + for c in reversed(coeffs): + r <<= n_bits + r |= c + return r.to_bytes(n_bytes, "little") + + def bit_pack_t0(self): + # 416 = 256 * 13 // 8 + altered_coeffs = [(1 << 12) - c for c in self.coeffs] + return self.bit_pack(altered_coeffs, 13, 416) + + def bit_pack_t1(self): + # 320 = 256 * 10 // 8 + return self.bit_pack(self.coeffs, 10, 320) + + def bit_pack_s(self, eta): + altered_coeffs = [eta - c for c in self.coeffs] + # Level 2 and 5 parameter set + if eta == 2: + return self.bit_pack(altered_coeffs, 3, 96) + # Level 3 parameter set + elif eta == 4: + return self.bit_pack(altered_coeffs, 4, 128) + else: + raise ValueError("Expected eta to be either 2 or 4") + + def bit_pack_w(self, gamma_2): + # Level 2 parameter set + if gamma_2 == 95232: + return self.bit_pack(self.coeffs, 6, 192) + # Level 3 and 5 parameter set + elif gamma_2 == 261888: + return self.bit_pack(self.coeffs, 4, 128) + else: + raise ValueError("Expected gamma_2 to be either (q-1)/88 or (q-1)/32") + + def bit_pack_z(self, gamma_1): + altered_coeffs = [gamma_1 - c for c in self.coeffs] + # Level 2 parameter set + if gamma_1 == (1 << 17): + return self.bit_pack(altered_coeffs, 18, 576) + # Level 3 and 5 parameter set + elif gamma_1 == (1 << 19): + return self.bit_pack(altered_coeffs, 20, 640) + else: + raise ValueError("Expected gamma_1 to be either 2^17 or 2^19") + + def __neg__(self): + """ + Returns -f, by negating all coefficients + """ + neg_coeffs = [(-x % self.parent.q) for x in self.coeffs] + return self.parent(neg_coeffs, is_ntt=self.is_ntt) + + def __add__(self, other): + if isinstance(other, PolynomialRing.Polynomial): + if self.is_ntt ^ other.is_ntt: + raise ValueError( + f"Both or neither polynomials must be in NTT form before multiplication" + ) + new_coeffs = [ + self.add_mod_q(x, y) for x, y in zip(self.coeffs, other.coeffs) + ] + elif isinstance(other, int): + new_coeffs = self.coeffs.copy() + new_coeffs[0] = self.add_mod_q(new_coeffs[0], other) + else: + raise NotImplementedError( + f"Polynomials can only be added to each other" + ) + return self.parent(new_coeffs, is_ntt=self.is_ntt) + + def __radd__(self, other): + return self.__add__(other) + + def __iadd__(self, other): + self = self + other + return self + + def __sub__(self, other): + if self.is_ntt ^ other.is_ntt: + raise ValueError( + f"Both or neither polynomials must be in NTT form before multiplication" + ) + if isinstance(other, PolynomialRing.Polynomial): + new_coeffs = [ + self.sub_mod_q(x, y) for x, y in zip(self.coeffs, other.coeffs) + ] + elif isinstance(other, int): + new_coeffs = self.coeffs.copy() + new_coeffs[0] = self.sub_mod_q(new_coeffs[0], other) + else: + raise NotImplementedError( + f"Polynomials can only be subracted from each other" + ) + return self.parent(new_coeffs, is_ntt=self.is_ntt) + + def __rsub__(self, other): + return self.__sub__(other) + + def __isub__(self, other): + self = self - other + return self + + def __mul__(self, other): + if isinstance(other, PolynomialRing.Polynomial): + if self.is_ntt and other.is_ntt: + return self.ntt_multiplication(other) + elif self.is_ntt ^ other.is_ntt: + raise ValueError( + f"Both or neither polynomials must be in NTT form before multiplication" + ) + else: + new_coeffs = self.schoolbook_multiplication(other) + elif isinstance(other, int): + new_coeffs = [(c * other) % self.parent.q for c in self.coeffs] + else: + raise NotImplementedError( + f"Polynomials can only be multiplied by each other, or scaled by integers" + ) + return self.parent(new_coeffs, is_ntt=self.is_ntt) + + def __rmul__(self, other): + return self.__mul__(other) + + def __imul__(self, other): + self = self * other + return self + + def __pow__(self, n): + if not isinstance(n, int): + raise TypeError( + f"Exponentiation of a polynomial must be done using an integer." + ) + + # Deal with negative scalar multiplication + if n < 0: + raise ValueError( + f"Negative powers are not supported for elements of a Polynomial Ring" + ) + f = self + g = self.parent(1, is_ntt=self.is_ntt) + while n > 0: + if n % 2 == 1: + g = g * f + f = f * f + n = n // 2 + return g + + def __eq__(self, other): + if isinstance(other, PolynomialRing.Polynomial): + return self.coeffs == other.coeffs and self.is_ntt == other.is_ntt + elif isinstance(other, int): + if self.is_constant() and (other % self.parent.q) == self.coeffs[0]: + return True + return False + + def __getitem__(self, idx): + return self.coeffs[idx] + + def __repr__(self): + """ + TODO make this look nice when there + are negative coeffs... + """ + ntt_info = "" + if self.is_ntt: + ntt_info = " (NTT form)" + if self.is_zero(): + return "0" + ntt_info + + info = [] + for i, c in enumerate(self.coeffs): + if c != 0: + if i == 0: + info.append(f"{c}") + elif i == 1: + if c == 1: + info.append("x") + else: + info.append(f"{c}*x") + else: + if c == 1: + info.append(f"x^{i}") + else: + info.append(f"{c}*x^{i}") + return " + ".join(info) + ntt_info + + def __str__(self): + return self.__repr__() diff --git a/libcrux-ml-dsa/tests/kats/requirements.txt b/libcrux-ml-dsa/tests/kats/requirements.txt new file mode 100644 index 000000000..b05066ea0 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/requirements.txt @@ -0,0 +1 @@ +pycryptodome==3.19.0 diff --git a/libcrux-ml-dsa/tests/kats/shake_wrapper.py b/libcrux-ml-dsa/tests/kats/shake_wrapper.py new file mode 100644 index 000000000..40514f4c0 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/shake_wrapper.py @@ -0,0 +1,63 @@ +from hashlib import shake_128, shake_256 + +""" +hashlib has implemented shake_128, shake_256 +but they haven't designed it so you can read +bytes properly... every call generates all +bytes without updating + +shake_128.digest(1) == shake_128.digest(1) + +and we have no shake_128.read() :( + +So, here's a wrapper which calls to +shake_128.digest and collects a bunch of bytes +which we can then read through. +""" + + +class Shake: + def __init__(self, algorithm, block_length): + self.algorithm = algorithm + self.block_length = block_length + self.read_blocks = 0 + self.read_data = b"" + + def absorb(self, input_bytes): + """ + Initialise the XOF with the seed + and reset other init. + """ + self.read_blocks = 0 + self.read_data = b"" + self.xof = self.algorithm(input_bytes) + + def digest(self, input_bytes, length): + """ + Sometimes we just want n bytes, so rather than read + them slowly, we can just pull them straight out. + """ + return self.algorithm(input_bytes).digest(length) + + def get_n_blocks(self, n): + """ + Requests n blocks from Shake and stores them + Ignores any bytes previously read + """ + byte_count = self.block_length * (self.read_blocks + n) + xof_data = self.xof.digest(byte_count) + self.read_blocks += n + # return last n blocks of bytes + self.read_data = xof_data[-self.block_length * n :] + + def read(self, n): + # Make sure there are enough bytes to read + if n > len(self.read_data): + self.get_n_blocks(5 * n) + send = self.read_data[:n] + self.read_data = self.read_data[n:] + return send + + +Shake128 = Shake(shake_128, 168) +Shake256 = Shake(shake_256, 136) diff --git a/libcrux-ml-dsa/tests/kats/utils.py b/libcrux-ml-dsa/tests/kats/utils.py new file mode 100644 index 000000000..692da4264 --- /dev/null +++ b/libcrux-ml-dsa/tests/kats/utils.py @@ -0,0 +1,125 @@ +from collections import deque + + +def reduce_mod_pm(n, a): + """ + Takes an integer n and represents + it as an integer in the range + + r = n % a + + for a odd: + -(a-1)/2 < r <= (a-1)/2 + for a even: + - a / 2 < r <= a / 2 + """ + r = n % a + if r > (a >> 1): + r -= a + + # assert r > -(a >> 1) + # assert r <= (a >> 1) + # assert (n % a) == (r % a) + return r + + +def decompose(r, a, q): + """ + Takes an element r and represents + it as: + + r = r1*a + r0 + + With r0 in the range + + -(a << 1) < r0 <= (a << 1) + """ + r = r % q + r0 = reduce_mod_pm(r, a) + r1 = r - r0 + if r1 == q - 1: + return 0, r0 - 1 + r1 = r1 // a + assert r == r1 * a + r0 + return r1, r0 + + +def high_bits(r, a, q): + r1, _ = decompose(r, a, q) + return r1 + + +def low_bits(r, a, q): + _, r0 = decompose(r, a, q) + return r0 + + +# def __broken_make_hint(z, r, a, q): +# r1 = high_bits(r, a, q) +# v1 = high_bits(r + z, a, q) +# return int(r1 != v1) + + +def make_hint(z0, r1, a, q): + """ + The above function from the documentation + fails sometimes, but this seems to work... + + This assumes that + + TODO: learn what the edge case is for the above function + """ + gamma2 = a >> 1 + if z0 <= gamma2 or z0 > (q - gamma2) or (z0 == (q - gamma2) and r1 == 0): + return 0 + return 1 + + +def use_hint(h, r, a, q): + m = (q - 1) // a + r1, r0 = decompose(r, a, q) + if h == 1: + if r0 > 0: + return (r1 + 1) % m + return (r1 - 1) % m + return r1 + + +def check_norm_bound(n, b, q): + x = n % q # x ∈ {0, ..., ..., q-1} + x = ((q - 1) >> 1) - x # x ∈ {-(q-1)/2, ..., -1, 0, ..., (q-1)/2} + x = x ^ (x >> 31) # x ∈ { (q-3)/2, ..., 0, 0, ..., (q-1)/2} + x = ((q - 1) >> 1) - x # x ∈ {0, 1, ..., (q-1)/2, (q-1)/2, ..., 1} + return x >= b + + +def get_n_blocks(xof, n, blocks_read): + blocks_read += n + # extract last n blocks + total_bytes = 136 * blocks_read + xof_bytes = xof.digest(total_bytes)[-136 * n :] + # We use `deque` because it has a fast .popleft() + return deque(xof_bytes), blocks_read + + +def get_mask_integers(bit_count, xof, n, blocks_read): + blocks_read += n * bit_count + # extract last n*bit_count blocks + total_bytes = 136 * blocks_read + xof_bytes = xof.digest(total_bytes)[-136 * n * bit_count :] + + r = int.from_bytes(xof_bytes, "little") + mask = (1 << bit_count) - 1 + mask_integers = [] + for _ in range(256): + mask_integers.append(r & mask) + r >>= bit_count + return deque(mask_integers), blocks_read + + +def xor_bytes(a, b): + """ + XOR two byte arrays, assume that they are + of the same length + """ + return bytes(a ^ b for a, b in zip(a, b)) diff --git a/libcrux-ml-dsa/tests/nistkats.rs b/libcrux-ml-dsa/tests/nistkats.rs new file mode 100644 index 000000000..02c54dd05 --- /dev/null +++ b/libcrux-ml-dsa/tests/nistkats.rs @@ -0,0 +1,41 @@ +use serde::Deserialize; +use serde_json; + +use std::path::Path; + +use std::{fs::File, io::BufReader}; + +#[derive(Debug, Deserialize)] +struct MlDsaNISTKAT { + #[serde(with = "hex::serde")] + key_generation_seed: [u8; 32], + + #[serde(with = "hex::serde")] + sha3_256_hash_of_public_key: [u8; 32], + + #[serde(with = "hex::serde")] + sha3_256_hash_of_secret_key: [u8; 32], + + // The length of the message in each KAT is 33 * (i + 1), where i is the + // 0-indexed KAT counter. + message: String, + + #[serde(with = "hex::serde")] + sha3_256_hash_of_signature: [u8; 32], +} + +#[test] +fn ml_dsa_65_nist_known_answer_tests() { + let katfile_path = Path::new("tests") + .join("kats") + .join(format!("nistkats-{}.json", 65)); + let katfile = File::open(katfile_path).expect("Could not open KAT file."); + let reader = BufReader::new(katfile); + + let nist_kats: Vec = + serde_json::from_reader(reader).expect("Could not deserialize KAT file."); + + for kat in nist_kats { + let _ = libcrux_ml_dsa::ml_dsa_65::generate_key_pair(kat.key_generation_seed); + } +} diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 7acbbdfec..4f919a746 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -28,7 +28,6 @@ def shell(command, expect=0, cwd=None, env={}): class extractAction(argparse.Action): - def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform and sha3 interfaces # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" @@ -100,7 +99,6 @@ def __call__(self, parser, args, values, option_string=None) -> None: class proveAction(argparse.Action): - def __call__(self, parser, args, values, option_string=None) -> None: admit_env = {} if args.admit: From 6ca5766027b40feb25cac7c63d2a893d55b3e59e Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 24 May 2024 16:37:11 +0200 Subject: [PATCH 20/94] wip --- libcrux-ml-kem/c.sh | 2 +- libcrux-ml-kem/c/Eurydice.h | 2 +- libcrux-ml-kem/c/LIST.md | 11 - libcrux-ml-kem/c/core.c | 2 +- libcrux-ml-kem/c/core.h | 2 +- libcrux-ml-kem/c/eurydice_glue.h | 11 - libcrux-ml-kem/c/internal/core.h | 2 +- libcrux-ml-kem/c/internal/libcrux_ml_kem.h | 2 +- libcrux-ml-kem/c/libcrux_ml_kem.c | 507 ++++++++++----------- libcrux-ml-kem/c/libcrux_ml_kem.h | 327 ++----------- libcrux-ml-kem/src/hash_functions.rs | 325 ------------- libcrux-sha3/src/lib.rs | 14 +- 12 files changed, 289 insertions(+), 918 deletions(-) delete mode 100644 libcrux-ml-kem/c/LIST.md diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index b48ab69ad..3df54158a 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -24,7 +24,7 @@ $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . if [[ -n "$HACL_PACKAGES_HOME" ]]; then - clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h + # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ cp *.h $HACL_PACKAGES_HOME/libcrux/include cp *.c $HACL_PACKAGES_HOME/libcrux/src diff --git a/libcrux-ml-kem/c/Eurydice.h b/libcrux-ml-kem/c/Eurydice.h index 41c54191f..65b901941 100644 --- a/libcrux-ml-kem/c/Eurydice.h +++ b/libcrux-ml-kem/c/Eurydice.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ diff --git a/libcrux-ml-kem/c/LIST.md b/libcrux-ml-kem/c/LIST.md deleted file mode 100644 index 5fd2f26be..000000000 --- a/libcrux-ml-kem/c/LIST.md +++ /dev/null @@ -1,11 +0,0 @@ -This file lists the changes I did to make progres extracting & compiling ml-kem - -For each problem in `libcrux_ml_kem.c`, I added a `FIXME` comment there as well. - - - `src/polynomial.rs`: rewrote `add_message_error_reduce`, makes eurydice crash - - `c/libcrux_ml_kem.c`: commented out `libcrux_ml_kem_libcrux_polynomials_from_i16_array`, contains a `core_result_Result` type what should have been monomorphized - - `c/libcrux_ml_kem.c`: `libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector`: replace assignments with `memcpy`s (tried to assign array LHS) - - `c/eurydice_glue.h` added `core_slice___Slice_T___split_at_mut` - - `c/eurydice_glue.h` added `core_core_arch_x86___m256i` - - `c/eurydice_glue.h` added `core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut` - diff --git a/libcrux-ml-kem/c/core.c b/libcrux-ml-kem/c/core.c index 6357c4a7e..6ddb43fb0 100644 --- a/libcrux-ml-kem/c/core.c +++ b/libcrux-ml-kem/c/core.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ diff --git a/libcrux-ml-kem/c/core.h b/libcrux-ml-kem/c/core.h index 73d4c37a8..e4bb00263 100644 --- a/libcrux-ml-kem/c/core.h +++ b/libcrux-ml-kem/c/core.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 053694d26..c8b0825db 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -47,27 +47,16 @@ typedef struct { #define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) -#include -#define core_core_arch_x86___m256i __m256i - #define core_array_TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq -#define core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(subslice, _t, _ret_t) subslice - - #define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ ((ret_t){ \ .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) - // Can't have a flexible array as a member of a union -- this violates strict aliasing rules. typedef struct { diff --git a/libcrux-ml-kem/c/internal/core.h b/libcrux-ml-kem/c/internal/core.h index a03dd66fa..0c2f19716 100644 --- a/libcrux-ml-kem/c/internal/core.h +++ b/libcrux-ml-kem/c/internal/core.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ diff --git a/libcrux-ml-kem/c/internal/libcrux_ml_kem.h b/libcrux-ml-kem/c/internal/libcrux_ml_kem.h index 58d9a57e2..562f75781 100644 --- a/libcrux-ml-kem/c/internal/libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/internal/libcrux_ml_kem.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c index 6b8a3f7cf..e46fada2f 100644 --- a/libcrux-ml-kem/c/libcrux_ml_kem.c +++ b/libcrux-ml-kem/c/libcrux_ml_kem.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ @@ -136,9 +136,7 @@ inline void libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]) { int16_t ret0[16U]; - /* FIXME: missed monomorphization */ - /* core_result_Result dst; */ - Result__int16_t_16size_t__core_array_TryFromSliceError dst; + core_result_Result dst; Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(array, ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), @@ -1856,54 +1854,52 @@ libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vec { int16_t ret0[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret0); - /* FIXME: assignment with array LHS */ - - /* ret[0U] = ret0; */ memcpy(ret[0U], ret0, sizeof(int16_t) * 16); + ret[0U] = ret0; int16_t ret1[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret1); - /* ret[1U] = ret1; */ memcpy(ret[1U], ret1, sizeof(int16_t) * 16); + ret[1U] = ret1; int16_t ret2[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret2); - /* ret[2U] = ret2; */ memcpy(ret[2U], ret2, sizeof(int16_t) * 16); + ret[2U] = ret2; int16_t ret3[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret3); - /* ret[3U] = ret3; */ memcpy(ret[3U], ret3, sizeof(int16_t) * 16); + ret[3U] = ret3; int16_t ret4[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret4); - /* ret[4U] = ret4; */ memcpy(ret[4U], ret4, sizeof(int16_t) * 16); + ret[4U] = ret4; int16_t ret5[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret5); - /* ret[5U] = ret5; */ memcpy(ret[5U], ret5, sizeof(int16_t) * 16); + ret[5U] = ret5; int16_t ret6[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret6); - /* ret[6U] = ret6; */ memcpy(ret[6U], ret6, sizeof(int16_t) * 16); + ret[6U] = ret6; int16_t ret7[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret7); - /* ret[7U] = ret7; */ memcpy(ret[7U], ret7, sizeof(int16_t) * 16); + ret[7U] = ret7; int16_t ret8[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret8); - /* ret[8U] = ret8; */ memcpy(ret[8U], ret8, sizeof(int16_t) * 16); + ret[8U] = ret8; int16_t ret9[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret9); - /* ret[9U] = ret9; */ memcpy(ret[9U], ret9, sizeof(int16_t) * 16); + ret[9U] = ret9; int16_t ret10[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret10); - /* ret[10U] = ret10; */ memcpy(ret[10U], ret10, sizeof(int16_t) * 16); + ret[10U] = ret10; int16_t ret11[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret11); - /* ret[11U] = ret11; */ memcpy(ret[11U], ret11, sizeof(int16_t) * 16); + ret[11U] = ret11; int16_t ret12[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret12); - /* ret[12U] = ret12; */ memcpy(ret[12U], ret12, sizeof(int16_t) * 16); + ret[12U] = ret12; int16_t ret13[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret13); - /* ret[13U] = ret13; */ memcpy(ret[13U], ret13, sizeof(int16_t) * 16); + ret[13U] = ret13; int16_t ret14[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret14); - /* ret[14U] = ret14; */ memcpy(ret[14U], ret14, sizeof(int16_t) * 16); + ret[14U] = ret14; int16_t ret15[16U]; libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret15); - /* ret[15U] = ret15; */ memcpy(ret[15U], ret15, sizeof(int16_t) * 16); + ret[15U] = ret15; } void @@ -2262,7 +2258,7 @@ libcrux_ml_kem_mlkem1024_validate_public_key(uint8_t public_key[1568U]) return uu____0; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( Eurydice_slice input, uint8_t ret[64U] @@ -2305,32 +2301,32 @@ libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomial (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( uint8_t input[4U][34U], - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[4U] + libcrux_sha3_portable_KeccakState1 ret[4U] ) { - uint64_t state[4U][5U][5U]; + libcrux_sha3_portable_KeccakState1 state[4U]; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - libcrux_sha3_portable_incremental_shake128_init(state[i]); + state[i] = libcrux_sha3_portable_incremental_shake128_init(); } for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &state[i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); } - uint64_t uu____1[4U][5U][5U]; - memcpy(uu____1, state, (size_t)4U * sizeof (uint64_t [5U][5U])); - memcpy(ret, uu____1, (size_t)4U * sizeof (uint64_t [5U][5U])); + libcrux_sha3_portable_KeccakState1 uu____1[4U]; + memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); + memcpy(ret, uu____1, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + libcrux_sha3_portable_KeccakState1 (*self)[4U], uint8_t ret[4U][504U] ) { @@ -2338,7 +2334,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); } @@ -2361,8 +2357,22 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice - out0 = - core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, out[i1], ( (core_ops_range_Range__size_t){ @@ -2372,25 +2382,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li ), int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - int16_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - out0); - size_t uu____0 = i1; - sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } } } @@ -2410,9 +2404,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li return done; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + libcrux_sha3_portable_KeccakState1 (*self)[4U], uint8_t ret[4U][168U] ) { @@ -2420,7 +2414,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); } @@ -2443,8 +2437,22 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice - out0 = - core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, out[i1], ( (core_ops_range_Range__size_t){ @@ -2454,25 +2462,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li ), int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - int16_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - out0); - size_t uu____0 = i1; - sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } } } @@ -2547,7 +2539,7 @@ libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_Port int16_t out[4U][272U] = { { 0U } }; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t xof_state[4U]; + libcrux_sha3_portable_KeccakState1 xof_state[4U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0, xof_state); uint8_t randomness0[4U][504U]; @@ -2717,7 +2709,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcru memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( uint8_t (*input)[33U], uint8_t ret[4U][128U] @@ -3373,7 +3365,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_Port return lit; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( Eurydice_slice input, uint8_t ret[32U] @@ -3750,7 +3742,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomia return lit; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( Eurydice_slice input, uint8_t ret[128U] @@ -4543,25 +4535,26 @@ libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVecto &message_as_ring_element, v); uint8_t ciphertext[1568U] = { 0U }; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____5 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - (size_t)1408U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice c1 = uu____5.fst; - Eurydice_slice c2 = uu____5.snd; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[4U][16U]; - memcpy(uu____6, + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[4U][16U]; + memcpy(uu____5, u, (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____6, - c1); - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t(v, - c2); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[16U]; + memcpy(uu____6, v, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); } @@ -5392,7 +5385,7 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type return Eurydice_array_to_slice((size_t)1568U, self[0U], uint8_t, Eurydice_slice); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( Eurydice_slice input, uint8_t ret[32U] @@ -5813,7 +5806,7 @@ libcrux_ml_kem_mlkem512_validate_public_key(uint8_t public_key[800U]) return uu____0; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( Eurydice_slice input, uint8_t ret[64U] @@ -5856,32 +5849,32 @@ libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomial (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( uint8_t input[2U][34U], - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[2U] + libcrux_sha3_portable_KeccakState1 ret[2U] ) { - uint64_t state[2U][5U][5U]; + libcrux_sha3_portable_KeccakState1 state[2U]; for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - libcrux_sha3_portable_incremental_shake128_init(state[i]); + state[i] = libcrux_sha3_portable_incremental_shake128_init(); } for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &state[i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); } - uint64_t uu____1[2U][5U][5U]; - memcpy(uu____1, state, (size_t)2U * sizeof (uint64_t [5U][5U])); - memcpy(ret, uu____1, (size_t)2U * sizeof (uint64_t [5U][5U])); + libcrux_sha3_portable_KeccakState1 uu____1[2U]; + memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); + memcpy(ret, uu____1, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + libcrux_sha3_portable_KeccakState1 (*self)[2U], uint8_t ret[2U][504U] ) { @@ -5889,7 +5882,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); } @@ -5912,8 +5905,22 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice - out0 = - core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, out[i1], ( (core_ops_range_Range__size_t){ @@ -5923,25 +5930,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li ), int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - int16_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - out0); - size_t uu____0 = i1; - sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } } } @@ -5961,9 +5952,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li return done; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + libcrux_sha3_portable_KeccakState1 (*self)[2U], uint8_t ret[2U][168U] ) { @@ -5971,7 +5962,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); } @@ -5994,8 +5985,22 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice - out0 = - core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, out[i1], ( (core_ops_range_Range__size_t){ @@ -6005,25 +6010,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li ), int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - int16_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - out0); - size_t uu____0 = i1; - sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } } } @@ -6070,7 +6059,7 @@ libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_Port int16_t out[2U][272U] = { { 0U } }; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t xof_state[2U]; + libcrux_sha3_portable_KeccakState1 xof_state[2U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0, xof_state); uint8_t randomness0[2U][504U]; @@ -6196,7 +6185,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcru memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( uint8_t (*input)[33U], uint8_t ret[2U][192U] @@ -6455,7 +6444,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_Port return lit; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( Eurydice_slice input, uint8_t ret[32U] @@ -6756,7 +6745,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_p memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( uint8_t (*input)[33U], uint8_t ret[2U][128U] @@ -6829,7 +6818,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomia return lit; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( Eurydice_slice input, uint8_t ret[128U] @@ -7195,25 +7184,26 @@ libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVecto &message_as_ring_element, v); uint8_t ciphertext[768U] = { 0U }; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____5 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - (size_t)640U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice c1 = uu____5.fst; - Eurydice_slice c2 = uu____5.snd; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[2U][16U]; - memcpy(uu____6, + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[2U][16U]; + memcpy(uu____5, u, (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____6, - c1); - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(v, - c2); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[16U]; + memcpy(uu____6, v, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); } @@ -7641,7 +7631,7 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type return Eurydice_array_to_slice((size_t)768U, self[0U], uint8_t, Eurydice_slice); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( Eurydice_slice input, uint8_t ret[32U] @@ -8062,7 +8052,7 @@ libcrux_ml_kem_mlkem768_validate_public_key(uint8_t public_key[1184U]) return uu____0; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( Eurydice_slice input, uint8_t ret[64U] @@ -8105,32 +8095,32 @@ libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomial (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( uint8_t input[3U][34U], - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[3U] + libcrux_sha3_portable_KeccakState1 ret[3U] ) { - uint64_t state[3U][5U][5U]; + libcrux_sha3_portable_KeccakState1 state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_sha3_portable_incremental_shake128_init(state[i]); + state[i] = libcrux_sha3_portable_incremental_shake128_init(); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &state[i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); } - uint64_t uu____1[3U][5U][5U]; - memcpy(uu____1, state, (size_t)3U * sizeof (uint64_t [5U][5U])); - memcpy(ret, uu____1, (size_t)3U * sizeof (uint64_t [5U][5U])); + libcrux_sha3_portable_KeccakState1 uu____1[3U]; + memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); + memcpy(ret, uu____1, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + libcrux_sha3_portable_KeccakState1 (*self)[3U], uint8_t ret[3U][504U] ) { @@ -8138,7 +8128,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); } @@ -8161,8 +8151,22 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice - out0 = - core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, out[i1], ( (core_ops_range_Range__size_t){ @@ -8172,25 +8176,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li ), int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - int16_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - out0); - size_t uu____0 = i1; - sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } } } @@ -8210,9 +8198,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li return done; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + libcrux_sha3_portable_KeccakState1 (*self)[3U], uint8_t ret[3U][168U] ) { @@ -8220,7 +8208,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - uint64_t (*uu____0)[5U][5U] = &self[0U][i0]; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); } @@ -8243,8 +8231,22 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice - out0 = - core_convert___core__convert__AsMut__Slice_T___for__Slice_T___9__as_mut(Eurydice_array_to_subslice((size_t)272U, + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, out[i1], ( (core_ops_range_Range__size_t){ @@ -8254,25 +8256,9 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li ), int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - int16_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - out0); - size_t uu____0 = i1; - sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } } } @@ -8319,7 +8305,7 @@ libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_Port int16_t out[3U][272U] = { { 0U } }; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t xof_state[3U]; + libcrux_sha3_portable_KeccakState1 xof_state[3U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0, xof_state); uint8_t randomness0[3U][504U]; @@ -8445,7 +8431,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcru memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( uint8_t (*input)[33U], uint8_t ret[3U][128U] @@ -8692,7 +8678,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_Port return lit; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( Eurydice_slice input, uint8_t ret[32U] @@ -9047,7 +9033,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomia return lit; } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( Eurydice_slice input, uint8_t ret[128U] @@ -9311,25 +9297,26 @@ libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVecto &message_as_ring_element, v); uint8_t ciphertext[1088U] = { 0U }; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____5 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - (size_t)960U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice c1 = uu____5.fst; - Eurydice_slice c2 = uu____5.snd; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[3U][16U]; - memcpy(uu____6, + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[3U][16U]; + memcpy(uu____5, u, (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____6, - c1); - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(v, - c2); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[16U]; + memcpy(uu____6, v, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); } @@ -9696,7 +9683,7 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type return Eurydice_array_to_slice((size_t)1088U, self[0U], uint8_t, Eurydice_slice); } -void +inline void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( Eurydice_slice input, uint8_t ret[32U] diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_ml_kem.h index 3a9a9bacb..23c3cea52 100644 --- a/libcrux-ml-kem/c/libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/libcrux_ml_kem.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/y2q40xi9l9rn3m3cs60q3ch1lf8z8bkv-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL version: */ @@ -15,6 +15,7 @@ extern "C" { #include "core.h" #include "Eurydice.h" #include "eurydice_glue.h" +#include "libcrux_hacl_glue.h" #define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) @@ -48,108 +49,6 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); - -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t x0, - uint64_t x1, - uint64_t x2, - uint64_t x3, - uint64_t x4 -); - -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t x0, - uint64_t x1 -); - -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate( - int32_t x0, - int32_t x1, - uint64_t x2, - uint64_t x3 -); - -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t x0, - uint64_t x1, - uint64_t x2 -); - -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t x0, - uint64_t x1 -); - -extern uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t x0, - uint64_t x1 -); - -#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_(x_0, x_1, x_2) - -extern void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_( - size_t x0, - uint64_t (*x1)[5U], - Eurydice_slice x2[1U] -); - -#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_(x_0, x_1, x_2) - -extern void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_( - size_t x0, - uint64_t (*x1)[5U], - Eurydice_slice x2[1U] -); - -#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full_(x_0, x_1, x_2) - -extern void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full_( - size_t x0, - uint64_t (*x1)[5U], - uint8_t x2[1U][200U] -); - -#define libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full_(x_0, x_1, x_2) - -extern void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full_( - size_t x0, - uint64_t (*x1)[5U], - uint8_t x2[1U][200U] -); - -extern void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice x0[1U], - size_t x1, - size_t x2, - Eurydice_slice x3[1U] -); - -typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s -{ - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; - -extern K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice x0[1U], - size_t x1 -); - extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); @@ -158,182 +57,32 @@ extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); -typedef uint64_t libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t[5U][5U]; - -extern void libcrux_sha3_portable_incremental_shake128_init(uint64_t x0[5U][5U]); +extern libcrux_sha3_portable_KeccakState1 +libcrux_sha3_portable_incremental_shake128_init(void); extern void libcrux_sha3_portable_incremental_shake128_absorb_final( - uint64_t (*x0)[5U][5U], + libcrux_sha3_portable_KeccakState1 *x0, Eurydice_slice x1 ); extern void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uint64_t (*x0)[5U][5U], + libcrux_sha3_portable_KeccakState1 *x0, Eurydice_slice x1 ); extern void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uint64_t (*x0)[5U][5U], + libcrux_sha3_portable_KeccakState1 *x0, Eurydice_slice x1 ); -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero( - void -); - -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m256i x2, - core_core_arch_x86___m256i x3, - core_core_arch_x86___m256i x4 -); - -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate( - int32_t x0, - int32_t x1, - core_core_arch_x86___m256i x2, - core_core_arch_x86___m256i x3 -); - -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m256i x2 -); - -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant( - core_core_arch_x86___m256i x0, - uint64_t x1 -); - -extern core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_(x_0, x_1, x_2) - -extern void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_( - size_t x0, - core_core_arch_x86___m256i (*x1)[5U], - Eurydice_slice x2[4U] -); - -#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_(x_0, x_1, x_2) - -extern void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_( - size_t x0, - core_core_arch_x86___m256i (*x1)[5U], - Eurydice_slice x2[4U] -); - -#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full_(x_0, x_1, x_2) - -extern void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full_( - size_t x0, - core_core_arch_x86___m256i (*x1)[5U], - uint8_t x2[4U][200U] -); - -#define libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full(x_0, x_1, x_2, _ret_t) libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full_(x_0, x_1, x_2) - -extern void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full_( - size_t x0, - core_core_arch_x86___m256i (*x1)[5U], - uint8_t x2[4U][200U] -); - -extern void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n( - Eurydice_slice x0[4U], - size_t x1, - size_t x2, - Eurydice_slice x3[4U] -); - -typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s -{ - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} -K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; - -extern K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n( - Eurydice_slice x0[4U], - size_t x1 -); - -typedef core_core_arch_x86___m256i -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t[5U][5U]; - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_ml_kem_hash_functions_avx2_Simd256Hash; -extern void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice x0, - Eurydice_slice x1, - Eurydice_slice x2, - Eurydice_slice x3, - Eurydice_slice x4, - Eurydice_slice x5, - Eurydice_slice x6, - Eurydice_slice x7 -); - -extern void -libcrux_sha3_avx2_x4_incremental_shake128_init(core_core_arch_x86___m256i x0[5U][5U]); - -extern void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - core_core_arch_x86___m256i (*x0)[5U][5U], - Eurydice_slice x1, - Eurydice_slice x2, - Eurydice_slice x3, - Eurydice_slice x4 -); - -extern void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - core_core_arch_x86___m256i (*x0)[5U][5U], - Eurydice_slice x1, - Eurydice_slice x2, - Eurydice_slice x3, - Eurydice_slice x4 -); - -extern void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - core_core_arch_x86___m256i (*x0)[5U][5U], - Eurydice_slice x1, - Eurydice_slice x2, - Eurydice_slice x3, - Eurydice_slice x4 -); - -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_ml_kem_hash_functions_neon_Simd128Hash[2U][2U]; +typedef libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_ml_kem_hash_functions_neon_Simd128Hash[2U]; extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); @@ -343,35 +92,13 @@ extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); -extern void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice x0, - Eurydice_slice x1, - Eurydice_slice x2, - Eurydice_slice x3 -); - -extern void libcrux_sha3_neon_x2_incremental_shake128_init(uint64_t x0[2U][5U][5U]); +#define libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_(x_0, x_1, x_2) extern void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - uint64_t (*x0)[5U][5U], - Eurydice_slice x1, - Eurydice_slice x2 -); - -extern void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - uint64_t (*x0)[5U][5U], - Eurydice_slice x1, - Eurydice_slice x2 -); - -extern void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - uint64_t (*x0)[5U][5U], - Eurydice_slice x1, - Eurydice_slice x2 +libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_( + size_t x0, + uint8_t (*x1)[34U], + libcrux_sha3_neon_x2_incremental_KeccakState2 x2[2U] ); #define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) @@ -911,18 +638,18 @@ libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomial libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] ); -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +typedef libcrux_sha3_portable_KeccakState1 libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t[4U]; void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( uint8_t input[4U][34U], - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[4U] + libcrux_sha3_portable_KeccakState1 ret[4U] ); void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + libcrux_sha3_portable_KeccakState1 (*self)[4U], uint8_t ret[4U][504U] ); @@ -935,7 +662,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[4U], + libcrux_sha3_portable_KeccakState1 (*self)[4U], uint8_t ret[4U][168U] ); @@ -1721,18 +1448,18 @@ libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomial libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] ); -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +typedef libcrux_sha3_portable_KeccakState1 libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t[2U]; void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( uint8_t input[2U][34U], - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[2U] + libcrux_sha3_portable_KeccakState1 ret[2U] ); void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + libcrux_sha3_portable_KeccakState1 (*self)[2U], uint8_t ret[2U][504U] ); @@ -1745,7 +1472,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[2U], + libcrux_sha3_portable_KeccakState1 (*self)[2U], uint8_t ret[2U][168U] ); @@ -2219,18 +1946,18 @@ libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomial libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] ); -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +typedef libcrux_sha3_portable_KeccakState1 libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t[3U]; void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( uint8_t input[3U][34U], - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t ret[3U] + libcrux_sha3_portable_KeccakState1 ret[3U] ); void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + libcrux_sha3_portable_KeccakState1 (*self)[3U], uint8_t ret[3U][504U] ); @@ -2243,7 +1970,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_li void libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t (*self)[3U], + libcrux_sha3_portable_KeccakState1 (*self)[3U], uint8_t ret[3U][168U] ); diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 5bcfa6101..883db728a 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -169,160 +169,13 @@ pub(crate) mod avx2 { #[inline(always)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); -<<<<<<< HEAD - let mut out = [[0u8; LEN]; K]; - - match K { - 2 => { - let mut dummy_out0 = [0u8; LEN]; - let mut dummy_out1 = [0u8; LEN]; - let (out0, out1) = out.split_at_mut(1); - x4::shake256( - &input[0], - &input[1], - &input[0], - &input[0], - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let mut dummy_out0 = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::shake256( - &input[0], - &input[1], - &input[2], - &input[0], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::shake256( - &input[0], - &input[1], - &input[2], - &input[3], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!(), - } - out -||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) - let mut out = [[0u8; LEN]; K]; - - match K { - 2 => { - let mut dummy_out0 = [0u8; LEN]; - let mut dummy_out1 = [0u8; LEN]; - let (out0, out1) = out.split_at_mut(1); - x4::shake256( - &input[0], - &input[1], - &input[0], - &input[0], - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let mut dummy_out0 = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::shake256( - &input[0], - &input[1], - &input[2], - &input[0], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::shake256( - &input[0], - &input[1], - &input[2], - &input[3], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!("This function is only called with 2, 3, 4"), - } - out -======= x4::shake256xN(input) ->>>>>>> 92257b7 (inline hashing and avx2 hax extraction) } #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); let state = x4::incremental::shake128_absorb_finalxN(input); - -<<<<<<< HEAD - match K { - 2 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[0], &input[0], - ); - } - 3 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[2], &input[0], - ); - } - 4 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[2], &input[3], - ); - } - _ => unreachable!(), - } -||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) - match K { - 2 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[0], &input[0], - ); - } - 3 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[2], &input[0], - ); - } - 4 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[2], &input[3], - ); - } - _ => unreachable!("This function is only called with 2, 3, 4"), - } -======= ->>>>>>> 92257b7 (inline hashing and avx2 hax extraction) Self { shake128_state: state, } @@ -331,191 +184,13 @@ pub(crate) mod avx2 { #[inline(always)] fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); -<<<<<<< HEAD - - let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { - 2 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let mut dummy_out1 = [0u8; THREE_BLOCKS]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!(), - } - out -||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) - - let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { - 2 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let mut dummy_out1 = [0u8; THREE_BLOCKS]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!("This function is only called with 2, 3, 4"), - } - out -======= x4::incremental::shake128_squeeze3xN(&mut self.shake128_state) ->>>>>>> 92257b7 (inline hashing and avx2 hax extraction) } #[inline(always)] fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); -<<<<<<< HEAD - - let mut dummy_out0 = [0u8; BLOCK_SIZE]; - let mut dummy_out1 = [0u8; BLOCK_SIZE]; - - let mut out = [[0u8; BLOCK_SIZE]; K]; - - match K { - 2 => { - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!(), - } - out -||||||| parent of 92257b7 (inline hashing and avx2 hax extraction) - - let mut dummy_out0 = [0u8; BLOCK_SIZE]; - let mut dummy_out1 = [0u8; BLOCK_SIZE]; - - let mut out = [[0u8; BLOCK_SIZE]; K]; - - match K { - 2 => { - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!("This function is only called with 2, 3, 4"), - } - out -======= x4::incremental::shake128_squeezexN(&mut self.shake128_state) ->>>>>>> 92257b7 (inline hashing and avx2 hax extraction) } } } diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index d491e0110..6673328ce 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -759,7 +759,9 @@ pub mod avx2 { }; #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - pub type KeccakState4 = KeccakState<4, core::arch::x86_64::__m256i>; + pub struct KeccakState4 { + state: KeccakState<4, core::arch::x86_64::__m256i>, + } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] pub struct KeccakState4 { state: [crate::neon::x2::incremental::KeccakState2; 2], @@ -792,7 +794,9 @@ pub mod avx2 { // [s0, s1, s2, s3] // } #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - KeccakState4::new() + KeccakState4 { + state: KeccakState::new(), + } } #[inline(always)] @@ -830,7 +834,7 @@ pub mod avx2 { // } #[cfg(all(feature = "simd256", target_arch = "x86_64"))] absorb_final::<4, core::arch::x86_64::__m256i, 168, 0x1fu8>( - s, + &mut s.state, [data0, data1, data2, data3], ); } @@ -902,7 +906,7 @@ pub mod avx2 { // } #[cfg(all(feature = "simd256", target_arch = "x86_64"))] squeeze_first_three_blocks::<4, core::arch::x86_64::__m256i, 168>( - s, + &mut s.state, [out0, out1, out2, out3], ); } @@ -996,7 +1000,7 @@ pub mod avx2 { // } #[cfg(all(feature = "simd256", target_arch = "x86_64"))] squeeze_next_block::<4, core::arch::x86_64::__m256i, 168>( - s, + &mut s.state, [out0, out1, out2, out3], ); } From 9226a0b51ecf0076c02217a8e8640795c3d5efd8 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 May 2024 09:56:39 +0200 Subject: [PATCH 21/94] fixup --- libcrux-ml-kem/.gitignore | 2 +- libcrux-ml-kem/build.rs | 28 + libcrux-ml-kem/c/Eurydice.h | 27 - libcrux-ml-kem/c/core.c | 34 - libcrux-ml-kem/c/core.h | 34 - libcrux-ml-kem/c/eurydice_glue.h | 220 - libcrux-ml-kem/c/internal/core.h | 29 - libcrux-ml-kem/c/internal/libcrux_ml_kem.h | 31 - libcrux-ml-kem/c/libcrux_ml_kem.c | 9873 -------------------- libcrux-ml-kem/c/libcrux_ml_kem.h | 2302 ----- libcrux-sha3/src/lib.rs | 2 +- 11 files changed, 30 insertions(+), 12552 deletions(-) create mode 100644 libcrux-ml-kem/build.rs delete mode 100644 libcrux-ml-kem/c/Eurydice.h delete mode 100644 libcrux-ml-kem/c/core.c delete mode 100644 libcrux-ml-kem/c/core.h delete mode 100644 libcrux-ml-kem/c/eurydice_glue.h delete mode 100644 libcrux-ml-kem/c/internal/core.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_ml_kem.h delete mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.c delete mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.h diff --git a/libcrux-ml-kem/.gitignore b/libcrux-ml-kem/.gitignore index 0eccf5f52..fed5ebf9b 100644 --- a/libcrux-ml-kem/.gitignore +++ b/libcrux-ml-kem/.gitignore @@ -1,4 +1,4 @@ Cargo.lock proofs/fstar/extraction/.cache/ proofs/fstar/extraction/.depend -# c +c diff --git a/libcrux-ml-kem/build.rs b/libcrux-ml-kem/build.rs new file mode 100644 index 000000000..51bb63d0d --- /dev/null +++ b/libcrux-ml-kem/build.rs @@ -0,0 +1,28 @@ +use std::env; + +fn main() { + let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); + let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + }; + + let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + }; + + if target_arch == "aarch64" && !disable_simd128 { + // We enable simd128 on all aarch64 builds. + // println!("cargo:rustc-cfg=feature=\"simd128\""); + } + if target_arch == "x86_64" && !disable_simd256 { + // We enable simd256 on all x86_64 builds. + // Note that this doesn't mean the required CPU features are available. + // But the compiler will support them and the runtime checks ensure that + // it's only used when available. + // + // We don't enable this on x86 because it seems to generate invalid code. + println!("cargo:rustc-cfg=feature=\"simd256\""); + } +} diff --git a/libcrux-ml-kem/c/Eurydice.h b/libcrux-ml-kem/c/Eurydice.h deleted file mode 100644 index 65b901941..000000000 --- a/libcrux-ml-kem/c/Eurydice.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __Eurydice_H -#define __Eurydice_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "core.h" -#include "eurydice_glue.h" - -extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); - -extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); - -#if defined(__cplusplus) -} -#endif - -#define __Eurydice_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/core.c b/libcrux-ml-kem/c/core.c deleted file mode 100644 index 6ddb43fb0..000000000 --- a/libcrux-ml-kem/c/core.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/core.h" - -typedef struct Option__size_t_s -{ - core_option_Option__size_t_tags tag; - size_t f0; -} -Option__size_t; - -typedef size_t RangeTo__size_t; - -typedef size_t RangeFrom__size_t; - -typedef struct Option__uint32_t_s -{ - core_option_Option__size_t_tags tag; - uint32_t f0; -} -Option__uint32_t; - -typedef struct Option__int32_t_s -{ - core_option_Option__size_t_tags tag; - int32_t f0; -} -Option__int32_t; - diff --git a/libcrux-ml-kem/c/core.h b/libcrux-ml-kem/c/core.h deleted file mode 100644 index e4bb00263..000000000 --- a/libcrux-ml-kem/c/core.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __core_H -#define __core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define core_option_None 0 -#define core_option_Some 1 - -typedef uint8_t core_option_Option__size_t_tags; - -typedef struct core_ops_range_Range__size_t_s -{ - size_t start; - size_t end; -} -core_ops_range_Range__size_t; - -#if defined(__cplusplus) -} -#endif - -#define __core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h deleted file mode 100644 index c8b0825db..000000000 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ /dev/null @@ -1,220 +0,0 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) - -// SLICES, ARRAYS, ETC. - -// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. -// the number of elements in the slice (this is NOT the number of bytes). This design choice has two -// important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it -// by sizeof t, where t is the type of the elements. -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end -// index in x (excluded). The argument x must be suitably cast to something that can decay (see -// remark above about how pointer arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) -#define EURYDICE_SLICE_LEN(s, _) s.len -#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) - -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) - -// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. -typedef struct -{ - uint8_t tag; - uint8_t case_Ok[]; -} -result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { - uint32_t x = htobe32(src); - memcpy(dst, &x, 4); -} - -static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) -{ - return x; -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } - -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { - *x0 = *x0 + *x1; -} - -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } - -// ITERATORS - -#define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ - ((iter_ptr)->start == (iter_ptr)->end) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ - ) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter - -typedef struct { - Eurydice_slice slice; - size_t chunk_size; -} Eurydice_chunks; - - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static -// inline function cannot receive a type as an argument. Instead, we receive the element size and -// use it to peform manual offset computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); - chunks->slice = ((Eurydice_slice) { - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size - }); - return curr_chunk; -} - -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ - .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ - .chunk_size = sz_ }) -#define core_slice_iter_Chunks Eurydice_chunks -#define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t)) })) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ - core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) - -typedef struct { - Eurydice_slice s; - size_t index; -} Eurydice_slice_iterator; - -#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) -#define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ - (((iter)->index == (iter)->s.len) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) - -// MISC - -#define core_fmt_Formatter void - - -// VECTORS - -/* For now these are passed by value -- three words. We could conceivably change - * the representation to heap-allocate this struct and only pass around the - * pointer (one word). */ -typedef struct { - void *ptr; - size_t len; /* the number of elements */ - size_t alloc_size; /* the size of the allocation, in number of BYTES */ -} Eurydice_vec_s, *Eurydice_vec; - -/* Here, we set everything to zero rather than use a non-standard GCC - * statement-expression -- this suitably initializes ptr to NULL and len and - * size to 0. */ -#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size/sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX/2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t*)v->ptr)[v->len] = x; \ - v->len++; \ - } while (0) - -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ - } while (0) - -#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] -#define EURYDICE_VEC_LEN(v, t) (v)->len - -/* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) - -#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) - -#if defined(__cplusplus) -} -#endif diff --git a/libcrux-ml-kem/c/internal/core.h b/libcrux-ml-kem/c/internal/core.h deleted file mode 100644 index 0c2f19716..000000000 --- a/libcrux-ml-kem/c/internal/core.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_core_H -#define __internal_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../core.h" -#include "eurydice_glue.h" - -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); - -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); - -#define CORE_NUM__U32_8__BITS (32U) - -#if defined(__cplusplus) -} -#endif - -#define __internal_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_ml_kem.h b/libcrux-ml-kem/c/internal/libcrux_ml_kem.h deleted file mode 100644 index 562f75781..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_ml_kem.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_libcrux_ml_kem_H -#define __internal_libcrux_ml_kem_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/core.h" -#include "../libcrux_ml_kem.h" -#include "eurydice_glue.h" - -typedef struct core_option_Option__Eurydice_slice_uint8_t_s -{ - core_option_Option__size_t_tags tag; - Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_ml_kem_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c deleted file mode 100644 index e46fada2f..000000000 --- a/libcrux-ml-kem/c/libcrux_ml_kem.c +++ /dev/null @@ -1,9873 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/libcrux_ml_kem.h" - -#include "internal/core.h" - -uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) -{ - uint16_t value0 = (uint16_t)value; - uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; - return (uint8_t)result; -} - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -) -{ - uint8_t - mask = core_num__u8_6__wrapping_sub(libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); - uint8_t out[32U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) - { - size_t i0 = i; - uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); - out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); - } - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials___core__clone__Clone_for_libcrux_ml_kem__libcrux_polynomials__PortableVector__1__clone( - int16_t (*self)[16U], - int16_t ret[16U] -) -{ - memcpy(ret, self[0U], (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_zero(int16_t ret[16U]) -{ - ret[0U] = (int16_t)0; - ret[1U] = (int16_t)0; - ret[2U] = (int16_t)0; - ret[3U] = (int16_t)0; - ret[4U] = (int16_t)0; - ret[5U] = (int16_t)0; - ret[6U] = (int16_t)0; - ret[7U] = (int16_t)0; - ret[8U] = (int16_t)0; - ret[9U] = (int16_t)0; - ret[10U] = (int16_t)0; - ret[11U] = (int16_t)0; - ret[12U] = (int16_t)0; - ret[13U] = (int16_t)0; - ret[14U] = (int16_t)0; - ret[15U] = (int16_t)0; -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO( - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_to_i16_array(int16_t v[16U], int16_t ret[16U]) -{ - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___to_i16_array( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_to_i16_array(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -#define Ok 0 -#define Err 1 - -typedef uint8_t Result__int16_t_16size_t__core_array_TryFromSliceError_tags; - -typedef struct Result__int16_t_16size_t__core_array_TryFromSliceError_s -{ - Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__int16_t_16size_t__core_array_TryFromSliceError; - -static void -unwrap__int16_t_16size_t__core_array_TryFromSliceError( - Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -) -{ - if (self.tag == Ok) - { - int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]) -{ - int16_t ret0[16U]; - core_result_Result dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - int16_t [16U], - void *); - unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___from_i16_array( - Eurydice_slice array, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_from_i16_array(array, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_add(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs[uu____0] = lhs[uu____0] + rhs[0U][i0]; - } - memcpy(ret, lhs, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add( - int16_t lhs[16U], - int16_t (*rhs)[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_add(lhs, rhs, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_sub(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs[uu____0] = lhs[uu____0] - rhs[0U][i0]; - } - memcpy(ret, lhs, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub( - int16_t lhs[16U], - int16_t (*rhs)[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_sub(lhs, rhs, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_multiply_by_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v[uu____0] = v[uu____0] * c; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___multiply_by_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_multiply_by_constant(v, c, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_bitwise_and_with_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v[uu____0] = v[uu____0] & c; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_bitwise_and_with_constant(v, c, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_cond_subtract_3329(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - if (v[i0] >= (int16_t)3329) - { - size_t uu____0 = i0; - v[uu____0] = v[uu____0] - (int16_t)3329; - } - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___cond_subtract_3329( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_cond_subtract_3329(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -int16_t libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(int16_t value) -{ - int32_t - t = - (int32_t)value - * LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_MULTIPLIER - + (LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_R >> 1U); - int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; -} - -inline void libcrux_ml_kem_libcrux_polynomials_barrett_reduce(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[i0]); - v[i0] = uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_barrett_reduce(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -int16_t libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element(int32_t value) -{ - int32_t - k = - (int32_t)(int16_t)value - * - (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t - k_times_modulus = - (int32_t)(int16_t)k - * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; - int16_t - c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT); - int16_t - value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT); - return value_high - c; -} - -inline int16_t -libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) -{ - return - libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element((int32_t)fe * (int32_t)fer); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_by_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[i0], c); - v[i0] = uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant( - int16_t v[16U], - int16_t r, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_by_constant(v, r, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -uint8_t libcrux_ml_kem_libcrux_polynomials_compress_message_coefficient(uint16_t fe) -{ - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); -} - -inline void libcrux_ml_kem_libcrux_polynomials_compress_1(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - uint8_t - uu____0 = libcrux_ml_kem_libcrux_polynomials_compress_message_coefficient((uint16_t)v[i0]); - v[i0] = (int16_t)uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress_1( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_compress_1(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline uint32_t -libcrux_ml_kem_libcrux_polynomials_get_n_least_significant_bits(uint8_t n, uint32_t value) -{ - return value & ((1U << (uint32_t)n) - 1U); -} - -int16_t -libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient( - uint8_t coefficient_bits, - uint16_t fe -) -{ - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return - (int16_t)libcrux_ml_kem_libcrux_polynomials_get_n_least_significant_bits(coefficient_bits, - (uint32_t)compressed); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_ntt_layer_1_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -) -{ - int16_t t = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[2U], zeta0); - v[2U] = v[0U] - t; - v[0U] = v[0U] + t; - int16_t t0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[3U], zeta0); - v[3U] = v[1U] - t0; - v[1U] = v[1U] + t0; - int16_t t1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[6U], zeta1); - v[6U] = v[4U] - t1; - v[4U] = v[4U] + t1; - int16_t t2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[7U], zeta1); - v[7U] = v[5U] - t2; - v[5U] = v[5U] + t2; - int16_t - t3 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)2U], - zeta2); - v[(size_t)8U + (size_t)2U] = v[(size_t)8U + (size_t)0U] - t3; - v[(size_t)8U + (size_t)0U] = v[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)3U], - zeta2); - v[(size_t)8U + (size_t)3U] = v[(size_t)8U + (size_t)1U] - t4; - v[(size_t)8U + (size_t)1U] = v[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)6U], - zeta3); - v[(size_t)8U + (size_t)6U] = v[(size_t)8U + (size_t)4U] - t5; - v[(size_t)8U + (size_t)4U] = v[(size_t)8U + (size_t)4U] + t5; - int16_t - t6 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)7U], - zeta3); - v[(size_t)8U + (size_t)7U] = v[(size_t)8U + (size_t)5U] - t6; - v[(size_t)8U + (size_t)5U] = v[(size_t)8U + (size_t)5U] + t6; - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_1_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_ntt_layer_2_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -) -{ - int16_t t = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[4U], zeta0); - v[4U] = v[0U] - t; - v[0U] = v[0U] + t; - int16_t t0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[5U], zeta0); - v[5U] = v[1U] - t0; - v[1U] = v[1U] + t0; - int16_t t1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[6U], zeta0); - v[6U] = v[2U] - t1; - v[2U] = v[2U] + t1; - int16_t t2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[7U], zeta0); - v[7U] = v[3U] - t2; - v[3U] = v[3U] + t2; - int16_t - t3 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)4U], - zeta1); - v[(size_t)8U + (size_t)4U] = v[(size_t)8U + (size_t)0U] - t3; - v[(size_t)8U + (size_t)0U] = v[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)5U], - zeta1); - v[(size_t)8U + (size_t)5U] = v[(size_t)8U + (size_t)1U] - t4; - v[(size_t)8U + (size_t)1U] = v[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)6U], - zeta1); - v[(size_t)8U + (size_t)6U] = v[(size_t)8U + (size_t)2U] - t5; - v[(size_t)8U + (size_t)2U] = v[(size_t)8U + (size_t)2U] + t5; - int16_t - t6 = - libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[(size_t)8U + (size_t)7U], - zeta1); - v[(size_t)8U + (size_t)7U] = v[(size_t)8U + (size_t)3U] - t6; - v[(size_t)8U + (size_t)3U] = v[(size_t)8U + (size_t)3U] + t6; - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_2_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_ntt_layer_2_step(a, zeta0, zeta1, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_ntt_layer_3_step( - int16_t v[16U], - int16_t zeta, - int16_t ret[16U] -) -{ - int16_t t = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[8U], zeta); - v[8U] = v[0U] - t; - v[0U] = v[0U] + t; - int16_t t0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[9U], zeta); - v[9U] = v[1U] - t0; - v[1U] = v[1U] + t0; - int16_t t1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[10U], zeta); - v[10U] = v[2U] - t1; - v[2U] = v[2U] + t1; - int16_t t2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[11U], zeta); - v[11U] = v[3U] - t2; - v[3U] = v[3U] + t2; - int16_t t3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[12U], zeta); - v[12U] = v[4U] - t3; - v[4U] = v[4U] + t3; - int16_t t4 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[13U], zeta); - v[13U] = v[5U] - t4; - v[5U] = v[5U] + t4; - int16_t t5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[14U], zeta); - v[14U] = v[6U] - t5; - v[6U] = v[6U] + t5; - int16_t t6 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(v[15U], zeta); - v[15U] = v[7U] - t6; - v[7U] = v[7U] + t6; - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_3_step( - int16_t a[16U], - int16_t zeta, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_ntt_layer_3_step(a, zeta, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_1_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -) -{ - int16_t a_minus_b = v[2U] - v[0U]; - int16_t uu____0 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[0U] + v[2U]); - v[0U] = uu____0; - int16_t - uu____1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v[2U] = uu____1; - int16_t a_minus_b0 = v[3U] - v[1U]; - int16_t uu____2 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[1U] + v[3U]); - v[1U] = uu____2; - int16_t - uu____3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v[3U] = uu____3; - int16_t a_minus_b1 = v[6U] - v[4U]; - int16_t uu____4 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[4U] + v[6U]); - v[4U] = uu____4; - int16_t - uu____5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); - v[6U] = uu____5; - int16_t a_minus_b2 = v[7U] - v[5U]; - int16_t uu____6 = libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[5U] + v[7U]); - v[5U] = uu____6; - int16_t - uu____7 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); - v[7U] = uu____7; - int16_t a_minus_b3 = v[(size_t)8U + (size_t)2U] - v[(size_t)8U + (size_t)0U]; - int16_t - uu____8 = - libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U - + (size_t)0U] - + v[(size_t)8U + (size_t)2U]); - v[(size_t)8U + (size_t)0U] = uu____8; - int16_t - uu____9 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); - v[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = v[(size_t)8U + (size_t)3U] - v[(size_t)8U + (size_t)1U]; - int16_t - uu____10 = - libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U - + (size_t)1U] - + v[(size_t)8U + (size_t)3U]); - v[(size_t)8U + (size_t)1U] = uu____10; - int16_t - uu____11 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); - v[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = v[(size_t)8U + (size_t)6U] - v[(size_t)8U + (size_t)4U]; - int16_t - uu____12 = - libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U - + (size_t)4U] - + v[(size_t)8U + (size_t)6U]); - v[(size_t)8U + (size_t)4U] = uu____12; - int16_t - uu____13 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); - v[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = v[(size_t)8U + (size_t)7U] - v[(size_t)8U + (size_t)5U]; - int16_t - uu____14 = - libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(v[(size_t)8U - + (size_t)5U] - + v[(size_t)8U + (size_t)7U]); - v[(size_t)8U + (size_t)5U] = uu____14; - int16_t - uu____15 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); - v[(size_t)8U + (size_t)7U] = uu____15; - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_1_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_2_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -) -{ - int16_t a_minus_b = v[4U] - v[0U]; - v[0U] = v[0U] + v[4U]; - int16_t - uu____0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v[4U] = uu____0; - int16_t a_minus_b0 = v[5U] - v[1U]; - v[1U] = v[1U] + v[5U]; - int16_t - uu____1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v[5U] = uu____1; - int16_t a_minus_b1 = v[6U] - v[2U]; - v[2U] = v[2U] + v[6U]; - int16_t - uu____2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); - v[6U] = uu____2; - int16_t a_minus_b2 = v[7U] - v[3U]; - v[3U] = v[3U] + v[7U]; - int16_t - uu____3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); - v[7U] = uu____3; - int16_t a_minus_b3 = v[(size_t)8U + (size_t)4U] - v[(size_t)8U + (size_t)0U]; - v[(size_t)8U + (size_t)0U] = v[(size_t)8U + (size_t)0U] + v[(size_t)8U + (size_t)4U]; - int16_t - uu____4 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); - v[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = v[(size_t)8U + (size_t)5U] - v[(size_t)8U + (size_t)1U]; - v[(size_t)8U + (size_t)1U] = v[(size_t)8U + (size_t)1U] + v[(size_t)8U + (size_t)5U]; - int16_t - uu____5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); - v[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = v[(size_t)8U + (size_t)6U] - v[(size_t)8U + (size_t)2U]; - v[(size_t)8U + (size_t)2U] = v[(size_t)8U + (size_t)2U] + v[(size_t)8U + (size_t)6U]; - int16_t - uu____6 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); - v[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = v[(size_t)8U + (size_t)7U] - v[(size_t)8U + (size_t)3U]; - v[(size_t)8U + (size_t)3U] = v[(size_t)8U + (size_t)3U] + v[(size_t)8U + (size_t)7U]; - int16_t - uu____7 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); - v[(size_t)8U + (size_t)7U] = uu____7; - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_2_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_2_step(a, zeta0, zeta1, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_3_step( - int16_t v[16U], - int16_t zeta, - int16_t ret[16U] -) -{ - int16_t a_minus_b = v[8U] - v[0U]; - v[0U] = v[0U] + v[8U]; - int16_t - uu____0 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b, zeta); - v[8U] = uu____0; - int16_t a_minus_b0 = v[9U] - v[1U]; - v[1U] = v[1U] + v[9U]; - int16_t - uu____1 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); - v[9U] = uu____1; - int16_t a_minus_b1 = v[10U] - v[2U]; - v[2U] = v[2U] + v[10U]; - int16_t - uu____2 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); - v[10U] = uu____2; - int16_t a_minus_b2 = v[11U] - v[3U]; - v[3U] = v[3U] + v[11U]; - int16_t - uu____3 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); - v[11U] = uu____3; - int16_t a_minus_b3 = v[12U] - v[4U]; - v[4U] = v[4U] + v[12U]; - int16_t - uu____4 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); - v[12U] = uu____4; - int16_t a_minus_b4 = v[13U] - v[5U]; - v[5U] = v[5U] + v[13U]; - int16_t - uu____5 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); - v[13U] = uu____5; - int16_t a_minus_b5 = v[14U] - v[6U]; - v[6U] = v[6U] + v[14U]; - int16_t - uu____6 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); - v[14U] = uu____6; - int16_t a_minus_b6 = v[15U] - v[7U]; - v[7U] = v[7U] + v[15U]; - int16_t - uu____7 = libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); - v[15U] = uu____7; - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_3_step( - int16_t a[16U], - int16_t zeta, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_3_step(a, zeta, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline K___int16_t_int16_t -libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -) -{ - int16_t a0 = _.fst; - int16_t a1 = _.snd; - int16_t b0 = _0.fst; - int16_t b1 = _0.snd; - int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t - uu____1 = - libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element(uu____0 - + - (int32_t)libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element((int32_t)a1 - * (int32_t)b1) - * (int32_t)zeta); - return - ( - (K___int16_t_int16_t){ - .fst = uu____1, - .snd = libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element((int32_t)a0 - * (int32_t)b1 - + (int32_t)a1 * (int32_t)b0) - } - ); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_ntt_multiply( - int16_t (*lhs)[16U], - int16_t (*rhs)[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -) -{ - int16_t out[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(out); - K___int16_t_int16_t lit0; - lit0.fst = lhs[0U][0U]; - lit0.snd = lhs[0U][1U]; - K___int16_t_int16_t lit1; - lit1.fst = rhs[0U][0U]; - lit1.snd = rhs[0U][1U]; - K___int16_t_int16_t - product = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit0, lit1, zeta0); - out[0U] = product.fst; - out[1U] = product.snd; - K___int16_t_int16_t lit2; - lit2.fst = lhs[0U][2U]; - lit2.snd = lhs[0U][3U]; - K___int16_t_int16_t lit3; - lit3.fst = rhs[0U][2U]; - lit3.snd = rhs[0U][3U]; - K___int16_t_int16_t - product0 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit2, lit3, -zeta0); - out[2U] = product0.fst; - out[3U] = product0.snd; - K___int16_t_int16_t lit4; - lit4.fst = lhs[0U][4U]; - lit4.snd = lhs[0U][5U]; - K___int16_t_int16_t lit5; - lit5.fst = rhs[0U][4U]; - lit5.snd = rhs[0U][5U]; - K___int16_t_int16_t - product1 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit4, lit5, zeta1); - out[4U] = product1.fst; - out[5U] = product1.snd; - K___int16_t_int16_t lit6; - lit6.fst = lhs[0U][6U]; - lit6.snd = lhs[0U][7U]; - K___int16_t_int16_t lit7; - lit7.fst = rhs[0U][6U]; - lit7.snd = rhs[0U][7U]; - K___int16_t_int16_t - product2 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit6, lit7, -zeta1); - out[6U] = product2.fst; - out[7U] = product2.snd; - K___int16_t_int16_t lit8; - lit8.fst = lhs[0U][(size_t)8U + (size_t)0U]; - lit8.snd = lhs[0U][(size_t)8U + (size_t)1U]; - K___int16_t_int16_t lit9; - lit9.fst = rhs[0U][(size_t)8U + (size_t)0U]; - lit9.snd = rhs[0U][(size_t)8U + (size_t)1U]; - K___int16_t_int16_t - product3 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit8, lit9, zeta2); - out[(size_t)8U + (size_t)0U] = product3.fst; - out[(size_t)8U + (size_t)1U] = product3.snd; - K___int16_t_int16_t lit10; - lit10.fst = lhs[0U][(size_t)8U + (size_t)2U]; - lit10.snd = lhs[0U][(size_t)8U + (size_t)3U]; - K___int16_t_int16_t lit11; - lit11.fst = rhs[0U][(size_t)8U + (size_t)2U]; - lit11.snd = rhs[0U][(size_t)8U + (size_t)3U]; - K___int16_t_int16_t - product4 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit10, lit11, -zeta2); - out[(size_t)8U + (size_t)2U] = product4.fst; - out[(size_t)8U + (size_t)3U] = product4.snd; - K___int16_t_int16_t lit12; - lit12.fst = lhs[0U][(size_t)8U + (size_t)4U]; - lit12.snd = lhs[0U][(size_t)8U + (size_t)5U]; - K___int16_t_int16_t lit13; - lit13.fst = rhs[0U][(size_t)8U + (size_t)4U]; - lit13.snd = rhs[0U][(size_t)8U + (size_t)5U]; - K___int16_t_int16_t - product5 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit12, lit13, zeta3); - out[(size_t)8U + (size_t)4U] = product5.fst; - out[(size_t)8U + (size_t)5U] = product5.snd; - K___int16_t_int16_t lit14; - lit14.fst = lhs[0U][(size_t)8U + (size_t)6U]; - lit14.snd = lhs[0U][(size_t)8U + (size_t)7U]; - K___int16_t_int16_t lit; - lit.fst = rhs[0U][(size_t)8U + (size_t)6U]; - lit.snd = rhs[0U][(size_t)8U + (size_t)7U]; - K___int16_t_int16_t - product6 = libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials(lit14, lit, -zeta3); - out[(size_t)8U + (size_t)6U] = product6.fst; - out[(size_t)8U + (size_t)7U] = product6.snd; - memcpy(ret, out, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_multiply( - int16_t (*lhs)[16U], - int16_t (*rhs)[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_serialize_1(int16_t v[16U], uint8_t ret[2U]) -{ - uint8_t result[2U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) - { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v[i0] << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_1( - int16_t a[16U], - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_libcrux_polynomials_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_deserialize_1(Eurydice_slice v, int16_t ret[16U]) -{ - int16_t result[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(result); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); - result[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); - } - for - (size_t - i = (size_t)8U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); - result[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); - } - memcpy(ret, result, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_1( - Eurydice_slice a, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_deserialize_1(a, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_serialize_4(int16_t v[16U], uint8_t ret[8U]) -{ - uint8_t result[8U] = { 0U }; - result[0U] = (uint32_t)(uint8_t)v[1U] << 4U | (uint32_t)(uint8_t)v[0U]; - result[1U] = (uint32_t)(uint8_t)v[3U] << 4U | (uint32_t)(uint8_t)v[2U]; - result[2U] = (uint32_t)(uint8_t)v[5U] << 4U | (uint32_t)(uint8_t)v[4U]; - result[3U] = (uint32_t)(uint8_t)v[7U] << 4U | (uint32_t)(uint8_t)v[6U]; - result[4U] = - (uint32_t)(uint8_t)v[(size_t)8U + (size_t)1U] - << 4U - | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)0U]; - result[5U] = - (uint32_t)(uint8_t)v[(size_t)8U + (size_t)3U] - << 4U - | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)2U]; - result[6U] = - (uint32_t)(uint8_t)v[(size_t)8U + (size_t)5U] - << 4U - | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)4U]; - result[7U] = - (uint32_t)(uint8_t)v[(size_t)8U + (size_t)7U] - << 4U - | (uint32_t)(uint8_t)v[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_4( - int16_t a[16U], - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_libcrux_polynomials_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_deserialize_4(Eurydice_slice bytes, int16_t ret[16U]) -{ - int16_t v[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(v); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - v[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - v[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - v[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - v[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - v[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - v[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_4( - Eurydice_slice a, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_deserialize_4(a, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_serialize_5(int16_t v[16U], uint8_t ret[10U]) -{ - uint8_t result[10U] = { 0U }; - result[0U] = (uint8_t)((v[1U] & (int16_t)7) << 5U | v[0U]); - result[1U] = (uint8_t)(((v[3U] & (int16_t)1) << 7U | v[2U] << 2U) | v[1U] >> 3U); - result[2U] = (uint8_t)((v[4U] & (int16_t)15) << 4U | v[3U] >> 1U); - result[3U] = (uint8_t)(((v[6U] & (int16_t)3) << 6U | v[5U] << 1U) | v[4U] >> 4U); - result[4U] = (uint8_t)(v[7U] << 3U | v[6U] >> 2U); - result[5U] = - (uint8_t)((v[(size_t)8U + (size_t)1U] & (int16_t)7) << 5U | v[(size_t)8U + (size_t)0U]); - result[6U] = - (uint8_t)(((v[(size_t)8U + (size_t)3U] & (int16_t)1) << 7U | v[(size_t)8U + (size_t)2U] << 2U) - | v[(size_t)8U + (size_t)1U] >> 3U); - result[7U] = - (uint8_t)((v[(size_t)8U + (size_t)4U] & (int16_t)15) << 4U | v[(size_t)8U + (size_t)3U] >> 1U); - result[8U] = - (uint8_t)(((v[(size_t)8U + (size_t)6U] & (int16_t)3) << 6U | v[(size_t)8U + (size_t)5U] << 1U) - | v[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = (uint8_t)(v[(size_t)8U + (size_t)7U] << 3U | v[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_5( - int16_t a[16U], - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_libcrux_polynomials_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_deserialize_5(Eurydice_slice bytes, int16_t ret[16U]) -{ - int16_t v[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(v); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t - uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t - uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t - uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t - uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); - v[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t - uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) - << 3U; - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); - v[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); - v[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t - uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) - << 1U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); - v[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t - uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) - << 4U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); - v[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); - v[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t - uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) - << 2U; - uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); - v[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); - v[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_5( - Eurydice_slice a, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_deserialize_5(a, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_serialize_10(int16_t v[16U], uint8_t ret[20U]) -{ - uint8_t result[20U] = { 0U }; - result[0U] = (uint8_t)(v[0U] & (int16_t)255); - result[1U] = - (uint32_t)(uint8_t)(v[1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v[0U] >> 8U & (int16_t)3); - result[2U] = - (uint32_t)(uint8_t)(v[2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v[1U] >> 6U & (int16_t)15); - result[3U] = - (uint32_t)(uint8_t)(v[3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v[2U] >> 4U & (int16_t)63); - result[4U] = (uint8_t)(v[3U] >> 2U & (int16_t)255); - result[5U] = (uint8_t)(v[4U] & (int16_t)255); - result[6U] = - (uint32_t)(uint8_t)(v[5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v[4U] >> 8U & (int16_t)3); - result[7U] = - (uint32_t)(uint8_t)(v[6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v[5U] >> 6U & (int16_t)15); - result[8U] = - (uint32_t)(uint8_t)(v[7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v[6U] >> 4U & (int16_t)63); - result[9U] = (uint8_t)(v[7U] >> 2U & (int16_t)255); - result[10U] = (uint8_t)(v[(size_t)8U + (size_t)0U] & (int16_t)255); - result[11U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); - result[12U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); - result[13U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); - result[14U] = (uint8_t)(v[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); - result[15U] = (uint8_t)(v[(size_t)8U + (size_t)4U] & (int16_t)255); - result[16U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); - result[17U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); - result[18U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); - result[19U] = (uint8_t)(v[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10( - int16_t a[16U], - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_libcrux_polynomials_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_deserialize_10(Eurydice_slice bytes, int16_t ret[16U]) -{ - int16_t result[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(result); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - result[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t - uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t - uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t - uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - result[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t - uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); - result[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)15) - << 6U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); - result[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) - & (int16_t)63) - << 4U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); - result[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t - uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) - << 2U; - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); - result[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t - uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); - result[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t - uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) - & (int16_t)15) - << 6U; - uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); - result[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t - uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) - & (int16_t)63) - << 4U; - uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); - result[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t - uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) - << 2U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); - result[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; - memcpy(ret, result, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_10( - Eurydice_slice a, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_deserialize_10(a, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_serialize_11(int16_t v[16U], uint8_t ret[22U]) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v[0U]; - result[1U] = (uint32_t)(uint8_t)(v[1U] & (int16_t)31) << 3U | (uint32_t)(uint8_t)(v[0U] >> 8U); - result[2U] = (uint32_t)(uint8_t)(v[2U] & (int16_t)3) << 6U | (uint32_t)(uint8_t)(v[1U] >> 5U); - result[3U] = (uint8_t)(v[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v[2U] >> 10U); - result[5U] = (uint32_t)(uint8_t)(v[4U] & (int16_t)15) << 4U | (uint32_t)(uint8_t)(v[3U] >> 7U); - result[6U] = (uint32_t)(uint8_t)(v[5U] & (int16_t)1) << 7U | (uint32_t)(uint8_t)(v[4U] >> 4U); - result[7U] = (uint8_t)(v[5U] >> 1U & (int16_t)255); - result[8U] = (uint32_t)(uint8_t)(v[6U] & (int16_t)63) << 2U | (uint32_t)(uint8_t)(v[5U] >> 9U); - result[9U] = (uint32_t)(uint8_t)(v[7U] & (int16_t)7) << 5U | (uint32_t)(uint8_t)(v[6U] >> 6U); - result[10U] = (uint8_t)(v[7U] >> 3U); - result[11U] = (uint8_t)v[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11( - int16_t a[16U], - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_libcrux_polynomials_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_deserialize_11(Eurydice_slice bytes, int16_t ret[16U]) -{ - int16_t result[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(result); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - result[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - result[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); - result[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); - result[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); - result[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) - & (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); - result[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) - & (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); - result[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); - result[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) - & (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); - result[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); - result[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - memcpy(ret, result, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_11( - Eurydice_slice a, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_deserialize_11(a, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void libcrux_ml_kem_libcrux_polynomials_serialize_12(int16_t v[16U], uint8_t ret[24U]) -{ - uint8_t result[24U] = { 0U }; - result[0U] = (uint8_t)(v[0U] & (int16_t)255); - result[1U] = (uint8_t)(v[0U] >> 8U | (v[1U] & (int16_t)15) << 4U); - result[2U] = (uint8_t)(v[1U] >> 4U & (int16_t)255); - result[3U] = (uint8_t)(v[2U] & (int16_t)255); - result[4U] = (uint8_t)(v[2U] >> 8U | (v[3U] & (int16_t)15) << 4U); - result[5U] = (uint8_t)(v[3U] >> 4U & (int16_t)255); - result[6U] = (uint8_t)(v[4U] & (int16_t)255); - result[7U] = (uint8_t)(v[4U] >> 8U | (v[5U] & (int16_t)15) << 4U); - result[8U] = (uint8_t)(v[5U] >> 4U & (int16_t)255); - result[9U] = (uint8_t)(v[6U] & (int16_t)255); - result[10U] = (uint8_t)(v[6U] >> 8U | (v[7U] & (int16_t)15) << 4U); - result[11U] = (uint8_t)(v[7U] >> 4U & (int16_t)255); - result[12U] = (uint8_t)(v[(size_t)8U + (size_t)0U] & (int16_t)255); - result[13U] = - (uint8_t)(v[(size_t)8U + (size_t)0U] >> 8U | (v[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = (uint8_t)(v[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); - result[15U] = (uint8_t)(v[(size_t)8U + (size_t)2U] & (int16_t)255); - result[16U] = - (uint8_t)(v[(size_t)8U + (size_t)2U] >> 8U | (v[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = (uint8_t)(v[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); - result[18U] = (uint8_t)(v[(size_t)8U + (size_t)4U] & (int16_t)255); - result[19U] = - (uint8_t)(v[(size_t)8U + (size_t)4U] >> 8U | (v[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = (uint8_t)(v[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); - result[21U] = (uint8_t)(v[(size_t)8U + (size_t)6U] & (int16_t)255); - result[22U] = - (uint8_t)(v[(size_t)8U + (size_t)6U] >> 8U | (v[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = (uint8_t)(v[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_12( - int16_t a[16U], - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_libcrux_polynomials_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_deserialize_12(Eurydice_slice bytes, int16_t ret[16U]) -{ - int16_t re[16U]; - libcrux_ml_kem_libcrux_polynomials_zero(re); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); - int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); - re[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - re[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - re[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); - re[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); - re[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); - re[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); - re[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); - re[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); - int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); - int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); - int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); - int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); - int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); - int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); - int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); - int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); - int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); - int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); - int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); - re[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); - re[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); - re[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); - re[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); - re[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); - re[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); - re[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); - re[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); - memcpy(ret, re, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12( - Eurydice_slice a, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_deserialize_12(a, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline size_t -libcrux_ml_kem_libcrux_polynomials_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return libcrux_ml_kem_libcrux_polynomials_rej_sample(a, out); -} - -const -int16_t -libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, - (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, - (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, - (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, - (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, - (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, - (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, - (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, - (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, - (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, - (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, - (int16_t)1522, (int16_t)1628 - }; - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret0); - ret[0U] = ret0; - int16_t ret1[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret1); - ret[1U] = ret1; - int16_t ret2[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret2); - ret[2U] = ret2; - int16_t ret3[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret3); - ret[3U] = ret3; - int16_t ret4[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret4); - ret[4U] = ret4; - int16_t ret5[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret5); - ret[5U] = ret5; - int16_t ret6[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret6); - ret[6U] = ret6; - int16_t ret7[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret7); - ret[7U] = ret7; - int16_t ret8[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret8); - ret[8U] = ret8; - int16_t ret9[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret9); - ret[9U] = ret9; - int16_t ret10[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret10); - ret[10U] = ret10; - int16_t ret11[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret11); - ret[11U] = ret11; - int16_t ret12[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret12); - ret[12U] = ret12; - int16_t ret13[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret13); - ret[13U] = ret13; - int16_t ret14[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret14); - ret[14U] = ret14; - int16_t ret15[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(ret15); - ret[15U] = ret15; -} - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - int16_t coefficient[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12(bytes, - coefficient); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___cond_subtract_3329(coefficient, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t(i, - deserialized_pk[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, - uu____0); - memcpy(deserialized_pk[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - deserialized_pk, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_shift_right___15int32_t(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - v[i0] = v[i0] >> (uint32_t)(int32_t)15; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___shift_right___15int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_shift_right___15int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t a[16U], - int16_t ret[16U] -) -{ - int16_t t[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___shift_right___15int32_t(a, - t); - int16_t fm[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS, - fm); - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(a, - &fm, - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], - coefficient); - uint8_t bytes[24U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector key[4U][16U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - memcpy(re, key[i0], (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[4U][16U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t ret0[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[4U][16U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[4U][16U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key(uint8_t public_key[1568U]) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(public_key)) - { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ lit; - lit.tag = core_option_Some; - memcpy(lit.f0, public_key, (size_t)1568U * sizeof (uint8_t)); - uu____0 = lit; - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _j, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, - ret0[i]); - } - memcpy(ret, - ret0, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U], - libcrux_sha3_portable_KeccakState1 ret[4U] -) -{ - libcrux_sha3_portable_KeccakState1 state[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[4U]; - memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); - memcpy(ret, uu____1, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_portable_KeccakState1 (*self)[4U], - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_sha3_portable_KeccakState1 (*self)[4U], - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice a, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uu____0); - memcpy(result[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - int16_t s[272U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_portable_KeccakState1 xof_state[4U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0, - xof_state); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - void - (*uu____4)(int16_t x0[272U], libcrux_ml_kem_libcrux_polynomials_PortableVector x1[16U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[4U][16U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) - { - uu____4(uu____3[i_array_map], uu____5[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[4U][4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_libcrux_polynomials_PortableVector sampled[4U][16U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector sample[16U]; - memcpy(sample, - sampled[j], - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - if (transpose) - { - memcpy(A_transpose[j][i1], - sample, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - else - { - memcpy(A_transpose[i1][j], - sample, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U])); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) -{ - uint8_t out[34U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) -{ - uint8_t out[33U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -inline void -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(randomness, - uu____0); - memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - int16_t t[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___multiply_by_constant(re[0U][j - + step], - (int16_t)-1600, - t); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(re[0U][j], - &t, - uu____0); - memcpy(re[0U][j + step], uu____0, (size_t)16U * sizeof (int16_t)); - int16_t uu____1[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(re[0U][j], - &t, - uu____1); - memcpy(re[0U][j], uu____1, (size_t)16U * sizeof (int16_t)); - } -} - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t v[16U], - int16_t fer, - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(v, - fer, - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t a[16U], - int16_t b[16U], - int16_t zeta_r -) -{ - int16_t t[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector(b, - zeta_r, - t); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(a, - &t, - b); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(a, - &t, - a); - K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector - lit; - memcpy(lit.fst, a, (size_t)16U * sizeof (int16_t)); - memcpy(lit.snd, b, (size_t)16U * sizeof (int16_t)); - return lit; -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t layer, - size_t _initial_coefficient_bound -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector - uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][j], - re[0U][j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - int16_t x[16U]; - memcpy(x, uu____0.fst, (size_t)16U * sizeof (int16_t)); - int16_t y[16U]; - memcpy(y, uu____0.snd, (size_t)16U * sizeof (int16_t)); - memcpy(re[0U][j], x, (size_t)16U * sizeof (int16_t)); - memcpy(re[0U][j + step_vec], y, (size_t)16U * sizeof (int16_t)); - } - } -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_3_step(re[0U][round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - uu____0); - memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_2_step(re[0U][round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - uu____0); - memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_1_step(re[0U][round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U], - uu____0); - memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U] -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(self[0U][i0], - uu____0); - memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re_as_ntt[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(i, - re_as_ntt[i]); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice), - uu____1); - memcpy(re_as_ntt[i0], - uu____1, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[4U][16U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - lit.snd = domain_separator; - return lit; -} - -void -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector out[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(out); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_multiply(&self[0U][i0], - &rhs[0U][i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0 + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0 + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0 + (size_t)3U], - uu____0); - memcpy(out[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, out, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self[0U], - int16_t [16U], - Eurydice_slice), - int16_t [16U], - size_t); - i++) - { - size_t i0 = i; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], - &rhs[0U][i0], - uu____0); - memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_standard_domain__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS, - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - int16_t coefficient_normal_form[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_standard_domain__libcrux_ml_kem_libcrux_polynomials_PortableVector(self[0U][j], - coefficient_normal_form); - int16_t uu____0[16U]; - int16_t ret[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(coefficient_normal_form, - &error[0U][j], - ret); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret, - uu____0); - memcpy(self[0U][j], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[4U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(i, - result[i]); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_element)[16U] = &row[j]; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(matrix_element, - &s_as_ntt[j], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[4U][4U][16U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[4U][16U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_as_ntt[4U][16U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____4[4U][16U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[4U][16U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t secret_key_serialized[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U], - uint8_t ret[3168U] -) -{ - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); - memcpy(ret, uu____0, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uint8_t sk[3168U], - uint8_t pk[1568U] -) -{ - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t lit; - memcpy(lit.sk, sk, (size_t)3168U * sizeof (uint8_t)); - memcpy(lit.pk, pk, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - uint8_t private_key[3168U]; - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2, - private_key); - uint8_t uu____3[3168U]; - memcpy(uu____3, private_key, (size_t)3168U * sizeof (uint8_t)); - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - uu____4); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - uint8_t (*self)[1568U] -) -{ - return self[0U]; -} - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t(i, - deserialized_pk[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, - uu____0); - memcpy(deserialized_pk[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - deserialized_pk, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -void -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(i, - error_1[i]); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice), - uu____1); - memcpy(error_1[i0], - uu____1, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[4U][16U]; - memcpy(uu____2, - error_1, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_1_step(re[0U][round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U], - uu____0); - memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_2_step(re[0U][round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - uu____0); - memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_3_step(re[0U][round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - uu____0); - memcpy(re[0U][round], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t a[16U], - int16_t b[16U], - int16_t zeta_r -) -{ - int16_t a_minus_b[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(b, - &a, - a_minus_b); - int16_t ret[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(a, - &b, - ret); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret, - a); - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_minus_b, - zeta_r, - b); - K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector - lit; - memcpy(lit.fst, a, (size_t)16U * sizeof (int16_t)); - memcpy(lit.snd, b, (size_t)16U * sizeof (int16_t)); - return lit; -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector - uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][j], - re[0U][j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - int16_t x[16U]; - memcpy(x, uu____0.fst, (size_t)16U * sizeof (int16_t)); - int16_t y[16U]; - memcpy(y, uu____0.snd, (size_t)16U * sizeof (int16_t)); - memcpy(re[0U][j], x, (size_t)16U * sizeof (int16_t)); - memcpy(re[0U][j + step_vec], y, (size_t)16U * sizeof (int16_t)); - } - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - int16_t coefficient_normal_form[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(self[0U][j], - (int16_t)1441, - coefficient_normal_form); - int16_t uu____0[16U]; - int16_t ret[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(coefficient_normal_form, - &error[0U][j], - ret); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret, - uu____0); - memcpy(self[0U][j], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[4U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(i, - result[i]); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [4U][16U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_element)[16U] = &row[j]; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_element, - &r_as_ntt[j], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_decompress_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO(uu____0); - int16_t ret0[16U]; - int16_t ret1[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(uu____0, - &v, - ret1); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant(ret1, - (int16_t)1665, - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( - uint8_t serialized[32U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - int16_t coefficient_compressed[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - coefficient_compressed); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_decompress_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(coefficient_compressed, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient_normal_form[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(result[i0], - (int16_t)1441, - coefficient_normal_form); - int16_t tmp0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], - &message[0U][i0], - tmp0); - int16_t tmp[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(coefficient_normal_form, - &tmp0, - tmp); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(tmp, - uu____0); - memcpy(result[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(error_2, - message, - result, - result); - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_compress___10int32_t(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)10, - (uint16_t)v[i0]); - v[i0] = uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_compress___10int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], - ret0); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t(ret0, - coefficient); - uint8_t bytes[20U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_compress___11int32_t(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)11, - (uint16_t)v[i0]); - v[i0] = uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_compress___11int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], - ret0); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t(ret0, - coefficient); - uint8_t bytes[22U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector input[4U][16U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - memcpy(re, - input[i0], - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_libcrux_polynomials_compress___4int32_t(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)4, - (uint16_t)v[i0]); - v[i0] = uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___4int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_compress___4int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - int16_t ret[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[i0], - ret); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___4int32_t(ret, - coefficient); - uint8_t bytes[8U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_libcrux_polynomials_compress___5int32_t(int16_t v[16U], int16_t ret[16U]) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient((uint8_t)(int32_t)5, - (uint16_t)v[i0]); - v[i0] = uu____0; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___5int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_compress___5int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficients[16U]; - int16_t ret[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[i0], - ret); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___5int32_t(ret, - coefficients); - uint8_t bytes[10U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_libcrux_polynomials_PortableVector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[4U][4U][16U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_libcrux_polynomials_PortableVector r_as_ntt[4U][16U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[4U][16U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_2[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice), - error_2); - libcrux_ml_kem_libcrux_polynomials_PortableVector u[4U][16U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_libcrux_polynomials_PortableVector message_as_ring_element[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(uu____4, - message_as_ring_element); - libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element, - v); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[4U][16U]; - memcpy(uu____5, - u, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[16U]; - memcpy(uu____6, v, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1568U], - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - uint8_t uu____5[1568U]; - memcpy(uu____5, uu____4, (size_t)1568U * sizeof (uint8_t)); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - memcpy(lit.fst, uu____5, (size_t)1568U * sizeof (uint8_t)); - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1568U], - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - uint8_t (*uu____3)[1568U] = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - uint8_t (*uu____5)[1568U] = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate(uint8_t (*public_key)[1568U], uint8_t randomness[32U]) -{ - uint8_t (*uu____0)[1568U] = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___3168size_t( - uint8_t (*self)[3168U], - size_t mid -) -{ - return - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - self[0U], - uint8_t, - Eurydice_slice), - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); -} - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___10int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int32_t - decompressed = - (int32_t)v[i0] - * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); - decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v[i0] = (int16_t)decompressed; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___10int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___10int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - int16_t coefficient[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_10(bytes, - coefficient); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___11int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int32_t - decompressed = - (int32_t)v[i0] - * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); - decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); - v[i0] = (int16_t)decompressed; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___11int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___11int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - int16_t coefficient[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_11(bytes, - coefficient); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, - uu____0); - memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t(i, - u_as_ntt[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t(u_bytes, - uu____0); - memcpy(u_as_ntt[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___4int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int32_t - decompressed = - (int32_t)v[i0] - * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); - decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); - v[i0] = (int16_t)decompressed; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___4int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___4int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - int16_t coefficient[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_4(bytes, - coefficient); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___5int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) - { - size_t i0 = i; - int32_t - decompressed = - (int32_t)v[i0] - * (int32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); - decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); - v[i0] = (int16_t)decompressed; - } - memcpy(ret, v, (size_t)16U * sizeof (int16_t)); -} - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___5int32_t( - int16_t v[16U], - int16_t ret[16U] -) -{ - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___5int32_t(v, ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_5(bytes, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - int16_t uu____1[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___5int32_t(re[i0], - uu____1); - memcpy(re[i0], uu____1, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, - uu____0); - memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12(bytes, - uu____0); - memcpy(re[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, re, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[4U][16U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(i, - secret_as_ntt[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(secret_bytes, - uu____0); - memcpy(secret_as_ntt[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - secret_as_ntt, - (size_t)4U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector b[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient_normal_form[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant(b[i0], - (int16_t)1441, - coefficient_normal_form); - int16_t uu____0[16U]; - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub(self[0U][i0], - &coefficient_normal_form, - ret0); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce(ret0, - uu____0); - memcpy(b[i0], uu____0, (size_t)16U * sizeof (int16_t)); - } - memcpy(ret, b, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&result); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(v, - result, - result); - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[i0], - coefficient); - int16_t coefficient_compressed[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress_1(coefficient, - coefficient_compressed); - uint8_t bytes[2U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[4U][16U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice), - v); - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[4U][16U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector message[16U]; - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(&v, - secret_as_ntt, - u_as_ntt, - message); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) -{ - uint8_t out[1600U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - uint8_t (*self)[1568U] -) -{ - return Eurydice_array_to_slice((size_t)1568U, self[0U], uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - uint8_t (*private_key)[3168U], - uint8_t (*ciphertext)[1568U], - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___3168size_t(private_key, - (size_t)1536U); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext[0U], - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - uint8_t (*private_key)[3168U], - uint8_t (*ciphertext)[1568U], - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem1024_decapsulate( - uint8_t (*private_key)[3168U], - uint8_t (*ciphertext)[1568U], - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t(i, - deserialized_pk[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, - uu____0); - memcpy(deserialized_pk[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - deserialized_pk, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector key[2U][16U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - memcpy(re, key[i0], (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[2U][16U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t ret0[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[2U][16U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[2U][16U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key(uint8_t public_key[800U]) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(public_key)) - { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ lit; - lit.tag = core_option_Some; - memcpy(lit.f0, public_key, (size_t)800U * sizeof (uint8_t)); - uu____0 = lit; - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _j, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, - ret0[i]); - } - memcpy(ret, - ret0, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U], - libcrux_sha3_portable_KeccakState1 ret[2U] -) -{ - libcrux_sha3_portable_KeccakState1 state[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[2U]; - memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); - memcpy(ret, uu____1, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_portable_KeccakState1 (*self)[2U], - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_sha3_portable_KeccakState1 (*self)[2U], - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -void -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - int16_t s[272U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_portable_KeccakState1 xof_state[2U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0, - xof_state); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - void - (*uu____4)(int16_t x0[272U], libcrux_ml_kem_libcrux_polynomials_PortableVector x1[16U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[2U][16U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) - { - uu____4(uu____3[i_array_map], uu____5[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[2U][2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_libcrux_polynomials_PortableVector sampled[2U][16U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector sample[16U]; - memcpy(sample, - sampled[j], - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - if (transpose) - { - memcpy(A_transpose[j][i1], - sample, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - else - { - memcpy(A_transpose[i1][j], - sample, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U])); -} - -void -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)192U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -inline void -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(randomness, - uu____0); - memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re_as_ntt[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(i, - re_as_ntt[i]); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice), - uu____1); - memcpy(re_as_ntt[i0], - uu____1, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[2U][16U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - lit.snd = domain_separator; - return lit; -} - -void -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self[0U], - int16_t [16U], - Eurydice_slice), - int16_t [16U], - size_t); - i++) - { - size_t i0 = i; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], - &rhs[0U][i0], - uu____0); - memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[2U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(i, - result[i]); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_element)[16U] = &row[j]; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(matrix_element, - &s_as_ntt[j], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[2U][2U][16U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[2U][16U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_as_ntt[2U][16U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____4[2U][16U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[2U][16U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t secret_key_serialized[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U], - uint8_t ret[1632U] -) -{ - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); - memcpy(ret, uu____0, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uint8_t sk[1632U], - uint8_t pk[800U] -) -{ - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t lit; - memcpy(lit.sk, sk, (size_t)1632U * sizeof (uint8_t)); - memcpy(lit.pk, pk, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - uint8_t private_key[1632U]; - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2, - private_key); - uint8_t uu____3[1632U]; - memcpy(uu____3, private_key, (size_t)1632U * sizeof (uint8_t)); - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - uu____4); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - uint8_t (*self)[800U] -) -{ - return self[0U]; -} - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t(i, - deserialized_pk[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, - uu____0); - memcpy(deserialized_pk[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - deserialized_pk, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -void -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(i, - error_1[i]); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice), - uu____1); - memcpy(error_1[i0], - uu____1, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[2U][16U]; - memcpy(uu____2, - error_1, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[2U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(i, - result[i]); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [2U][16U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_element)[16U] = &row[j]; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_element, - &r_as_ntt[j], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(error_2, - message, - result, - result); - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], - ret0); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t(ret0, - coefficient); - uint8_t bytes[20U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - int16_t coefficient[16U]; - int16_t ret0[16U]; - libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector(re[0U][i0], - ret0); - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t(ret0, - coefficient); - uint8_t bytes[22U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector input[2U][16U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - memcpy(re, - input[i0], - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_libcrux_polynomials_PortableVector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[2U][2U][16U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_libcrux_polynomials_PortableVector r_as_ntt[2U][16U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[2U][16U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_2[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice), - error_2); - libcrux_ml_kem_libcrux_polynomials_PortableVector u[2U][16U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_libcrux_polynomials_PortableVector message_as_ring_element[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(uu____4, - message_as_ring_element); - libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element, - v); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[2U][16U]; - memcpy(uu____5, - u, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[16U]; - memcpy(uu____6, v, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uint8_t (*public_key)[800U], - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____5[768U]; - memcpy(uu____5, uu____4, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - memcpy(lit.fst, uu____5, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uint8_t (*public_key)[800U], - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - uint8_t (*uu____3)[800U] = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - uint8_t (*uu____5)[800U] = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6); - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate(uint8_t (*public_key)[800U], uint8_t randomness[32U]) -{ - uint8_t (*uu____0)[800U] = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); -} - -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___1632size_t( - uint8_t (*self)[1632U], - size_t mid -) -{ - return - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - self[0U], - uint8_t, - Eurydice_slice), - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); -} - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, - uu____0); - memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t(i, - u_as_ntt[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(u_bytes, - uu____0); - memcpy(u_as_ntt[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_libcrux_polynomials_PortableVector(serialized, - uu____0); - memcpy(ret, uu____0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[2U][16U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(i, - secret_as_ntt[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(secret_bytes, - uu____0); - memcpy(secret_as_ntt[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - secret_as_ntt, - (size_t)2U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&result); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(v, - result, - result); - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[2U][16U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice), - v); - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[2U][16U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector message[16U]; - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(&v, - secret_as_ntt, - u_as_ntt, - message); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) -{ - uint8_t out[800U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - uint8_t (*self)[768U] -) -{ - return Eurydice_array_to_slice((size_t)768U, self[0U], uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - uint8_t (*private_key)[1632U], - uint8_t (*ciphertext)[768U], - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___1632size_t(private_key, - (size_t)768U); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext[0U], - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - uint8_t (*private_key)[1632U], - uint8_t (*ciphertext)[768U], - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem512_decapsulate( - uint8_t (*private_key)[1632U], - uint8_t (*ciphertext)[768U], - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t(i, - deserialized_pk[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, - uu____0); - memcpy(deserialized_pk[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - deserialized_pk, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector key[3U][16U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - memcpy(re, key[i0], (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[3U][16U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[3U][16U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[3U][16U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key(uint8_t public_key[1184U]) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(public_key)) - { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ lit; - lit.tag = core_option_Some; - memcpy(lit.f0, public_key, (size_t)1184U * sizeof (uint8_t)); - uu____0 = lit; - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _j, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, - ret0[i]); - } - memcpy(ret, - ret0, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U], - libcrux_sha3_portable_KeccakState1 ret[3U] -) -{ - libcrux_sha3_portable_KeccakState1 state[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[3U]; - memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); - memcpy(ret, uu____1, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_portable_KeccakState1 (*self)[3U], - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_sha3_portable_KeccakState1 (*self)[3U], - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self[0U][i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -void -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - int16_t s[272U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_portable_KeccakState1 xof_state[3U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0, - xof_state); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - void - (*uu____4)(int16_t x0[272U], libcrux_ml_kem_libcrux_polynomials_PortableVector x1[16U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[3U][16U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) - { - uu____4(uu____3[i_array_map], uu____5[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[3U][3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_libcrux_polynomials_PortableVector sampled[3U][16U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector sample[16U]; - memcpy(sample, - sampled[j], - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - if (transpose) - { - memcpy(A_transpose[j][i1], - sample, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - else - { - memcpy(A_transpose[i1][j], - sample, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U])); -} - -void -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector re_as_ntt[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(i, - re_as_ntt[i]); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice), - uu____1); - memcpy(re_as_ntt[i0], - uu____1, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[3U][16U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - lit.snd = domain_separator; - return lit; -} - -void -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self[0U], - int16_t [16U], - Eurydice_slice), - int16_t [16U], - size_t); - i++) - { - size_t i0 = i; - int16_t uu____0[16U]; - libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add(self[0U][i0], - &rhs[0U][i0], - uu____0); - memcpy(self[0U][i0], uu____0, (size_t)16U * sizeof (int16_t)); - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[3U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(i, - result[i]); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_element)[16U] = &row[j]; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(matrix_element, - &s_as_ntt[j], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[3U][3U][16U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[3U][16U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_as_ntt[3U][16U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____4[3U][16U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[3U][16U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U], - uint8_t ret[2400U] -) -{ - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); - memcpy(ret, uu____0, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uint8_t sk[2400U], - uint8_t pk[1184U] -) -{ - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t lit; - memcpy(lit.sk, sk, (size_t)2400U * sizeof (uint8_t)); - memcpy(lit.pk, pk, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - uint8_t private_key[2400U]; - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2, - private_key); - uint8_t uu____3[2400U]; - memcpy(uu____3, private_key, (size_t)2400U * sizeof (uint8_t)); - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - uu____4); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - uint8_t (*self)[1184U] -) -{ - return self[0U]; -} - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector deserialized_pk[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t(i, - deserialized_pk[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(ring_element, - uu____0); - memcpy(deserialized_pk[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - deserialized_pk, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -void -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(i, - error_1[i]); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____1[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice), - uu____1); - memcpy(error_1[i0], - uu____1, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____2[3U][16U]; - memcpy(uu____2, - error_1, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[3U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(i, - result[i]); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [3U][16U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*row)[16U] = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_element)[16U] = &row[j]; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(a_element, - &r_as_ntt[j], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(error_2, - message, - result, - result); - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector input[3U][16U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - Eurydice_slice), - libcrux_ml_kem_libcrux_polynomials_PortableVector [16U], - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U]; - memcpy(re, - input[i0], - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector A_transpose[3U][3U][16U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_libcrux_polynomials_PortableVector r_as_ntt[3U][16U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_1[3U][16U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_libcrux_polynomials_PortableVector error_2[16U]; - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice), - error_2); - libcrux_ml_kem_libcrux_polynomials_PortableVector u[3U][16U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_libcrux_polynomials_PortableVector message_as_ring_element[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(uu____4, - message_as_ring_element); - libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element, - v); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____5[3U][16U]; - memcpy(uu____5, - u, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____6[16U]; - memcpy(uu____6, v, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1184U], - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - uint8_t uu____5[1088U]; - memcpy(uu____5, uu____4, (size_t)1088U * sizeof (uint8_t)); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - memcpy(lit.fst, uu____5, (size_t)1088U * sizeof (uint8_t)); - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1184U], - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - uint8_t (*uu____3)[1184U] = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - uint8_t (*uu____5)[1184U] = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate(uint8_t (*public_key)[1184U], uint8_t randomness[32U]) -{ - uint8_t (*uu____0)[1184U] = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___2400size_t( - uint8_t (*self)[2400U], - size_t mid -) -{ - return - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - self[0U], - uint8_t, - Eurydice_slice), - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); -} - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t(i, - u_as_ntt[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(u_bytes, - uu____0); - memcpy(u_as_ntt[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector ret0[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(ret0); - memcpy(ret, ret0, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[3U][16U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(i, - secret_as_ntt[i]); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_libcrux_polynomials_PortableVector uu____0[16U]; - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector(secret_bytes, - uu____0); - memcpy(secret_as_ntt[i0], - uu____0, - (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); - } - memcpy(ret, - secret_as_ntt, - (size_t)3U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector [16U])); -} - -inline void -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector(result); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_libcrux_polynomials_PortableVector product[16U]; - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0], - product); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&result); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector(v, - result, - result); - memcpy(ret, result, (size_t)16U * sizeof (libcrux_ml_kem_libcrux_polynomials_PortableVector)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector u_as_ntt[3U][16U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector v[16U]; - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice), - v); - libcrux_ml_kem_libcrux_polynomials_PortableVector secret_as_ntt[3U][16U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_libcrux_polynomials_PortableVector message[16U]; - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t(&v, - secret_as_ntt, - u_as_ntt, - message); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) -{ - uint8_t out[1120U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - uint8_t (*self)[1088U] -) -{ - return Eurydice_array_to_slice((size_t)1088U, self[0U], uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - uint8_t (*private_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___2400size_t(private_key, - (size_t)1152U); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext[0U], - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - uint8_t (*private_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = false; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem768_decapsulate( - uint8_t (*private_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_ml_kem.h deleted file mode 100644 index 23c3cea52..000000000 --- a/libcrux-ml-kem/c/libcrux_ml_kem.h +++ /dev/null @@ -1,2302 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/mfr6l75nil9phxx3lrg4al56qrdp94g6-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_ml_kem_H -#define __libcrux_ml_kem_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "core.h" -#include "Eurydice.h" -#include "eurydice_glue.h" -#include "libcrux_hacl_glue.h" - -#define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) - -uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value); - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -); - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) - -extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); - -extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); - -#define libcrux_sha3_portable_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_shake256_(x_0, x_1, x_2) - -extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); - -extern libcrux_sha3_portable_KeccakState1 -libcrux_sha3_portable_incremental_shake128_init(void); - -extern void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -typedef libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_ml_kem_hash_functions_neon_Simd128Hash[2U]; - -extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); - -extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); - -#define libcrux_sha3_neon_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_shake256_(x_0, x_1, x_2) - -extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); - -#define libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_(x_0, x_1, x_2) - -extern void -libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_( - size_t x0, - uint8_t (*x1)[34U], - libcrux_sha3_neon_x2_incremental_KeccakState2 x2[2U] -); - -#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -extern bool libcrux_platform_platform_simd256_support(void); - -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT ((size_t)16U) - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_MODULUS ((int16_t)3329) - -typedef int16_t libcrux_ml_kem_libcrux_polynomials_PortableVector[16U]; - -void -libcrux_ml_kem_libcrux_polynomials___core__clone__Clone_for_libcrux_ml_kem__libcrux_polynomials__PortableVector__1__clone( - int16_t (*self)[16U], - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_zero(int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ZERO( - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_to_i16_array(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___to_i16_array( - int16_t v[16U], - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_from_i16_array(Eurydice_slice array, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___from_i16_array( - Eurydice_slice array, - int16_t ret[16U] -); - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) - -void -libcrux_ml_kem_libcrux_polynomials_add(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___add( - int16_t lhs[16U], - int16_t (*rhs)[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_sub(int16_t lhs[16U], int16_t (*rhs)[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___sub( - int16_t lhs[16U], - int16_t (*rhs)[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_multiply_by_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___multiply_by_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_bitwise_and_with_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___bitwise_and_with_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_cond_subtract_3329(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___cond_subtract_3329( - int16_t v[16U], - int16_t ret[16U] -); - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_MULTIPLIER ((int32_t)20159) - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_BARRETT_SHIFT) - -int16_t libcrux_ml_kem_libcrux_polynomials_barrett_reduce_element(int16_t value); - -void libcrux_ml_kem_libcrux_polynomials_barrett_reduce(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___barrett_reduce( - int16_t v[16U], - int16_t ret[16U] -); - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_MONTGOMERY_SHIFT) - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) - -int16_t libcrux_ml_kem_libcrux_polynomials_montgomery_reduce_element(int32_t value); - -int16_t -libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); - -void -libcrux_ml_kem_libcrux_polynomials_montgomery_multiply_by_constant( - int16_t v[16U], - int16_t c, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___montgomery_multiply_by_constant( - int16_t v[16U], - int16_t r, - int16_t ret[16U] -); - -uint8_t libcrux_ml_kem_libcrux_polynomials_compress_message_coefficient(uint16_t fe); - -void libcrux_ml_kem_libcrux_polynomials_compress_1(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress_1( - int16_t v[16U], - int16_t ret[16U] -); - -uint32_t -libcrux_ml_kem_libcrux_polynomials_get_n_least_significant_bits(uint8_t n, uint32_t value); - -int16_t -libcrux_ml_kem_libcrux_polynomials_compress_ciphertext_coefficient( - uint8_t coefficient_bits, - uint16_t fe -); - -void -libcrux_ml_kem_libcrux_polynomials_ntt_layer_1_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_1_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_ntt_layer_2_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_2_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_ntt_layer_3_step( - int16_t v[16U], - int16_t zeta, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_layer_3_step( - int16_t a[16U], - int16_t zeta, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_1_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_1_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_2_step( - int16_t v[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_2_step( - int16_t a[16U], - int16_t zeta0, - int16_t zeta1, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_inv_ntt_layer_3_step( - int16_t v[16U], - int16_t zeta, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___inv_ntt_layer_3_step( - int16_t a[16U], - int16_t zeta, - int16_t ret[16U] -); - -typedef struct K___int16_t_int16_t_s -{ - int16_t fst; - int16_t snd; -} -K___int16_t_int16_t; - -K___int16_t_int16_t -libcrux_ml_kem_libcrux_polynomials_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -); - -void -libcrux_ml_kem_libcrux_polynomials_ntt_multiply( - int16_t (*lhs)[16U], - int16_t (*rhs)[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___ntt_multiply( - int16_t (*lhs)[16U], - int16_t (*rhs)[16U], - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_serialize_1(int16_t v[16U], uint8_t ret[2U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_1( - int16_t a[16U], - uint8_t ret[2U] -); - -void libcrux_ml_kem_libcrux_polynomials_deserialize_1(Eurydice_slice v, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_1( - Eurydice_slice a, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_serialize_4(int16_t v[16U], uint8_t ret[8U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_4( - int16_t a[16U], - uint8_t ret[8U] -); - -void libcrux_ml_kem_libcrux_polynomials_deserialize_4(Eurydice_slice bytes, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_4( - Eurydice_slice a, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_serialize_5(int16_t v[16U], uint8_t ret[10U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_5( - int16_t a[16U], - uint8_t ret[10U] -); - -void libcrux_ml_kem_libcrux_polynomials_deserialize_5(Eurydice_slice bytes, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_5( - Eurydice_slice a, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_serialize_10(int16_t v[16U], uint8_t ret[20U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_10( - int16_t a[16U], - uint8_t ret[20U] -); - -void libcrux_ml_kem_libcrux_polynomials_deserialize_10(Eurydice_slice bytes, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_10( - Eurydice_slice a, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_serialize_11(int16_t v[16U], uint8_t ret[22U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_11( - int16_t a[16U], - uint8_t ret[22U] -); - -void libcrux_ml_kem_libcrux_polynomials_deserialize_11(Eurydice_slice bytes, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_11( - Eurydice_slice a, - int16_t ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_serialize_12(int16_t v[16U], uint8_t ret[24U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___serialize_12( - int16_t a[16U], - uint8_t ret[24U] -); - -void libcrux_ml_kem_libcrux_polynomials_deserialize_12(Eurydice_slice bytes, int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___deserialize_12( - Eurydice_slice a, - int16_t ret[16U] -); - -size_t libcrux_ml_kem_libcrux_polynomials_rej_sample(Eurydice_slice a, Eurydice_slice result); - -size_t -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); - -extern bool libcrux_platform_platform_simd128_support(void); - -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; - -#define LIBCRUX_ML_KEM_LIBCRUX_POLYNOMIALS_LIBCRUX_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) - -typedef libcrux_ml_kem_libcrux_polynomials_PortableVector -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector[16U]; - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_shift_right___15int32_t(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___shift_right___15int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_unsigned_representative__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t a[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[384U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector key[4U][16U], - uint8_t ret[1536U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[4U][16U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key); - -typedef uint8_t libcrux_ml_kem_types_MlKemPublicKey____1568size_t[1568U]; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key(uint8_t public_key[1568U]); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _j, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -typedef libcrux_sha3_portable_KeccakState1 -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t[4U]; - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U], - libcrux_sha3_portable_KeccakState1 ret[4U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_portable_KeccakState1 (*self)[4U], - uint8_t ret[4U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_sha3_portable_KeccakState1 (*self)[4U], - uint8_t ret[4U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice a, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - int16_t s[272U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][4U][16U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); - -void -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -void -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_montgomery_multiply_fe__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t v[16U], - int16_t fer, - int16_t ret[16U] -); - -typedef struct -K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector_s -{ - int16_t fst[16U]; - int16_t snd[16U]; -} -K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector; - -K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t a[16U], - int16_t b[16U], - int16_t zeta_r -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U] -); - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t_s -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector fst[4U][16U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_to_standard_domain__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[4U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s -{ - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} -K___uint8_t_1536size_t__uint8_t_1568size_t_; - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -); - -typedef uint8_t libcrux_ml_kem_types_MlKemPrivateKey____3168size_t[3168U]; - -void -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U], - uint8_t ret[3168U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s -{ - uint8_t sk[3168U]; - uint8_t pk[1568U]; -} -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uint8_t sk[3168U], - uint8_t pk[1568U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - uint8_t (*self)[1568U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -void -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t _layer -); - -K___libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_libcrux_polynomials_PortableVector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t a[16U], - int16_t b[16U], - int16_t zeta_r -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_libcrux_polynomials_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - size_t layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error)[16U] -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[4U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_libcrux_traits_decompress_1__libcrux_ml_kem_libcrux_polynomials_PortableVector( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( - uint8_t serialized[32U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector result[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void libcrux_ml_kem_libcrux_polynomials_compress___10int32_t(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___10int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[352U] -); - -void libcrux_ml_kem_libcrux_polynomials_compress___11int32_t(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___11int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[352U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[352U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector input[4U][16U], - Eurydice_slice out -); - -void libcrux_ml_kem_libcrux_polynomials_compress___4int32_t(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___4int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice serialized -); - -void libcrux_ml_kem_libcrux_polynomials_compress___5int32_t(int16_t v[16U], int16_t ret[16U]); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___compress___5int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t_160size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -); - -typedef uint8_t libcrux_ml_kem_types_MlKemCiphertext____1568size_t[1568U]; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s -{ - uint8_t fst[1568U]; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1568U], - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1568U], - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate(uint8_t (*public_key)[1568U], uint8_t randomness[32U]); - -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___3168size_t( - uint8_t (*self)[3168U], - size_t mid -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___10int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___10int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___11int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___11int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_11size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___4int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___4int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials_decompress_ciphertext_coefficient___5int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_libcrux_polynomials___libcrux_ml_kem__libcrux_polynomials__libcrux_traits__Operations_for_libcrux_ml_kem__libcrux_polynomials__PortableVector___decompress_ciphertext_coefficient___5int32_t( - int16_t v[16U], - int16_t ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_5size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[4U][16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector b[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_libcrux_polynomials_PortableVector( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - uint8_t (*self)[1568U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - uint8_t (*private_key)[3168U], - uint8_t (*ciphertext)[1568U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - uint8_t (*private_key)[3168U], - uint8_t (*ciphertext)[1568U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem1024_decapsulate( - uint8_t (*private_key)[3168U], - uint8_t (*ciphertext)[1568U], - uint8_t ret[32U] -); - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector key[2U][16U], - uint8_t ret[768U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[2U][16U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key); - -typedef uint8_t libcrux_ml_kem_types_MlKemPublicKey____800size_t[800U]; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key(uint8_t public_key[800U]); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _j, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -typedef libcrux_sha3_portable_KeccakState1 -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t[2U]; - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U], - libcrux_sha3_portable_KeccakState1 ret[2U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_portable_KeccakState1 (*self)[2U], - uint8_t ret[2U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_sha3_portable_KeccakState1 (*self)[2U], - uint8_t ret[2U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - int16_t s[272U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][2U][16U] -); - -void -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -void -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - Eurydice_slice randomness, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t_s -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector fst[2U][16U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[2U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s -{ - uint8_t fst[768U]; - uint8_t snd[800U]; -} -K___uint8_t_768size_t__uint8_t_800size_t_; - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -); - -typedef uint8_t libcrux_ml_kem_types_MlKemPrivateKey____1632size_t[1632U]; - -void -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U], - uint8_t ret[1632U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s -{ - uint8_t sk[1632U]; - uint8_t pk[800U]; -} -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uint8_t sk[1632U], - uint8_t pk[800U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - uint8_t (*self)[800U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -void -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[2U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -void -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_libcrux_polynomials_PortableVector_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U], - uint8_t ret[320U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector input[2U][16U], - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t_128size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector re[16U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -); - -typedef uint8_t libcrux_ml_kem_types_MlKemCiphertext____768size_t[768U]; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s -{ - uint8_t fst[768U]; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uint8_t (*public_key)[800U], - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uint8_t (*public_key)[800U], - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate(uint8_t (*public_key)[800U], uint8_t randomness[32U]); - -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___1632size_t( - uint8_t (*self)[1632U], - size_t mid -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_10size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -void -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_4size_t( - Eurydice_slice serialized, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[2U][16U] -); - -void -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - uint8_t (*self)[768U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - uint8_t (*private_key)[1632U], - uint8_t (*ciphertext)[768U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - uint8_t (*private_key)[1632U], - uint8_t (*ciphertext)[768U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem512_decapsulate( - uint8_t (*private_key)[1632U], - uint8_t (*ciphertext)[768U], - uint8_t ret[32U] -); - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector key[3U][16U], - uint8_t ret[1152U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector t_as_ntt[3U][16U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key); - -typedef uint8_t libcrux_ml_kem_types_MlKemPublicKey____1184size_t[1184U]; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key(uint8_t public_key[1184U]); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _j, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -typedef libcrux_sha3_portable_KeccakState1 -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t[3U]; - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U], - libcrux_sha3_portable_KeccakState1 ret[3U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_portable_KeccakState1 (*self)[3U], - uint8_t ret[3U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_sha3_portable_KeccakState1 (*self)[3U], - uint8_t ret[3U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - int16_t s[272U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][3U][16U] -); - -void -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t_s -{ - libcrux_ml_kem_libcrux_polynomials_PortableVector fst[3U][16U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*self)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*rhs)[16U] -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*matrix_A)[3U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*s_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s -{ - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -); - -typedef uint8_t libcrux_ml_kem_types_MlKemPrivateKey____2400size_t[2400U]; - -void -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U], - uint8_t ret[2400U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s -{ - uint8_t sk[2400U]; - uint8_t pk[1184U]; -} -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uint8_t sk[2400U], - uint8_t pk[1184U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - uint8_t (*self)[1184U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_libcrux_polynomials_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -void -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - size_t _i, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*re)[16U] -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*a_as_ntt)[3U][16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_1)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -void -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*t_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*r_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*error_2)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*message)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector input[3U][16U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -); - -typedef uint8_t libcrux_ml_kem_types_MlKemCiphertext____1088size_t[1088U]; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s -{ - uint8_t fst[1088U]; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1184U], - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1184U], - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate(uint8_t (*public_key)[1184U], uint8_t randomness[32U]); - -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPrivateKey_SIZE__12__split_at___2400size_t( - uint8_t (*self)[2400U], - size_t mid -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - size_t _, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[3U][16U] -); - -void -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t( - libcrux_ml_kem_libcrux_polynomials_PortableVector (*v)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*secret_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector (*u_as_ntt)[16U], - libcrux_ml_kem_libcrux_polynomials_PortableVector ret[16U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_libcrux_polynomials_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - uint8_t (*self)[1088U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_libcrux_polynomials_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - uint8_t (*private_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - uint8_t (*private_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem768_decapsulate( - uint8_t (*private_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_ml_kem_H_DEFINED -#endif diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 6673328ce..c4f400343 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -418,7 +418,7 @@ pub mod neon { state: KeccakState<2, core::arch::aarch64::uint64x2_t>, } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - pub type KeccakState2Internal = KeccakState<2, core::arch::aarch64::uint64x2_t>; + type KeccakState2Internal = KeccakState<2, core::arch::aarch64::uint64x2_t>; #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] pub struct KeccakState2 { state: [crate::portable::KeccakState1; 2], From 4411d7fff263d9f077c6eba9e077f2fc0c86bc0b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 May 2024 16:28:11 +0200 Subject: [PATCH 22/94] actually inline neon/avx2 --- Cargo.toml | 4 - libcrux-ml-kem/Cargo.toml | 2 - libcrux-ml-kem/build.rs | 2 +- libcrux-ml-kem/src/ind_cca.rs | 19 +- libcrux-ml-kem/src/ind_cpa.rs | 3 +- libcrux-ml-kem/src/invert_ntt.rs | 2 +- libcrux-ml-kem/src/lib.rs | 7 +- libcrux-ml-kem/src/matrix.rs | 4 +- libcrux-ml-kem/src/ntt.rs | 2 +- libcrux-ml-kem/src/polynomial.rs | 2 +- libcrux-ml-kem/src/sampling.rs | 4 +- libcrux-ml-kem/src/serialize.rs | 2 +- .../lib.rs => libcrux-ml-kem/src/vector.rs | 15 +- .../src/vector/avx2.rs | 0 .../src/vector/avx2}/arithmetic.rs | 0 .../src/vector/avx2}/compress.rs | 0 .../src/vector/avx2}/debug.rs | 0 .../src/vector/avx2}/intrinsics.rs | 0 .../src/vector/avx2}/intrinsics_extraction.rs | 0 .../src/vector/avx2}/ntt.rs | 0 .../src/vector/avx2}/portable.rs | 0 .../src/vector/avx2}/sampling.rs | 0 .../src/vector/avx2}/serialize.rs | 0 .../src/vector/neon.rs | 8 +- .../src/vector/neon/intrinsics.rs | 4 +- .../src/vector/neon}/rejsample.rs | 0 .../src/vector/neon}/simd128ops.rs | 5 +- .../src/vector/traits.rs | 2 +- polynomials-aarch64/.cargo/config.toml | 2 - polynomials-aarch64/Cargo.toml | 17 - polynomials-avx2/.cargo/config.toml | 2 - polynomials-avx2/Cargo.toml | 17 - .../Libcrux_polynomials_avx2.Arithmetic.fst | 159 -- .../Libcrux_polynomials_avx2.Compress.fst | 192 -- ...polynomials_avx2.Intrinsics_extraction.fst | 549 ----- .../Libcrux_polynomials_avx2.Ntt.fst | 192 -- .../Libcrux_polynomials_avx2.Portable.fst | 429 ---- .../Libcrux_polynomials_avx2.Sampling.fst | 2111 ----------------- .../Libcrux_polynomials_avx2.Serialize.fst | 557 ----- .../extraction/Libcrux_polynomials_avx2.fst | 412 ---- polynomials/Cargo.toml | 28 - polynomials/build.rs | 28 - traits/Cargo.toml | 11 - 43 files changed, 41 insertions(+), 4752 deletions(-) rename polynomials/src/lib.rs => libcrux-ml-kem/src/vector.rs (99%) rename polynomials-avx2/src/lib.rs => libcrux-ml-kem/src/vector/avx2.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/arithmetic.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/compress.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/debug.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/intrinsics.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/intrinsics_extraction.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/ntt.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/portable.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/sampling.rs (100%) rename {polynomials-avx2/src => libcrux-ml-kem/src/vector/avx2}/serialize.rs (100%) rename polynomials-aarch64/src/lib.rs => libcrux-ml-kem/src/vector/neon.rs (96%) rename polynomials-aarch64/src/neon.rs => libcrux-ml-kem/src/vector/neon/intrinsics.rs (98%) rename {polynomials-aarch64/src => libcrux-ml-kem/src/vector/neon}/rejsample.rs (100%) rename {polynomials-aarch64/src => libcrux-ml-kem/src/vector/neon}/simd128ops.rs (99%) rename traits/src/lib.rs => libcrux-ml-kem/src/vector/traits.rs (98%) delete mode 100644 polynomials-aarch64/.cargo/config.toml delete mode 100644 polynomials-aarch64/Cargo.toml delete mode 100644 polynomials-avx2/.cargo/config.toml delete mode 100644 polynomials-avx2/Cargo.toml delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Intrinsics_extraction.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst delete mode 100644 polynomials/Cargo.toml delete mode 100644 polynomials/build.rs delete mode 100644 traits/Cargo.toml diff --git a/Cargo.toml b/Cargo.toml index 9cf9e6a8d..769e0291b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,10 +10,6 @@ members = [ "libcrux-ml-kem", "libcrux-simd", "libcrux-sha3", - "polynomials", - "polynomials-avx2", - "traits", - "polynomials-aarch64", "libcrux-ml-dsa", ] diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 4362ebd97..8e58b1852 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -13,8 +13,6 @@ exclude = ["/tests", "/implementation_notes.pdf"] rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-pre.2", path = "../libcrux-sha3" } -# libcrux-polynomials = { path = "../polynomials/" } -libcrux-traits = { path = "../traits/" } # This is only required for verification. # The hax config is set by the hax toolchain. diff --git a/libcrux-ml-kem/build.rs b/libcrux-ml-kem/build.rs index 51bb63d0d..ef1138666 100644 --- a/libcrux-ml-kem/build.rs +++ b/libcrux-ml-kem/build.rs @@ -14,7 +14,7 @@ fn main() { if target_arch == "aarch64" && !disable_simd128 { // We enable simd128 on all aarch64 builds. - // println!("cargo:rustc-cfg=feature=\"simd128\""); + println!("cargo:rustc-cfg=feature=\"simd128\""); } if target_arch == "x86_64" && !disable_simd256 { // We enable simd256 on all x86_64 builds. diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index e90bf05ad..370a943a3 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,5 +1,6 @@ -use crate::libcrux_polynomials::{Operations, PortableVector}; +use crate::vector::{Operations, PortableVector}; +use crate::vector; use crate::{ constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, @@ -61,7 +62,7 @@ pub(crate) fn validate_public_key< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, - libcrux_polynomials::SIMD256Vector, + vector::SIMD256Vector, >(public_key); #[cfg(not(feature = "simd256"))] validate_public_key_generic::< @@ -79,7 +80,7 @@ pub(crate) fn validate_public_key< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, - libcrux_polynomials::SIMD128Vector, + vector::SIMD128Vector, >(public_key); #[cfg(not(feature = "simd128"))] validate_public_key_generic::< @@ -146,7 +147,7 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - libcrux_polynomials::SIMD256Vector, + vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(ind_cpa_keypair_randomness, implicit_rejection_value); #[cfg(not(feature = "simd256"))] @@ -174,7 +175,7 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - libcrux_polynomials::SIMD128Vector, + vector::SIMD128Vector, hash_functions::neon::Simd128Hash, >(ind_cpa_keypair_randomness, implicit_rejection_value); #[cfg(not(feature = "simd128"))] @@ -277,7 +278,7 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - libcrux_polynomials::SIMD256Vector, + vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(public_key, randomness); #[cfg(not(feature = "simd256"))] @@ -335,7 +336,7 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - libcrux_polynomials::SIMD128Vector, + vector::SIMD128Vector, hash_functions::neon::Simd128Hash, >(public_key, randomness) } else { @@ -449,7 +450,7 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - libcrux_polynomials::SIMD256Vector, + vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(private_key, ciphertext); #[cfg(not(feature = "simd256"))] @@ -495,7 +496,7 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - libcrux_polynomials::SIMD128Vector, + vector::SIMD128Vector, hash_functions::neon::Simd128Hash, >(private_key, ciphertext); #[cfg(not(feature = "simd128"))] diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 6e2ab6ae6..5014f06da 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -1,5 +1,3 @@ -use crate::libcrux_polynomials::Operations; - use crate::{ constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -15,6 +13,7 @@ use crate::{ deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element, serialize_uncompressed_ring_element, }, + vector::Operations, }; /// Pad the `slice` with `0`s at the end. diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 037cdb8e4..53d83c627 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -1,7 +1,7 @@ -use crate::libcrux_polynomials::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}; use crate::{ hax_utils::hax_debug_assert, polynomial::{PolynomialRingElement, ZETAS_TIMES_MONTGOMERY_R}, + vector::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}, }; #[inline(always)] diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 6c83f1f0d..88459b1bb 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -37,7 +37,7 @@ //! [F*]: https://fstar-lang.org #![no_std] -#![forbid(unsafe_code)] +#![deny(unsafe_code)] #![warn(rust_2018_idioms, unused_lifetimes, unused_qualifications)] #![allow(clippy::needless_range_loop)] @@ -66,14 +66,13 @@ mod polynomial; mod sampling; mod serialize; mod types; +mod vector; + // Variants pub mod mlkem1024; pub mod mlkem512; pub mod mlkem768; -#[path = "../../polynomials/src/lib.rs"] -pub mod libcrux_polynomials; - pub use constants::SHARED_SECRET_SIZE; pub use ind_cca::{MlKemSharedSecret, ENCAPS_SEED_SIZE, KEY_GENERATION_SEED_SIZE}; // These types all have type aliases for the different variants. diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 53c366ce4..d07c95f93 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -1,8 +1,6 @@ -use crate::libcrux_polynomials::Operations; - use crate::{ hash_functions::Hash, helper::cloop, invert_ntt::invert_ntt_montgomery, - polynomial::PolynomialRingElement, sampling::sample_from_xof, + polynomial::PolynomialRingElement, sampling::sample_from_xof, vector::Operations, }; #[inline(always)] diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index e2d38997b..3c4958575 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -1,7 +1,7 @@ -use crate::libcrux_polynomials::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}; use crate::{ hax_utils::hax_debug_assert, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, ZETAS_TIMES_MONTGOMERY_R}, + vector::{montgomery_multiply_fe, Operations}, }; #[inline(always)] diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index dbc8407d0..55e594740 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,4 +1,4 @@ -use crate::libcrux_polynomials::{ +use crate::vector::{ to_standard_domain, FieldElementTimesMontgomeryR, Operations, FIELD_ELEMENTS_IN_VECTOR, }; diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 4a0476b50..d71a0f8a1 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -1,8 +1,6 @@ -use crate::libcrux_polynomials::Operations; - use crate::{ constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, hax_utils::hax_debug_assert, - helper::cloop, polynomial::PolynomialRingElement, + helper::cloop, polynomial::PolynomialRingElement, vector::Operations, }; /// If `bytes` contains a set of uniformly random bytes, this function diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 9ee9757da..44446fea2 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -1,9 +1,9 @@ -use crate::libcrux_polynomials::{decompress_1, to_unsigned_representative, Operations}; use crate::{ constants::{BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE}, hax_utils::hax_debug_assert, helper::cloop, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT}, + vector::{decompress_1, to_unsigned_representative, Operations}, }; #[cfg(hax)] diff --git a/polynomials/src/lib.rs b/libcrux-ml-kem/src/vector.rs similarity index 99% rename from polynomials/src/lib.rs rename to libcrux-ml-kem/src/vector.rs index 1f89f1462..c847aed1f 100644 --- a/polynomials/src/lib.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -9,11 +9,10 @@ //! //! FIXME: This is kyber specific for now. -#[path = "../../traits/src/lib.rs"] -mod libcrux_traits; +pub(crate) mod traits; +use traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; -use libcrux_traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; -pub use libcrux_traits::{ +pub(crate) use traits::{ decompress_1, montgomery_multiply_fe, to_standard_domain, to_unsigned_representative, Operations, FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS, }; @@ -24,9 +23,13 @@ pub use libcrux_traits::{ // The consumer needs to use runtime feature detection and the appropriate vector // in each case. #[cfg(feature = "simd128")] -pub use libcrux_polynomials_aarch64::SIMD128Vector; +mod neon; +#[cfg(feature = "simd128")] +pub(crate) use neon::SIMD128Vector; +#[cfg(feature = "simd256")] +mod avx2; #[cfg(feature = "simd256")] -pub use libcrux_polynomials_avx2::SIMD256Vector; +pub(crate) use libcrux_polynomials_avx2::SIMD256Vector; /// Values having this type hold a representative 'x' of the Kyber field. /// We use 'fe' as a shorthand for this type. diff --git a/polynomials-avx2/src/lib.rs b/libcrux-ml-kem/src/vector/avx2.rs similarity index 100% rename from polynomials-avx2/src/lib.rs rename to libcrux-ml-kem/src/vector/avx2.rs diff --git a/polynomials-avx2/src/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs similarity index 100% rename from polynomials-avx2/src/arithmetic.rs rename to libcrux-ml-kem/src/vector/avx2/arithmetic.rs diff --git a/polynomials-avx2/src/compress.rs b/libcrux-ml-kem/src/vector/avx2/compress.rs similarity index 100% rename from polynomials-avx2/src/compress.rs rename to libcrux-ml-kem/src/vector/avx2/compress.rs diff --git a/polynomials-avx2/src/debug.rs b/libcrux-ml-kem/src/vector/avx2/debug.rs similarity index 100% rename from polynomials-avx2/src/debug.rs rename to libcrux-ml-kem/src/vector/avx2/debug.rs diff --git a/polynomials-avx2/src/intrinsics.rs b/libcrux-ml-kem/src/vector/avx2/intrinsics.rs similarity index 100% rename from polynomials-avx2/src/intrinsics.rs rename to libcrux-ml-kem/src/vector/avx2/intrinsics.rs diff --git a/polynomials-avx2/src/intrinsics_extraction.rs b/libcrux-ml-kem/src/vector/avx2/intrinsics_extraction.rs similarity index 100% rename from polynomials-avx2/src/intrinsics_extraction.rs rename to libcrux-ml-kem/src/vector/avx2/intrinsics_extraction.rs diff --git a/polynomials-avx2/src/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs similarity index 100% rename from polynomials-avx2/src/ntt.rs rename to libcrux-ml-kem/src/vector/avx2/ntt.rs diff --git a/polynomials-avx2/src/portable.rs b/libcrux-ml-kem/src/vector/avx2/portable.rs similarity index 100% rename from polynomials-avx2/src/portable.rs rename to libcrux-ml-kem/src/vector/avx2/portable.rs diff --git a/polynomials-avx2/src/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs similarity index 100% rename from polynomials-avx2/src/sampling.rs rename to libcrux-ml-kem/src/vector/avx2/sampling.rs diff --git a/polynomials-avx2/src/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs similarity index 100% rename from polynomials-avx2/src/serialize.rs rename to libcrux-ml-kem/src/vector/avx2/serialize.rs diff --git a/polynomials-aarch64/src/lib.rs b/libcrux-ml-kem/src/vector/neon.rs similarity index 96% rename from polynomials-aarch64/src/lib.rs rename to libcrux-ml-kem/src/vector/neon.rs index c8ddb2440..b34da7c6a 100644 --- a/polynomials-aarch64/src/lib.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -1,8 +1,8 @@ //! Vectors for libcrux using aarch64 (neon) intrinsics -use libcrux_traits::Operations; +use super::{Operations, FIELD_MODULUS}; -mod neon; +mod intrinsics; // mod rejsample; mod simd128ops; @@ -176,11 +176,11 @@ pub(crate) fn rej_sample(a: &[u8], result: &mut [i16]) -> usize { let d1 = ((b2 & 0xF) << 8) | b1; let d2 = (b3 << 4) | (b2 >> 4); - if d1 < libcrux_traits::FIELD_MODULUS && sampled < 16 { + if d1 < FIELD_MODULUS && sampled < 16 { result[sampled] = d1; sampled += 1 } - if d2 < libcrux_traits::FIELD_MODULUS && sampled < 16 { + if d2 < FIELD_MODULUS && sampled < 16 { result[sampled] = d2; sampled += 1 } diff --git a/polynomials-aarch64/src/neon.rs b/libcrux-ml-kem/src/vector/neon/intrinsics.rs similarity index 98% rename from polynomials-aarch64/src/neon.rs rename to libcrux-ml-kem/src/vector/neon/intrinsics.rs index 88157fdf3..5eebb50fd 100644 --- a/polynomials-aarch64/src/neon.rs +++ b/libcrux-ml-kem/src/vector/neon/intrinsics.rs @@ -1,4 +1,6 @@ -#![allow(non_camel_case_types)] +// TODO: Move this into a separate intrinsics crate. + +#![allow(non_camel_case_types, unsafe_code)] pub(crate) use core::arch::aarch64::*; #[inline(always)] diff --git a/polynomials-aarch64/src/rejsample.rs b/libcrux-ml-kem/src/vector/neon/rejsample.rs similarity index 100% rename from polynomials-aarch64/src/rejsample.rs rename to libcrux-ml-kem/src/vector/neon/rejsample.rs diff --git a/polynomials-aarch64/src/simd128ops.rs b/libcrux-ml-kem/src/vector/neon/simd128ops.rs similarity index 99% rename from polynomials-aarch64/src/simd128ops.rs rename to libcrux-ml-kem/src/vector/neon/simd128ops.rs index 7244d58b9..9b51bfa8d 100644 --- a/polynomials-aarch64/src/simd128ops.rs +++ b/libcrux-ml-kem/src/vector/neon/simd128ops.rs @@ -1,7 +1,8 @@ #![forbid(unsafe_code)] -use crate::neon::*; -use libcrux_traits::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R}; +use crate::vector::traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + +use super::{intrinsics::*, FIELD_MODULUS}; #[derive(Clone, Copy)] pub struct SIMD128Vector { diff --git a/traits/src/lib.rs b/libcrux-ml-kem/src/vector/traits.rs similarity index 98% rename from traits/src/lib.rs rename to libcrux-ml-kem/src/vector/traits.rs index 1f7509ac5..8166f8589 100644 --- a/traits/src/lib.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -3,7 +3,7 @@ pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R -pub trait Operations: Copy + Clone { +pub(crate) trait Operations: Copy + Clone { #[allow(non_snake_case)] fn ZERO() -> Self; diff --git a/polynomials-aarch64/.cargo/config.toml b/polynomials-aarch64/.cargo/config.toml deleted file mode 100644 index b42fffa6a..000000000 --- a/polynomials-aarch64/.cargo/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[build] -rustflags = ["-C", "target-feature=+neon"] diff --git a/polynomials-aarch64/Cargo.toml b/polynomials-aarch64/Cargo.toml deleted file mode 100644 index bddabac94..000000000 --- a/polynomials-aarch64/Cargo.toml +++ /dev/null @@ -1,17 +0,0 @@ -[package] -name = "libcrux-polynomials-aarch64" -version.workspace = true -authors.workspace = true -license.workspace = true -homepage.workspace = true -edition.workspace = true -repository.workspace = true -readme.workspace = true - -[dependencies] -libcrux-traits = { path = "../traits" } - -# When using the hax toolchain, we have more dependencies. -# This is only required when doing proofs. -[target.'cfg(hax)'.dependencies] -hax-lib = { version = "0.1.0-pre.1", git = "https://github.com/hacspec/hax/", branch = "main" } diff --git a/polynomials-avx2/.cargo/config.toml b/polynomials-avx2/.cargo/config.toml deleted file mode 100644 index 25abf47af..000000000 --- a/polynomials-avx2/.cargo/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[build] -rustflags = ["-C", "target-feature=+avx2"] diff --git a/polynomials-avx2/Cargo.toml b/polynomials-avx2/Cargo.toml deleted file mode 100644 index b55d7826a..000000000 --- a/polynomials-avx2/Cargo.toml +++ /dev/null @@ -1,17 +0,0 @@ -[package] -name = "libcrux-polynomials-avx2" -version.workspace = true -authors.workspace = true -license.workspace = true -homepage.workspace = true -edition.workspace = true -repository.workspace = true -readme.workspace = true - -[dependencies] -libcrux-traits = { path = "../traits" } - -# When using the hax toolchain, we have more dependencies. -# This is only required when doing proofs. -[target.'cfg(hax)'.dependencies] -hax-lib = { version = "0.1.0-pre.1", git = "https://github.com/hacspec/hax/", branch = "main" } diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst deleted file mode 100644 index cd19825be..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst +++ /dev/null @@ -1,159 +0,0 @@ -module Libcrux_polynomials_avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_BARRETT_MULTIPLIER: i16 = 20159s - -let add (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let bitwise_and_with_constant (vector: u8) (constant: i16) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) - -let multiply_by_constant (vector: u8) (constant: i16) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) - -let shift_left (v_SHIFT_BY: i32) (vector: u8) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi16 v_SHIFT_BY vector - -let shift_right (v_SHIFT_BY: i32) (vector: u8) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 v_SHIFT_BY vector - -/// See Section 3.2 of the implementation notes document for an explanation -/// of this code. -let barrett_reduce (vector: u8) : u8 = - let t:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: u8) - in - let t:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 t - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 512s <: u8) - in - let quotient:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 10l t in - let quotient_times_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 quotient - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector quotient_times_field_modulus - -let cond_subtract_3329_ (vector: u8) : u8 = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - in - let vv_minus_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector field_modulus - in - let sign_mask:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 15l vv_minus_field_modulus - in - let conditional_add_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 sign_mask field_modulus - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 vv_minus_field_modulus - conditional_add_field_modulus - -let montgomery_multiply_by_constant (vector: u8) (constant: i16) : u8 = - let constant:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant in - let value_low:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector constant - in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - let value_high:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector constant - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - -let montgomery_multiply_by_constants (v c: u8) : u8 = - let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v c in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 v c in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - -let montgomery_reduce_i32s (v: u8) : u8 = - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i32) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS - <: - i16) - <: - i32) - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srli_epi32 16l v in - let result:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - in - let result:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l result in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi32 16l result - -let sub (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 lhs rhs - -let montgomery_multiply_m128i_by_constants (v c: u8) : u8 = - let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 v c in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 v c in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 value_high k_times_modulus diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst deleted file mode 100644 index 252e284a9..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst +++ /dev/null @@ -1,192 +0,0 @@ -module Libcrux_polynomials_avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) : u8 = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS - <: - i16) - <: - i32) - in - let two_pow_coefficient_bits:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (1l <=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_castsi128_si256 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_castsi256_si128 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_cmpgt_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_cvtepi16_epi32 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_loadu_si256 (input: t_Slice i16) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len input, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_madd_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mul_epu32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mulhi_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mullo_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mullo_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_packs_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_permutevar8x32_epi32 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set1_epi16 (constant: i16) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set1_epi32 (constant: i32) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi16 - (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: - i16) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi8 - (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - i8) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_setzero_si256 (_: Prims.unit) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_shuffle_epi8 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_sllv_epi32 (vector counts: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 64l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 64" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_storeu_si256 (output: t_Slice i16) (vector: u8) : t_Slice i16 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm256_sub_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpackhi_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpackhi_epi64 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpacklo_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_xor_si256 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_add_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_loadu_si128 (input: t_Slice u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len input, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_movemask_epi8 (vector: u8) : i32 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_mulhi_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_mullo_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_packs_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_set1_epi16 (constant: i16) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_set_epi8 - (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - u8) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_shuffle_epi8 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) : t_Slice u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm_storeu_si128 (output: t_Slice i16) (vector: u8) : t_Slice i16 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 8 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm_sub_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst deleted file mode 100644 index 5b788b5ad..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst +++ /dev/null @@ -1,192 +0,0 @@ -module Libcrux_polynomials_avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let ntt_multiply__PERMUTE_WITH: i32 = 216l - -let inv_ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) - 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 - 0s 0s zeta1 zeta1 0s 0s zeta0 zeta0 0s 0s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce sum in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 204l sum sum_times_zetas - -let inv_ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 160l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s - 1s 1s (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s - 0s 0s zeta0 zeta0 zeta0 zeta0 0s 0s 0s 0s - <: - u8) - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 240l sum sum_times_zetas - -let inv_ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) - in - let combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l - combined - upper_coefficients - -let ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let zetas:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 - <: - i16) (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) - (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 - in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = - let zetas:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 - <: - i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 - zeta0 - in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 238l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 68l vector in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) - in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in - let combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l - combined - upper_coefficients - -let ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let shuffle_with:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y - 12y 9y 8y 5y 4y 1y 0y 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y - in - let lhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 lhs shuffle_with - in - let lhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l lhs_shuffled - in - let lhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 lhs_shuffled - in - let lhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_evens - in - let lhs_odds:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l lhs_shuffled - in - let lhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_odds in - let rhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs shuffle_with - in - let rhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l rhs_shuffled - in - let rhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 rhs_shuffled - in - let rhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_evens - in - let rhs_odds:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l rhs_shuffled - in - let rhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_odds in - let left:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_evens rhs_evens - in - let right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_odds rhs_odds - in - let right:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s right in - let right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 right - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast ( - zeta3 <: i16) - <: - i32) - <: - i32) - (cast (zeta3 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) - (cast (zeta2 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) - (cast (zeta1 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) - (cast (zeta0 <: i16) <: i32) - <: - u8) - in - let products_left:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi32 left right - in - let products_left:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_left in - let rhs_adjacent_swapped:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y - 5y 4y 7y 6y 1y 0y 3y 2y 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y - <: - u8) - in - let products_right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 lhs rhs_adjacent_swapped - in - let products_right:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_right - in - let products_right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l products_right - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 170l products_left products_right diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst deleted file mode 100644 index 541e25541..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst +++ /dev/null @@ -1,429 +0,0 @@ -module Libcrux_polynomials_avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -unfold -let t_FieldElement = i16 - -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } - -let from_i16_array (array: t_Array i16 (sz 16)) : t_PortableVector = - { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) : t_Array u8 (sz 22) = - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 0) - (cast (v.f_elements.[ sz 0 ] <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 1) - (((cast ((v.f_elements.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 2) - (((cast ((v.f_elements.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 3) - (cast (((v.f_elements.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 4) - (((cast ((v.f_elements.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 5) - (((cast ((v.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 6) - (((cast ((v.f_elements.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 7) - (cast (((v.f_elements.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 8) - (((cast ((v.f_elements.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 9) - (((cast ((v.f_elements.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 10) - (cast ((v.f_elements.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 11) - (cast (v.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 12) - (((cast ((v.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 13) - (((cast ((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 14) - (cast (((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 15) - (((cast ((v.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 16) - (((cast ((v.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 17) - (((cast ((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 18) - (cast (((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 19) - (((cast ((v.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 20) - (((cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 21) - (cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 3l <: i16) <: u8) - in - result - -let to_i16_array (v: t_PortableVector) : t_Array i16 (sz 16) = v.f_elements - -let zero (_: Prims.unit) : t_PortableVector = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) : t_PortableVector = - let result:t_PortableVector = zero () in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 0) - ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 2) - (((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 3) - ((((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 4) - ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 5) - (((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 6) - ((((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 7) - (((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 8) - ((((cast (bytes.[ sz 11 +! sz 1 <: usize ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 10) - (((((cast (bytes.[ sz 11 +! sz 4 <: usize ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 11) - ((((cast (bytes.[ sz 11 +! sz 5 <: usize ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 12) - ((((cast (bytes.[ sz 11 +! sz 6 <: usize ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 13) - (((((cast (bytes.[ sz 11 +! sz 8 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 14) - ((((cast (bytes.[ sz 11 +! sz 9 <: usize ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 15) - (((cast (bytes.[ sz 11 +! sz 10 <: usize ] <: u8) <: i16) <>! 5l <: i16) - <: - i16) - } - <: - t_PortableVector - in - result diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst deleted file mode 100644 index 65ce23750..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst +++ /dev/null @@ -1,2111 +0,0 @@ -module Libcrux_polynomials_avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = - let list = - [ - (let list = - [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 256); - Rust_primitives.Hax.array_of_list 256 list - -let rejection_sample (input: t_Slice u8) (output: t_Slice i16) : (t_Slice i16 & usize) = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - in - let potential_coefficients:u8 = Libcrux_polynomials_avx2.Serialize.deserialize_12_ input in - let compare_with_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cmpgt_epi16 field_modulus - potential_coefficients - in - let good:t_Array u8 (sz 2) = - Libcrux_polynomials_avx2.Serialize.serialize_1_ compare_with_field_modulus - in - let lower_shuffles:t_Array u8 (sz 16) = - v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] <: u8) <: usize ] - in - let lower_shuffles:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - - <: - t_Slice u8) - in - let lower_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 potential_coefficients - in - let lower_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 lower_coefficients lower_shuffles - in - let output:t_Slice i16 = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - lower_coefficients - <: - t_Slice i16) - in - let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize - in - let upper_shuffles:t_Array u8 (sz 16) = - v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] <: u8) <: usize ] - in - let upper_shuffles:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - - <: - t_Slice u8) - in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l potential_coefficients - in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 upper_coefficients upper_shuffles - in - let output:t_Slice i16 = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ - Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { - Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - upper_coefficients - <: - t_Slice i16) - in - let hax_temp_output:usize = - sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) - in - output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst deleted file mode 100644 index f951730a4..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst +++ /dev/null @@ -1,557 +0,0 @@ -module Libcrux_polynomials_avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_1_ (bytes: t_Slice u8) : u8 = - let coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) - <: - i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) - in - let shift_lsb_to_msb:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s <>! 8l <: i32) <: u8) - in - serialized - -let serialize_10_ (vector: u8) : t_Array u8 (sz 20) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let adjacent_2_combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s < true); - f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); - f_ZERO = (fun (_: Prims.unit) -> zero ()); - f_to_i16_array_pre = (fun (v: t_SIMD256Vector) -> true); - f_to_i16_array_post = (fun (v: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); - f_to_i16_array = (fun (v: t_SIMD256Vector) -> to_i16_array v); - f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); - f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> true); - f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); - f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); - f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_add - = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.add lhs.f_elements rhs.f_elements } - <: - t_SIMD256Vector); - f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); - f_sub_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_sub - = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } - <: - t_SIMD256Vector); - f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); - f_multiply_by_constant_post = (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> true); - f_multiply_by_constant - = - (fun (v: t_SIMD256Vector) (c: i16) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.multiply_by_constant v.f_elements c } - <: - t_SIMD256Vector); - f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); - f_bitwise_and_with_constant_post - = - (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); - f_bitwise_and_with_constant - = - (fun (vector: t_SIMD256Vector) (constant: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant - } - <: - t_SIMD256Vector); - f_shift_right_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); - f_shift_right_post - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_shift_right - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> - { - f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements - } - <: - t_SIMD256Vector); - f_shift_left_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); - f_shift_left_post - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_shift_left - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_left v_SHIFT_BY vector.f_elements } - <: - t_SIMD256Vector); - f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); - f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_cond_subtract_3329_ - = - (fun (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } - <: - t_SIMD256Vector); - f_barrett_reduce_pre = (fun (vector: t_SIMD256Vector) -> true); - f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_barrett_reduce - = - (fun (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce vector.f_elements } - <: - t_SIMD256Vector); - f_montgomery_multiply_by_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); - f_montgomery_multiply_by_constant_post - = - (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); - f_montgomery_multiply_by_constant - = - (fun (vector: t_SIMD256Vector) (constant: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements - constant - } - <: - t_SIMD256Vector); - f_compress_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_compress_1_ - = - (fun (vector: t_SIMD256Vector) -> - { - f_elements - = - Libcrux_polynomials_avx2.Compress.compress_message_coefficient vector.f_elements - } - <: - t_SIMD256Vector); - f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); - f_compress_post - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_compress - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> - { - f_elements - = - Libcrux_polynomials_avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS - vector.f_elements - } - <: - t_SIMD256Vector); - f_decompress_ciphertext_coefficient_pre - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); - f_decompress_ciphertext_coefficient_post - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_decompress_ciphertext_coefficient - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> - { - f_elements - = - Libcrux_polynomials_avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS - vector.f_elements - } - <: - t_SIMD256Vector); - f_ntt_layer_1_step_pre - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); - f_ntt_layer_1_step_post - = - (fun - (vector: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - (out: t_SIMD256Vector) - -> - true); - f_ntt_layer_1_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3 - } - <: - t_SIMD256Vector); - f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); - f_ntt_layer_2_step_post - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); - f_ntt_layer_2_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 } - <: - t_SIMD256Vector); - f_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); - f_ntt_layer_3_step_post - = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); - f_ntt_layer_3_step - = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } - <: - t_SIMD256Vector); - f_inv_ntt_layer_1_step_pre - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); - f_inv_ntt_layer_1_step_post - = - (fun - (vector: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - (out: t_SIMD256Vector) - -> - true); - f_inv_ntt_layer_1_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_1_step vector.f_elements - zeta0 - zeta1 - zeta2 - zeta3 - } - <: - t_SIMD256Vector); - f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); - f_inv_ntt_layer_2_step_post - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); - f_inv_ntt_layer_2_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 - } - <: - t_SIMD256Vector); - f_inv_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); - f_inv_ntt_layer_3_step_post - = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); - f_inv_ntt_layer_3_step - = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } - <: - t_SIMD256Vector); - f_ntt_multiply_pre - = - (fun - (lhs: t_SIMD256Vector) - (rhs: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - -> - true); - f_ntt_multiply_post - = - (fun - (lhs: t_SIMD256Vector) - (rhs: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - (out: t_SIMD256Vector) - -> - true); - f_ntt_multiply - = - (fun - (lhs: t_SIMD256Vector) - (rhs: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.ntt_multiply lhs.f_elements - rhs.f_elements - zeta0 - zeta1 - zeta2 - zeta3 - } - <: - t_SIMD256Vector); - f_serialize_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_1_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> true); - f_serialize_1_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_1_ vector.f_elements); - f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_1_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); - f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); - f_serialize_4_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_4_ vector.f_elements); - f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_4_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); - f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); - f_serialize_5_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_5_ vector.f_elements); - f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_5_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); - f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); - f_serialize_10_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_10_ vector.f_elements); - f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_10_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector - ); - f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); - f_serialize_11_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_11_ vector.f_elements); - f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_11_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector - ); - f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); - f_serialize_12_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_12_ vector.f_elements); - f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_12_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector - ); - f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); - f_rej_sample_post - = - (fun (input: t_Slice u8) (output: t_Slice i16) (out1: (t_Slice i16 & usize)) -> true); - f_rej_sample - = - fun (input: t_Slice u8) (output: t_Slice i16) -> - let tmp0, out:(t_Slice i16 & usize) = - Libcrux_polynomials_avx2.Sampling.rejection_sample input output - in - let output:t_Slice i16 = tmp0 in - let hax_temp_output:usize = out in - output, hax_temp_output <: (t_Slice i16 & usize) - } diff --git a/polynomials/Cargo.toml b/polynomials/Cargo.toml deleted file mode 100644 index 270568af5..000000000 --- a/polynomials/Cargo.toml +++ /dev/null @@ -1,28 +0,0 @@ -[package] -name = "libcrux-polynomials" -version.workspace = true -authors.workspace = true -license.workspace = true -homepage.workspace = true -edition.workspace = true -repository.workspace = true -readme.workspace = true - -[features] -default = [] -simd128 = [] -simd256 = [] - -[dependencies] -libcrux-traits = { path = "../traits" } - -[target.'cfg(any(target_arch = "x86", target_arch = "x86_64"))'.dependencies] -libcrux-polynomials-avx2 = { path = "../polynomials-avx2" } - -[target.'cfg(target_arch = "aarch64")'.dependencies] -libcrux-polynomials-aarch64 = { path = "../polynomials-aarch64" } - -# When using the hax toolchain, we have more dependencies. -# This is only required when doing proofs. -[target.'cfg(hax)'.dependencies] -hax-lib = { version = "0.1.0-pre.1", git = "https://github.com/hacspec/hax/", branch = "main" } diff --git a/polynomials/build.rs b/polynomials/build.rs deleted file mode 100644 index ef1138666..000000000 --- a/polynomials/build.rs +++ /dev/null @@ -1,28 +0,0 @@ -use std::env; - -fn main() { - let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); - let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; - - let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; - - if target_arch == "aarch64" && !disable_simd128 { - // We enable simd128 on all aarch64 builds. - println!("cargo:rustc-cfg=feature=\"simd128\""); - } - if target_arch == "x86_64" && !disable_simd256 { - // We enable simd256 on all x86_64 builds. - // Note that this doesn't mean the required CPU features are available. - // But the compiler will support them and the runtime checks ensure that - // it's only used when available. - // - // We don't enable this on x86 because it seems to generate invalid code. - println!("cargo:rustc-cfg=feature=\"simd256\""); - } -} diff --git a/traits/Cargo.toml b/traits/Cargo.toml deleted file mode 100644 index c8827e1ba..000000000 --- a/traits/Cargo.toml +++ /dev/null @@ -1,11 +0,0 @@ -[package] -name = "libcrux-traits" -version.workspace = true -authors.workspace = true -license.workspace = true -homepage.workspace = true -edition.workspace = true -repository.workspace = true -readme.workspace = true - -[dependencies] From 8738c1879f0d1d66e13aa1ff120a64784fd19094 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 May 2024 17:01:23 +0200 Subject: [PATCH 23/94] fixups and allow portable only extraction --- libcrux-ml-kem/c.sh | 16 ++++++++++++++++ libcrux-ml-kem/src/ind_cca.rs | 18 ++++++++---------- libcrux-ml-kem/src/invert_ntt.rs | 4 ++-- libcrux-ml-kem/src/polynomial.rs | 4 ++-- libcrux-sha3/src/lib.rs | 1 + 5 files changed, 29 insertions(+), 14 deletions(-) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 3df54158a..44238bee1 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -14,6 +14,22 @@ if [[ -z "$EURYDICE_HOME" ]]; then exit 1 fi +portable_only=0 + +# Parse command line arguments. +all_args=("$@") +while [ $# -gt 0 ]; do + case "$1" in + -p | --portable) portable_only=1 ;; + esac + shift +done + +if [[ "$portable_only" = 1 ]]; then + export LIBCRUX_DISABLE_SIMD256=1 + export LIBCRUX_DISABLE_SIMD128=1 +fi + echo "Running charon ..." RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings mkdir -p c diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 370a943a3..a7e97a1f5 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,6 +1,3 @@ -use crate::vector::{Operations, PortableVector}; - -use crate::vector; use crate::{ constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, @@ -10,6 +7,7 @@ use crate::{ ind_cpa::{into_padded_array, serialize_public_key}, serialize::deserialize_ring_elements_reduced, types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey}, + vector::{Operations, PortableVector}, }; /// Seed size for key generation @@ -62,7 +60,7 @@ pub(crate) fn validate_public_key< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, - vector::SIMD256Vector, + crate::vector::SIMD256Vector, >(public_key); #[cfg(not(feature = "simd256"))] validate_public_key_generic::< @@ -80,7 +78,7 @@ pub(crate) fn validate_public_key< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, - vector::SIMD128Vector, + crate::vector::SIMD128Vector, >(public_key); #[cfg(not(feature = "simd128"))] validate_public_key_generic::< @@ -147,7 +145,7 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - vector::SIMD256Vector, + crate::vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(ind_cpa_keypair_randomness, implicit_rejection_value); #[cfg(not(feature = "simd256"))] @@ -175,7 +173,7 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - vector::SIMD128Vector, + crate::vector::SIMD128Vector, hash_functions::neon::Simd128Hash, >(ind_cpa_keypair_randomness, implicit_rejection_value); #[cfg(not(feature = "simd128"))] @@ -278,7 +276,7 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - vector::SIMD256Vector, + crate::vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(public_key, randomness); #[cfg(not(feature = "simd256"))] @@ -450,7 +448,7 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - vector::SIMD256Vector, + crate::vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(private_key, ciphertext); #[cfg(not(feature = "simd256"))] @@ -496,7 +494,7 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - vector::SIMD128Vector, + crate::vector::SIMD128Vector, hash_functions::neon::Simd128Hash, >(private_key, ciphertext); #[cfg(not(feature = "simd128"))] diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 53d83c627..b2957a533 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -76,8 +76,8 @@ pub(crate) fn invert_ntt_at_layer_4_plus( *zeta_i -= 1; let offset = round * step * 2; - let offset_vec = offset / 16; // FIELD_ELEMENTS_IN_VECTOR; - let step_vec = step / 16; // FIELD_ELEMENTS_IN_VECTOR; + let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; + let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { let (x, y) = inv_ntt_layer_int_vec_step_reduce( diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 55e594740..479f409f6 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -13,8 +13,8 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [FieldElementTimesMontgomeryR; 128] = -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628, ]; -pub(crate) const VECTORS_IN_RING_ELEMENT: usize = 16; -// super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; +pub(crate) const VECTORS_IN_RING_ELEMENT: usize = + super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; #[cfg_attr(eurydice, derive(Clone, Copy))] pub(crate) struct PolynomialRingElement { diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index c4f400343..bec247ccc 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -762,6 +762,7 @@ pub mod avx2 { pub struct KeccakState4 { state: KeccakState<4, core::arch::x86_64::__m256i>, } + #[allow(dead_code)] #[cfg(all(feature = "simd128", target_arch = "aarch64"))] pub struct KeccakState4 { state: [crate::neon::x2::incremental::KeccakState2; 2], From 4a445d09751a0ac096cb36976400ffa5b9e7afd0 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 May 2024 19:18:08 +0200 Subject: [PATCH 24/94] fixup avx2 --- libcrux-ml-kem/Cargo.toml | 3 +- libcrux-ml-kem/src/lib.rs | 3 ++ libcrux-ml-kem/src/vector.rs | 29 ++++++-------------- libcrux-ml-kem/src/vector/avx2.rs | 14 ++-------- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 13 +++++---- libcrux-ml-kem/src/vector/avx2/compress.rs | 5 ++-- libcrux-ml-kem/src/vector/avx2/debug.rs | 4 +++ libcrux-ml-kem/src/vector/avx2/intrinsics.rs | 4 +++ libcrux-ml-kem/src/vector/avx2/ntt.rs | 2 +- libcrux-ml-kem/src/vector/avx2/portable.rs | 2 +- libcrux-ml-kem/src/vector/avx2/sampling.rs | 5 ++-- libcrux-ml-kem/src/vector/avx2/serialize.rs | 6 ++-- libcrux-ml-kem/src/vector/neon.rs | 8 ------ libcrux-ml-kem/src/vector/neon/simd128ops.rs | 12 ++++---- libcrux-ml-kem/src/vector/traits.rs | 3 +- libcrux-sha3/src/lib.rs | 1 + 16 files changed, 48 insertions(+), 66 deletions(-) diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 8e58b1852..0f636313d 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -20,10 +20,11 @@ libcrux-sha3 = { version = "0.0.2-pre.2", path = "../libcrux-sha3" } hax-lib = { git = "https://github.com/hacspec/hax/" } [features] -default = [] +default = ["std"] simd128 = ["libcrux-sha3/simd128"] simd256 = ["libcrux-sha3/simd256"] tests = [] # Test utilities. DO NOT USE. +std = [] [dev-dependencies] rand = { version = "0.8" } diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 88459b1bb..6ff037514 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -41,6 +41,9 @@ #![warn(rust_2018_idioms, unused_lifetimes, unused_qualifications)] #![allow(clippy::needless_range_loop)] +#[cfg(feature = "std")] +extern crate std; + pub(crate) mod hax_utils; // This module is declared here since otherwise, hax reports the following error: diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index c847aed1f..b56fbd313 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -29,7 +29,7 @@ pub(crate) use neon::SIMD128Vector; #[cfg(feature = "simd256")] mod avx2; #[cfg(feature = "simd256")] -pub(crate) use libcrux_polynomials_avx2::SIMD256Vector; +pub(crate) use avx2::SIMD256Vector; /// Values having this type hold a representative 'x' of the Kyber field. /// We use 'fe' as a shorthand for this type. @@ -212,11 +212,6 @@ fn zero() -> PortableVector { } } -#[inline(always)] -fn to_i16_array(v: PortableVector) -> [i16; FIELD_ELEMENTS_IN_VECTOR] { - v.elements -} - #[inline(always)] fn from_i16_array(array: &[i16]) -> PortableVector { PortableVector { @@ -269,14 +264,14 @@ fn shift_right(mut v: PortableVector) -> PortableVector { v } -#[inline(always)] -fn shift_left(mut lhs: PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] = lhs.elements[i] << SHIFT_BY; - } +// #[inline(always)] +// fn shift_left(mut lhs: PortableVector) -> PortableVector { +// for i in 0..FIELD_ELEMENTS_IN_VECTOR { +// lhs.elements[i] = lhs.elements[i] << SHIFT_BY; +// } - lhs -} +// lhs +// } #[inline(always)] fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { @@ -1077,10 +1072,6 @@ impl Operations for PortableVector { zero() } - fn to_i16_array(v: Self) -> [i16; FIELD_ELEMENTS_IN_VECTOR] { - to_i16_array(v) - } - fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } @@ -1105,10 +1096,6 @@ impl Operations for PortableVector { shift_right::<{ SHIFT_BY }>(v) } - fn shift_left(v: Self) -> Self { - shift_left::<{ SHIFT_BY }>(v) - } - fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) } diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 71166566b..e91aaa639 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -1,4 +1,4 @@ -use libcrux_traits::Operations; +use super::traits::Operations; #[cfg(test)] mod debug; @@ -7,7 +7,7 @@ mod debug; #[cfg(not(any(eurydice, hax)))] mod intrinsics; #[cfg(not(any(eurydice, hax)))] -pub(crate) use crate::intrinsics::*; +pub(crate) use intrinsics::*; #[cfg(any(eurydice, hax))] mod intrinsics_extraction; #[cfg(any(eurydice, hax))] @@ -51,10 +51,6 @@ impl Operations for SIMD256Vector { zero() } - fn to_i16_array(v: Self) -> [i16; 16] { - to_i16_array(v) - } - fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } @@ -89,12 +85,6 @@ impl Operations for SIMD256Vector { } } - fn shift_left(vector: Self) -> Self { - Self { - elements: arithmetic::shift_left::<{ SHIFT_BY }>(vector.elements), - } - } - fn cond_subtract_3329(vector: Self) -> Self { Self { elements: arithmetic::cond_subtract_3329(vector.elements), diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index fca9c36a7..a980eb75d 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -1,5 +1,6 @@ -use crate::*; -use libcrux_traits::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R}; +use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; + +use super::*; #[inline(always)] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { @@ -26,10 +27,10 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { mm256_srai_epi16::<{ SHIFT_BY }>(vector) } -#[inline(always)] -pub(crate) fn shift_left(vector: Vec256) -> Vec256 { - mm256_slli_epi16::<{ SHIFT_BY }>(vector) -} +// #[inline(always)] +// pub(crate) fn shift_left(vector: Vec256) -> Vec256 { +// mm256_slli_epi16::<{ SHIFT_BY }>(vector) +// } #[inline(always)] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { diff --git a/libcrux-ml-kem/src/vector/avx2/compress.rs b/libcrux-ml-kem/src/vector/avx2/compress.rs index 1c3d106a7..fc5464957 100644 --- a/libcrux-ml-kem/src/vector/avx2/compress.rs +++ b/libcrux-ml-kem/src/vector/avx2/compress.rs @@ -1,5 +1,6 @@ -use crate::*; -use libcrux_traits::FIELD_MODULUS; +use crate::vector::FIELD_MODULUS; + +use super::*; // Multiply the 32-bit numbers contained in |lhs| and |rhs|, and store only // the upper 32 bits of the resulting product. diff --git a/libcrux-ml-kem/src/vector/avx2/debug.rs b/libcrux-ml-kem/src/vector/avx2/debug.rs index 7277a76f6..a9124604e 100644 --- a/libcrux-ml-kem/src/vector/avx2/debug.rs +++ b/libcrux-ml-kem/src/vector/avx2/debug.rs @@ -1,3 +1,7 @@ +#![allow(unsafe_code)] + +use std::println; + #[cfg(target_arch = "x86")] use core::arch::x86::*; #[cfg(target_arch = "x86_64")] diff --git a/libcrux-ml-kem/src/vector/avx2/intrinsics.rs b/libcrux-ml-kem/src/vector/avx2/intrinsics.rs index 83ba39995..2c7af8315 100644 --- a/libcrux-ml-kem/src/vector/avx2/intrinsics.rs +++ b/libcrux-ml-kem/src/vector/avx2/intrinsics.rs @@ -1,3 +1,7 @@ +// TODO: Move this into a separate intrinsics crate. + +#![allow(unsafe_code)] + #[cfg(target_arch = "x86")] pub(crate) use core::arch::x86::*; #[cfg(target_arch = "x86_64")] diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs index d99a1b28b..b571b0ee7 100644 --- a/libcrux-ml-kem/src/vector/avx2/ntt.rs +++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs @@ -1,4 +1,4 @@ -use crate::*; +use super::*; #[inline(always)] pub(crate) fn ntt_layer_1_step( diff --git a/libcrux-ml-kem/src/vector/avx2/portable.rs b/libcrux-ml-kem/src/vector/avx2/portable.rs index 4757d5049..872112632 100644 --- a/libcrux-ml-kem/src/vector/avx2/portable.rs +++ b/libcrux-ml-kem/src/vector/avx2/portable.rs @@ -1,4 +1,4 @@ -pub use libcrux_traits::FIELD_ELEMENTS_IN_VECTOR; +use crate::vector::FIELD_ELEMENTS_IN_VECTOR; type FieldElement = i16; diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index b4de11b48..9c580febb 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -1,10 +1,9 @@ -use crate::{ +use super::{ + super::traits::FIELD_MODULUS, serialize::{deserialize_12, serialize_1}, *, }; -use libcrux_traits::FIELD_MODULUS; - const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ [ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 09234a55b..3c441bdf4 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -1,4 +1,4 @@ -use crate::*; +use super::*; #[inline(always)] pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { @@ -388,7 +388,7 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> Vec256 { #[inline(always)] pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { - let input = portable::from_i16_array(crate::to_i16_array(SIMD256Vector { elements: vector })); + let input = portable::from_i16_array(to_i16_array(SIMD256Vector { elements: vector })); portable::serialize_11(input) } @@ -397,7 +397,7 @@ pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 { let output = portable::deserialize_11(bytes); - crate::from_i16_array(&portable::to_i16_array(output)).elements + from_i16_array(&portable::to_i16_array(output)).elements } #[inline(always)] diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index b34da7c6a..2d6778a4b 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -18,10 +18,6 @@ impl Operations for SIMD128Vector { ZERO() } - fn to_i16_array(v: Self) -> [i16; 16] { - to_i16_array(v) - } - fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } @@ -46,10 +42,6 @@ impl Operations for SIMD128Vector { shift_right::(v) } - fn shift_left(v: Self) -> Self { - shift_left::(v) - } - fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) } diff --git a/libcrux-ml-kem/src/vector/neon/simd128ops.rs b/libcrux-ml-kem/src/vector/neon/simd128ops.rs index 9b51bfa8d..73c1cb10a 100644 --- a/libcrux-ml-kem/src/vector/neon/simd128ops.rs +++ b/libcrux-ml-kem/src/vector/neon/simd128ops.rs @@ -73,12 +73,12 @@ pub(crate) fn shift_right(mut v: SIMD128Vector) -> SIMD128V v } -#[inline(always)] -pub(crate) fn shift_left(mut lhs: SIMD128Vector) -> SIMD128Vector { - lhs.low = _vshlq_n_s16::(lhs.low); - lhs.high = _vshlq_n_s16::(lhs.high); - lhs -} +// #[inline(always)] +// pub(crate) fn shift_left(mut lhs: SIMD128Vector) -> SIMD128Vector { +// lhs.low = _vshlq_n_s16::(lhs.low); +// lhs.high = _vshlq_n_s16::(lhs.high); +// lhs +// } #[inline(always)] pub(crate) fn cond_subtract_3329(mut v: SIMD128Vector) -> SIMD128Vector { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 8166f8589..9fac45c12 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -7,7 +7,6 @@ pub(crate) trait Operations: Copy + Clone { #[allow(non_snake_case)] fn ZERO() -> Self; - fn to_i16_array(v: Self) -> [i16; 16]; fn from_i16_array(array: &[i16]) -> Self; // Basic arithmetic @@ -18,7 +17,7 @@ pub(crate) trait Operations: Copy + Clone { // Bitwise operations fn bitwise_and_with_constant(v: Self, c: i16) -> Self; fn shift_right(v: Self) -> Self; - fn shift_left(v: Self) -> Self; + // fn shift_left(v: Self) -> Self; // Modular operations fn cond_subtract_3329(v: Self) -> Self; diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index bec247ccc..fda408d86 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -419,6 +419,7 @@ pub mod neon { } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] type KeccakState2Internal = KeccakState<2, core::arch::aarch64::uint64x2_t>; + #[allow(dead_code)] #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] pub struct KeccakState2 { state: [crate::portable::KeccakState1; 2], From b13f98652e63fa75c321205d6ee5e6ce2c510f8e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 May 2024 19:19:18 +0200 Subject: [PATCH 25/94] fixup neon --- libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-sha3/src/traits.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index a7e97a1f5..f5e97c63d 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -334,7 +334,7 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - vector::SIMD128Vector, + crate::vector::SIMD128Vector, hash_functions::neon::Simd128Hash, >(public_key, randomness) } else { diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index f8dc30c79..a499305e3 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -1,5 +1,5 @@ /// A trait for multiplexing implementations. -pub trait KeccakItem: Clone + Copy { +pub(crate) trait KeccakItem: Clone + Copy { fn zero() -> Self; fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self; fn rotate_left1_and_xor(a: Self, b: Self) -> Self; From a84d517beea0b7917385b41367e495c869549496 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 27 May 2024 10:46:36 +0200 Subject: [PATCH 26/94] fixups for avx2 extraction --- libcrux-ml-kem/src/vector/avx2.rs | 2 +- libcrux-ml-kem/src/vector/avx2/intrinsics.rs | 2 +- libcrux-ml-kem/src/vector/avx2/sampling.rs | 1762 ++++++++++-------- libcrux-ml-kem/src/vector/avx2/serialize.rs | 10 +- specs/kyber/src/ind_cpa.rs | 4 +- 5 files changed, 1025 insertions(+), 755 deletions(-) diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index e91aaa639..aa7001407 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -35,7 +35,7 @@ fn zero() -> SIMD256Vector { #[inline(always)] fn to_i16_array(v: SIMD256Vector) -> [i16; 16] { let mut output = [0i16; 16]; - mm256_storeu_si256(&mut output[..], v.elements); + mm256_storeu_si256(&mut output, v.elements); output } diff --git a/libcrux-ml-kem/src/vector/avx2/intrinsics.rs b/libcrux-ml-kem/src/vector/avx2/intrinsics.rs index 2c7af8315..eacfa40c9 100644 --- a/libcrux-ml-kem/src/vector/avx2/intrinsics.rs +++ b/libcrux-ml-kem/src/vector/avx2/intrinsics.rs @@ -17,7 +17,7 @@ pub(crate) fn mm256_storeu_si256(output: &mut [i16], vector: __m256i) { } } pub(crate) fn mm_storeu_si128(output: &mut [i16], vector: __m128i) { - debug_assert_eq!(output.len(), 8); + // debug_assert_eq!(output.len(), 8); unsafe { _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); } diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index 9c580febb..f07ab7ba4 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -4,752 +4,1022 @@ use super::{ *, }; +// XXX: Eurydice can't handle the multi-dimensional array. So we construct it in +// two steps. +const REJECTION_SAMPLE_SHUFFLE_TABLE0: [u8; 16] = [ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE1: [u8; 16] = [ + 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE2: [u8; 16] = [ + 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE3: [u8; 16] = [ + 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE4: [u8; 16] = [ + 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE5: [u8; 16] = [ + 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE6: [u8; 16] = [ + 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE7: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE8: [u8; 16] = [ + 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE9: [u8; 16] = [ + 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE10: [u8; 16] = [ + 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE11: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE12: [u8; 16] = [ + 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE13: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE14: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE15: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE16: [u8; 16] = [ + 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE17: [u8; 16] = [ + 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE18: [u8; 16] = [ + 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE19: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE20: [u8; 16] = [ + 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE21: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE22: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE23: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE24: [u8; 16] = [ + 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE25: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE26: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE27: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE28: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE29: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE30: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE31: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE32: [u8; 16] = [ + 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE33: [u8; 16] = [ + 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE34: [u8; 16] = [ + 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE35: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE36: [u8; 16] = [ + 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE37: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE38: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE39: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE40: [u8; 16] = [ + 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE41: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE42: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE43: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE44: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE45: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE46: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE47: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE48: [u8; 16] = [ + 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE49: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE50: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE51: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE52: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE53: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE54: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE55: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE56: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE57: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE58: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE59: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE60: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE61: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE62: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE63: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE64: [u8; 16] = [ + 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE65: [u8; 16] = [ + 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE66: [u8; 16] = [ + 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE67: [u8; 16] = [ + 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE68: [u8; 16] = [ + 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE69: [u8; 16] = [ + 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE70: [u8; 16] = [ + 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE71: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE72: [u8; 16] = [ + 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE73: [u8; 16] = [ + 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE74: [u8; 16] = [ + 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE75: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE76: [u8; 16] = [ + 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE77: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE78: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE79: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE80: [u8; 16] = [ + 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE81: [u8; 16] = [ + 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE82: [u8; 16] = [ + 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE83: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE84: [u8; 16] = [ + 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE85: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE86: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE87: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE88: [u8; 16] = [ + 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE89: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE90: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE91: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE92: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE93: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE94: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE95: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE96: [u8; 16] = [ + 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE97: [u8; 16] = [ + 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE98: [u8; 16] = [ + 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE99: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE100: [u8; 16] = [ + 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE101: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE102: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE103: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE104: [u8; 16] = [ + 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE105: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE106: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE107: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE108: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE109: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE110: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE111: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE112: [u8; 16] = [ + 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE113: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE114: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE115: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE116: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE117: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE118: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE119: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE120: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE121: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE122: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE123: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE124: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE125: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE126: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE127: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE128: [u8; 16] = [ + 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE129: [u8; 16] = [ + 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE130: [u8; 16] = [ + 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE131: [u8; 16] = [ + 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE132: [u8; 16] = [ + 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE133: [u8; 16] = [ + 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE134: [u8; 16] = [ + 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE135: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE136: [u8; 16] = [ + 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE137: [u8; 16] = [ + 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE138: [u8; 16] = [ + 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE139: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE140: [u8; 16] = [ + 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE141: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE142: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE143: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE144: [u8; 16] = [ + 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE145: [u8; 16] = [ + 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE146: [u8; 16] = [ + 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE147: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE148: [u8; 16] = [ + 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE149: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE150: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE151: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE152: [u8; 16] = [ + 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE153: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE154: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE155: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE156: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE157: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE158: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE159: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE160: [u8; 16] = [ + 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE161: [u8; 16] = [ + 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE162: [u8; 16] = [ + 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE163: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE164: [u8; 16] = [ + 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE165: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE166: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE167: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE168: [u8; 16] = [ + 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE169: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE170: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE171: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE172: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE173: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE174: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE175: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE176: [u8; 16] = [ + 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE177: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE178: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE179: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE180: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE181: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE182: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE183: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE184: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE185: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE186: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE187: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE188: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE189: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE190: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE191: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE192: [u8; 16] = [ + 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE193: [u8; 16] = [ + 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE194: [u8; 16] = [ + 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE195: [u8; 16] = [ + 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE196: [u8; 16] = [ + 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE197: [u8; 16] = [ + 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE198: [u8; 16] = [ + 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE199: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE200: [u8; 16] = [ + 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE201: [u8; 16] = [ + 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE202: [u8; 16] = [ + 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE203: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE204: [u8; 16] = [ + 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE205: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE206: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE207: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE208: [u8; 16] = [ + 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE209: [u8; 16] = [ + 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE210: [u8; 16] = [ + 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE211: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE212: [u8; 16] = [ + 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE213: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE214: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE215: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE216: [u8; 16] = [ + 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE217: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE218: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE219: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE220: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE221: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE222: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE223: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE224: [u8; 16] = [ + 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE225: [u8; 16] = [ + 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE226: [u8; 16] = [ + 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE227: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE228: [u8; 16] = [ + 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE229: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE230: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE231: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE232: [u8; 16] = [ + 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE233: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE234: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE235: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE236: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE237: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE238: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE239: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE240: [u8; 16] = [ + 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE241: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE242: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE243: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE244: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE245: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE246: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE247: [u8; 16] = + [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE248: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE249: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE250: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE251: [u8; 16] = + [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE252: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE253: [u8; 16] = + [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE254: [u8; 16] = + [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE255: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; + const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ - [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, - ], // 0 - [ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 1 - [ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 2 - [ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 3 - [ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 4 - [ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 5 - [ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 6 - [ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 7 - [ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 8 - [ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 9 - [ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 10 - [ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 11 - [ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 12 - [ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 13 - [ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 14 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 15 - [ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 16 - [ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 17 - [ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 18 - [ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 19 - [ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 20 - [ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 21 - [ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 22 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 23 - [ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 24 - [ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 25 - [ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 26 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 27 - [ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 28 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 29 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 30 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 31 - [ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 32 - [ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 33 - [ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 34 - [ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 35 - [ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 36 - [ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 37 - [ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 38 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 39 - [ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 40 - [ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 41 - [ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 42 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 43 - [ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 44 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 45 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 46 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 47 - [ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 48 - [ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 49 - [ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 50 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 51 - [ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 52 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 53 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 54 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 55 - [ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 56 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 57 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 58 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 59 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 60 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 61 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 62 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], // 63 - [ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 64 - [ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 65 - [ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 66 - [ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 67 - [ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 68 - [ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 69 - [ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 70 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 71 - [ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 72 - [ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 73 - [ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 74 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 75 - [ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 76 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 77 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 78 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 79 - [ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 80 - [ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 81 - [ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 82 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 83 - [ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 84 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 85 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 86 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 87 - [ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 88 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 89 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 90 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 91 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 92 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 93 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 94 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], // 95 - [ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 96 - [ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 97 - [ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 98 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 99 - [ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 100 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 101 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 102 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 103 - [ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 104 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 105 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 106 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 107 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 108 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 109 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 110 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 111 - [ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 112 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 113 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 114 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 115 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 116 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 117 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 118 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 119 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 120 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 121 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 122 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 123 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 124 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 125 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 126 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], // 127 - [ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 128 - [ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 129 - [ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 130 - [ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 131 - [ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 132 - [ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 133 - [ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 134 - [ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 135 - [ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 136 - [ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 137 - [ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 138 - [ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 139 - [ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 140 - [ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 141 - [ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 142 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 143 - [ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 144 - [ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 145 - [ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 146 - [ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 147 - [ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 148 - [ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 149 - [ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 150 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 151 - [ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 152 - [ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 153 - [ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 154 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 155 - [ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 156 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 157 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 158 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], // 159 - [ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 160 - [ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 161 - [ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 162 - [ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 163 - [ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 164 - [ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 165 - [ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 166 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 167 - [ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 168 - [ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 169 - [ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 170 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 171 - [ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 172 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 173 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 174 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 175 - [ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 176 - [ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 177 - [ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 178 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 179 - [ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 180 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 181 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 182 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 183 - [ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 184 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 185 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 186 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 187 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 188 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 189 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 190 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], // 191 - [ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 192 - [ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 193 - [ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 194 - [ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 195 - [ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 196 - [ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 197 - [ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 198 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 199 - [ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 200 - [ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 201 - [ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 202 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 203 - [ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 204 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 205 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 206 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 207 - [ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 208 - [ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 209 - [ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 210 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 211 - [ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 212 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 213 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 214 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 215 - [ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 216 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 217 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 218 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 219 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 220 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 221 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 222 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], // 223 - [ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 224 - [ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 225 - [ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 226 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 227 - [ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 228 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 229 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 230 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 231 - [ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 232 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 233 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 234 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 235 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 236 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 237 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 238 - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 239 - [ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 240 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 241 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 242 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 243 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 244 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 245 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 246 - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 247 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 248 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 249 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 250 - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 251 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 252 - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 253 - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 254 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], // 255 + REJECTION_SAMPLE_SHUFFLE_TABLE0, + REJECTION_SAMPLE_SHUFFLE_TABLE1, + REJECTION_SAMPLE_SHUFFLE_TABLE2, + REJECTION_SAMPLE_SHUFFLE_TABLE3, + REJECTION_SAMPLE_SHUFFLE_TABLE4, + REJECTION_SAMPLE_SHUFFLE_TABLE5, + REJECTION_SAMPLE_SHUFFLE_TABLE6, + REJECTION_SAMPLE_SHUFFLE_TABLE7, + REJECTION_SAMPLE_SHUFFLE_TABLE8, + REJECTION_SAMPLE_SHUFFLE_TABLE9, + REJECTION_SAMPLE_SHUFFLE_TABLE10, + REJECTION_SAMPLE_SHUFFLE_TABLE11, + REJECTION_SAMPLE_SHUFFLE_TABLE12, + REJECTION_SAMPLE_SHUFFLE_TABLE13, + REJECTION_SAMPLE_SHUFFLE_TABLE14, + REJECTION_SAMPLE_SHUFFLE_TABLE15, + REJECTION_SAMPLE_SHUFFLE_TABLE16, + REJECTION_SAMPLE_SHUFFLE_TABLE17, + REJECTION_SAMPLE_SHUFFLE_TABLE18, + REJECTION_SAMPLE_SHUFFLE_TABLE19, + REJECTION_SAMPLE_SHUFFLE_TABLE20, + REJECTION_SAMPLE_SHUFFLE_TABLE21, + REJECTION_SAMPLE_SHUFFLE_TABLE22, + REJECTION_SAMPLE_SHUFFLE_TABLE23, + REJECTION_SAMPLE_SHUFFLE_TABLE24, + REJECTION_SAMPLE_SHUFFLE_TABLE25, + REJECTION_SAMPLE_SHUFFLE_TABLE26, + REJECTION_SAMPLE_SHUFFLE_TABLE27, + REJECTION_SAMPLE_SHUFFLE_TABLE28, + REJECTION_SAMPLE_SHUFFLE_TABLE29, + REJECTION_SAMPLE_SHUFFLE_TABLE30, + REJECTION_SAMPLE_SHUFFLE_TABLE31, + REJECTION_SAMPLE_SHUFFLE_TABLE32, + REJECTION_SAMPLE_SHUFFLE_TABLE33, + REJECTION_SAMPLE_SHUFFLE_TABLE34, + REJECTION_SAMPLE_SHUFFLE_TABLE35, + REJECTION_SAMPLE_SHUFFLE_TABLE36, + REJECTION_SAMPLE_SHUFFLE_TABLE37, + REJECTION_SAMPLE_SHUFFLE_TABLE38, + REJECTION_SAMPLE_SHUFFLE_TABLE39, + REJECTION_SAMPLE_SHUFFLE_TABLE40, + REJECTION_SAMPLE_SHUFFLE_TABLE41, + REJECTION_SAMPLE_SHUFFLE_TABLE42, + REJECTION_SAMPLE_SHUFFLE_TABLE43, + REJECTION_SAMPLE_SHUFFLE_TABLE44, + REJECTION_SAMPLE_SHUFFLE_TABLE45, + REJECTION_SAMPLE_SHUFFLE_TABLE46, + REJECTION_SAMPLE_SHUFFLE_TABLE47, + REJECTION_SAMPLE_SHUFFLE_TABLE48, + REJECTION_SAMPLE_SHUFFLE_TABLE49, + REJECTION_SAMPLE_SHUFFLE_TABLE50, + REJECTION_SAMPLE_SHUFFLE_TABLE51, + REJECTION_SAMPLE_SHUFFLE_TABLE52, + REJECTION_SAMPLE_SHUFFLE_TABLE53, + REJECTION_SAMPLE_SHUFFLE_TABLE54, + REJECTION_SAMPLE_SHUFFLE_TABLE55, + REJECTION_SAMPLE_SHUFFLE_TABLE56, + REJECTION_SAMPLE_SHUFFLE_TABLE57, + REJECTION_SAMPLE_SHUFFLE_TABLE58, + REJECTION_SAMPLE_SHUFFLE_TABLE59, + REJECTION_SAMPLE_SHUFFLE_TABLE60, + REJECTION_SAMPLE_SHUFFLE_TABLE61, + REJECTION_SAMPLE_SHUFFLE_TABLE62, + REJECTION_SAMPLE_SHUFFLE_TABLE63, + REJECTION_SAMPLE_SHUFFLE_TABLE64, + REJECTION_SAMPLE_SHUFFLE_TABLE65, + REJECTION_SAMPLE_SHUFFLE_TABLE66, + REJECTION_SAMPLE_SHUFFLE_TABLE67, + REJECTION_SAMPLE_SHUFFLE_TABLE68, + REJECTION_SAMPLE_SHUFFLE_TABLE69, + REJECTION_SAMPLE_SHUFFLE_TABLE70, + REJECTION_SAMPLE_SHUFFLE_TABLE71, + REJECTION_SAMPLE_SHUFFLE_TABLE72, + REJECTION_SAMPLE_SHUFFLE_TABLE73, + REJECTION_SAMPLE_SHUFFLE_TABLE74, + REJECTION_SAMPLE_SHUFFLE_TABLE75, + REJECTION_SAMPLE_SHUFFLE_TABLE76, + REJECTION_SAMPLE_SHUFFLE_TABLE77, + REJECTION_SAMPLE_SHUFFLE_TABLE78, + REJECTION_SAMPLE_SHUFFLE_TABLE79, + REJECTION_SAMPLE_SHUFFLE_TABLE80, + REJECTION_SAMPLE_SHUFFLE_TABLE81, + REJECTION_SAMPLE_SHUFFLE_TABLE82, + REJECTION_SAMPLE_SHUFFLE_TABLE83, + REJECTION_SAMPLE_SHUFFLE_TABLE84, + REJECTION_SAMPLE_SHUFFLE_TABLE85, + REJECTION_SAMPLE_SHUFFLE_TABLE86, + REJECTION_SAMPLE_SHUFFLE_TABLE87, + REJECTION_SAMPLE_SHUFFLE_TABLE88, + REJECTION_SAMPLE_SHUFFLE_TABLE89, + REJECTION_SAMPLE_SHUFFLE_TABLE90, + REJECTION_SAMPLE_SHUFFLE_TABLE91, + REJECTION_SAMPLE_SHUFFLE_TABLE92, + REJECTION_SAMPLE_SHUFFLE_TABLE93, + REJECTION_SAMPLE_SHUFFLE_TABLE94, + REJECTION_SAMPLE_SHUFFLE_TABLE95, + REJECTION_SAMPLE_SHUFFLE_TABLE96, + REJECTION_SAMPLE_SHUFFLE_TABLE97, + REJECTION_SAMPLE_SHUFFLE_TABLE98, + REJECTION_SAMPLE_SHUFFLE_TABLE99, + REJECTION_SAMPLE_SHUFFLE_TABLE100, + REJECTION_SAMPLE_SHUFFLE_TABLE101, + REJECTION_SAMPLE_SHUFFLE_TABLE102, + REJECTION_SAMPLE_SHUFFLE_TABLE103, + REJECTION_SAMPLE_SHUFFLE_TABLE104, + REJECTION_SAMPLE_SHUFFLE_TABLE105, + REJECTION_SAMPLE_SHUFFLE_TABLE106, + REJECTION_SAMPLE_SHUFFLE_TABLE107, + REJECTION_SAMPLE_SHUFFLE_TABLE108, + REJECTION_SAMPLE_SHUFFLE_TABLE109, + REJECTION_SAMPLE_SHUFFLE_TABLE110, + REJECTION_SAMPLE_SHUFFLE_TABLE111, + REJECTION_SAMPLE_SHUFFLE_TABLE112, + REJECTION_SAMPLE_SHUFFLE_TABLE113, + REJECTION_SAMPLE_SHUFFLE_TABLE114, + REJECTION_SAMPLE_SHUFFLE_TABLE115, + REJECTION_SAMPLE_SHUFFLE_TABLE116, + REJECTION_SAMPLE_SHUFFLE_TABLE117, + REJECTION_SAMPLE_SHUFFLE_TABLE118, + REJECTION_SAMPLE_SHUFFLE_TABLE119, + REJECTION_SAMPLE_SHUFFLE_TABLE120, + REJECTION_SAMPLE_SHUFFLE_TABLE121, + REJECTION_SAMPLE_SHUFFLE_TABLE122, + REJECTION_SAMPLE_SHUFFLE_TABLE123, + REJECTION_SAMPLE_SHUFFLE_TABLE124, + REJECTION_SAMPLE_SHUFFLE_TABLE125, + REJECTION_SAMPLE_SHUFFLE_TABLE126, + REJECTION_SAMPLE_SHUFFLE_TABLE127, + REJECTION_SAMPLE_SHUFFLE_TABLE128, + REJECTION_SAMPLE_SHUFFLE_TABLE129, + REJECTION_SAMPLE_SHUFFLE_TABLE130, + REJECTION_SAMPLE_SHUFFLE_TABLE131, + REJECTION_SAMPLE_SHUFFLE_TABLE132, + REJECTION_SAMPLE_SHUFFLE_TABLE133, + REJECTION_SAMPLE_SHUFFLE_TABLE134, + REJECTION_SAMPLE_SHUFFLE_TABLE135, + REJECTION_SAMPLE_SHUFFLE_TABLE136, + REJECTION_SAMPLE_SHUFFLE_TABLE137, + REJECTION_SAMPLE_SHUFFLE_TABLE138, + REJECTION_SAMPLE_SHUFFLE_TABLE139, + REJECTION_SAMPLE_SHUFFLE_TABLE140, + REJECTION_SAMPLE_SHUFFLE_TABLE141, + REJECTION_SAMPLE_SHUFFLE_TABLE142, + REJECTION_SAMPLE_SHUFFLE_TABLE143, + REJECTION_SAMPLE_SHUFFLE_TABLE144, + REJECTION_SAMPLE_SHUFFLE_TABLE145, + REJECTION_SAMPLE_SHUFFLE_TABLE146, + REJECTION_SAMPLE_SHUFFLE_TABLE147, + REJECTION_SAMPLE_SHUFFLE_TABLE148, + REJECTION_SAMPLE_SHUFFLE_TABLE149, + REJECTION_SAMPLE_SHUFFLE_TABLE150, + REJECTION_SAMPLE_SHUFFLE_TABLE151, + REJECTION_SAMPLE_SHUFFLE_TABLE152, + REJECTION_SAMPLE_SHUFFLE_TABLE153, + REJECTION_SAMPLE_SHUFFLE_TABLE154, + REJECTION_SAMPLE_SHUFFLE_TABLE155, + REJECTION_SAMPLE_SHUFFLE_TABLE156, + REJECTION_SAMPLE_SHUFFLE_TABLE157, + REJECTION_SAMPLE_SHUFFLE_TABLE158, + REJECTION_SAMPLE_SHUFFLE_TABLE159, + REJECTION_SAMPLE_SHUFFLE_TABLE160, + REJECTION_SAMPLE_SHUFFLE_TABLE161, + REJECTION_SAMPLE_SHUFFLE_TABLE162, + REJECTION_SAMPLE_SHUFFLE_TABLE163, + REJECTION_SAMPLE_SHUFFLE_TABLE164, + REJECTION_SAMPLE_SHUFFLE_TABLE165, + REJECTION_SAMPLE_SHUFFLE_TABLE166, + REJECTION_SAMPLE_SHUFFLE_TABLE167, + REJECTION_SAMPLE_SHUFFLE_TABLE168, + REJECTION_SAMPLE_SHUFFLE_TABLE169, + REJECTION_SAMPLE_SHUFFLE_TABLE170, + REJECTION_SAMPLE_SHUFFLE_TABLE171, + REJECTION_SAMPLE_SHUFFLE_TABLE172, + REJECTION_SAMPLE_SHUFFLE_TABLE173, + REJECTION_SAMPLE_SHUFFLE_TABLE174, + REJECTION_SAMPLE_SHUFFLE_TABLE175, + REJECTION_SAMPLE_SHUFFLE_TABLE176, + REJECTION_SAMPLE_SHUFFLE_TABLE177, + REJECTION_SAMPLE_SHUFFLE_TABLE178, + REJECTION_SAMPLE_SHUFFLE_TABLE179, + REJECTION_SAMPLE_SHUFFLE_TABLE180, + REJECTION_SAMPLE_SHUFFLE_TABLE181, + REJECTION_SAMPLE_SHUFFLE_TABLE182, + REJECTION_SAMPLE_SHUFFLE_TABLE183, + REJECTION_SAMPLE_SHUFFLE_TABLE184, + REJECTION_SAMPLE_SHUFFLE_TABLE185, + REJECTION_SAMPLE_SHUFFLE_TABLE186, + REJECTION_SAMPLE_SHUFFLE_TABLE187, + REJECTION_SAMPLE_SHUFFLE_TABLE188, + REJECTION_SAMPLE_SHUFFLE_TABLE189, + REJECTION_SAMPLE_SHUFFLE_TABLE190, + REJECTION_SAMPLE_SHUFFLE_TABLE191, + REJECTION_SAMPLE_SHUFFLE_TABLE192, + REJECTION_SAMPLE_SHUFFLE_TABLE193, + REJECTION_SAMPLE_SHUFFLE_TABLE194, + REJECTION_SAMPLE_SHUFFLE_TABLE195, + REJECTION_SAMPLE_SHUFFLE_TABLE196, + REJECTION_SAMPLE_SHUFFLE_TABLE197, + REJECTION_SAMPLE_SHUFFLE_TABLE198, + REJECTION_SAMPLE_SHUFFLE_TABLE199, + REJECTION_SAMPLE_SHUFFLE_TABLE200, + REJECTION_SAMPLE_SHUFFLE_TABLE201, + REJECTION_SAMPLE_SHUFFLE_TABLE202, + REJECTION_SAMPLE_SHUFFLE_TABLE203, + REJECTION_SAMPLE_SHUFFLE_TABLE204, + REJECTION_SAMPLE_SHUFFLE_TABLE205, + REJECTION_SAMPLE_SHUFFLE_TABLE206, + REJECTION_SAMPLE_SHUFFLE_TABLE207, + REJECTION_SAMPLE_SHUFFLE_TABLE208, + REJECTION_SAMPLE_SHUFFLE_TABLE209, + REJECTION_SAMPLE_SHUFFLE_TABLE210, + REJECTION_SAMPLE_SHUFFLE_TABLE211, + REJECTION_SAMPLE_SHUFFLE_TABLE212, + REJECTION_SAMPLE_SHUFFLE_TABLE213, + REJECTION_SAMPLE_SHUFFLE_TABLE214, + REJECTION_SAMPLE_SHUFFLE_TABLE215, + REJECTION_SAMPLE_SHUFFLE_TABLE216, + REJECTION_SAMPLE_SHUFFLE_TABLE217, + REJECTION_SAMPLE_SHUFFLE_TABLE218, + REJECTION_SAMPLE_SHUFFLE_TABLE219, + REJECTION_SAMPLE_SHUFFLE_TABLE220, + REJECTION_SAMPLE_SHUFFLE_TABLE221, + REJECTION_SAMPLE_SHUFFLE_TABLE222, + REJECTION_SAMPLE_SHUFFLE_TABLE223, + REJECTION_SAMPLE_SHUFFLE_TABLE224, + REJECTION_SAMPLE_SHUFFLE_TABLE225, + REJECTION_SAMPLE_SHUFFLE_TABLE226, + REJECTION_SAMPLE_SHUFFLE_TABLE227, + REJECTION_SAMPLE_SHUFFLE_TABLE228, + REJECTION_SAMPLE_SHUFFLE_TABLE229, + REJECTION_SAMPLE_SHUFFLE_TABLE230, + REJECTION_SAMPLE_SHUFFLE_TABLE231, + REJECTION_SAMPLE_SHUFFLE_TABLE232, + REJECTION_SAMPLE_SHUFFLE_TABLE233, + REJECTION_SAMPLE_SHUFFLE_TABLE234, + REJECTION_SAMPLE_SHUFFLE_TABLE235, + REJECTION_SAMPLE_SHUFFLE_TABLE236, + REJECTION_SAMPLE_SHUFFLE_TABLE237, + REJECTION_SAMPLE_SHUFFLE_TABLE238, + REJECTION_SAMPLE_SHUFFLE_TABLE239, + REJECTION_SAMPLE_SHUFFLE_TABLE240, + REJECTION_SAMPLE_SHUFFLE_TABLE241, + REJECTION_SAMPLE_SHUFFLE_TABLE242, + REJECTION_SAMPLE_SHUFFLE_TABLE243, + REJECTION_SAMPLE_SHUFFLE_TABLE244, + REJECTION_SAMPLE_SHUFFLE_TABLE245, + REJECTION_SAMPLE_SHUFFLE_TABLE246, + REJECTION_SAMPLE_SHUFFLE_TABLE247, + REJECTION_SAMPLE_SHUFFLE_TABLE248, + REJECTION_SAMPLE_SHUFFLE_TABLE249, + REJECTION_SAMPLE_SHUFFLE_TABLE250, + REJECTION_SAMPLE_SHUFFLE_TABLE251, + REJECTION_SAMPLE_SHUFFLE_TABLE252, + REJECTION_SAMPLE_SHUFFLE_TABLE253, + REJECTION_SAMPLE_SHUFFLE_TABLE254, + REJECTION_SAMPLE_SHUFFLE_TABLE255, ]; #[inline(always)] @@ -792,7 +1062,7 @@ pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { let lower_coefficients = mm_shuffle_epi8(lower_coefficients, lower_shuffles); // ... then write them out ... - mm_storeu_si128(&mut output[0..8], lower_coefficients); + mm_storeu_si128(output, lower_coefficients); // ... and finally count the number of bits of |good[0]| so we know how many // were actually sampled diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 3c441bdf4..fa7468cc7 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -154,7 +154,7 @@ pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { let combined = mm256_castsi256_si128(combined); // ... so that we can read them out in one go. - mm_storeu_bytes_si128(&mut serialized[..], combined); + mm_storeu_bytes_si128(&mut serialized, combined); serialized[0..8].try_into().unwrap() } @@ -365,12 +365,12 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> Vec256 { 1 << 6, ); - let lower_coefficients = mm_loadu_si128(bytes[0..16].try_into().unwrap()); + let lower_coefficients = mm_loadu_si128(&bytes[0..16]); let lower_coefficients = mm_shuffle_epi8( lower_coefficients, mm_set_epi8(9, 8, 8, 7, 7, 6, 6, 5, 4, 3, 3, 2, 2, 1, 1, 0), ); - let upper_coefficients = mm_loadu_si128(bytes[4..20].try_into().unwrap()); + let upper_coefficients = mm_loadu_si128(&bytes[4..20]); let upper_coefficients = mm_shuffle_epi8( upper_coefficients, mm_set_epi8(15, 14, 14, 13, 13, 12, 12, 11, 10, 9, 9, 8, 8, 7, 7, 6), @@ -468,12 +468,12 @@ pub(crate) fn deserialize_12(bytes: &[u8]) -> Vec256 { 1 << 4, ); - let lower_coefficients = mm_loadu_si128(bytes[0..16].try_into().unwrap()); + let lower_coefficients = mm_loadu_si128(&bytes[0..16]); let lower_coefficients = mm_shuffle_epi8( lower_coefficients, mm_set_epi8(11, 10, 10, 9, 8, 7, 7, 6, 5, 4, 4, 3, 2, 1, 1, 0), ); - let upper_coefficients = mm_loadu_si128(bytes[8..24].try_into().unwrap()); + let upper_coefficients = mm_loadu_si128(&bytes[8..24]); let upper_coefficients = mm_shuffle_epi8( upper_coefficients, mm_set_epi8(15, 14, 14, 13, 12, 11, 11, 10, 9, 8, 8, 7, 6, 5, 5, 4), diff --git a/specs/kyber/src/ind_cpa.rs b/specs/kyber/src/ind_cpa.rs index 9598dea60..7fb7ce4bd 100644 --- a/specs/kyber/src/ind_cpa.rs +++ b/specs/kyber/src/ind_cpa.rs @@ -133,7 +133,7 @@ pub(crate) fn generate_keypair( // η₁ * 64 = 2 * 64 sampling coins let prf_output: [u8; 128] = PRF(&prf_input); - secret[i] = sample_poly_cbd(2, &prf_output[..]); + secret[i] = sample_poly_cbd(2, &prf_output); } // for(i ← 0; i < k; i++) @@ -149,7 +149,7 @@ pub(crate) fn generate_keypair( // η₂ * 64 = 2 * 64 sampling coins let prf_output: [u8; 128] = PRF(&prf_input); - error[i] = sample_poly_cbd(2, &prf_output[..]); + error[i] = sample_poly_cbd(2, &prf_output); } // ŝ ← NTT(s) From 0b6dd0fa993db02d26bd4e4848403b9db0f39503 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 27 May 2024 10:54:36 +0200 Subject: [PATCH 27/94] allow extracting everywhere --- libcrux-ml-kem/build.rs | 26 ++++++++++++++++---------- libcrux-ml-kem/c.sh | 10 +++++++--- libcrux-ml-kem/src/ind_cca.rs | 8 ++++---- libcrux-ml-kem/src/vector/avx2.rs | 2 +- 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/build.rs b/libcrux-ml-kem/build.rs index ef1138666..91a6fae70 100644 --- a/libcrux-ml-kem/build.rs +++ b/libcrux-ml-kem/build.rs @@ -2,21 +2,20 @@ use std::env; fn main() { let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); - let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; + let disable_simd128 = read_env("LIBCRUX_DISABLE_SIMD128"); + let disable_simd256 = read_env("LIBCRUX_DISABLE_SIMD256"); - let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; + // Force a simd build. Make sure you know what you're doing. + let enable_simd128 = read_env("LIBCRUX_ENABLE_SIMD128"); + let enable_simd256 = read_env("LIBCRUX_ENABLE_SIMD256"); - if target_arch == "aarch64" && !disable_simd128 { + let simd128_possible = target_arch == "aarch64"; + if (simd128_possible || enable_simd128) && !disable_simd128 { // We enable simd128 on all aarch64 builds. println!("cargo:rustc-cfg=feature=\"simd128\""); } - if target_arch == "x86_64" && !disable_simd256 { + let simd126_possible = target_arch == "x86_64"; + if (simd126_possible || enable_simd256) && !disable_simd256 { // We enable simd256 on all x86_64 builds. // Note that this doesn't mean the required CPU features are available. // But the compiler will support them and the runtime checks ensure that @@ -26,3 +25,10 @@ fn main() { println!("cargo:rustc-cfg=feature=\"simd256\""); } } + +fn read_env(key: &str) -> bool { + match env::var(key) { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + } +} diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 44238bee1..36d83280e 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -15,12 +15,14 @@ if [[ -z "$EURYDICE_HOME" ]]; then fi portable_only=0 +no_hacl=0 # Parse command line arguments. all_args=("$@") while [ $# -gt 0 ]; do case "$1" in -p | --portable) portable_only=1 ;; + --no-hacl) no_hacl=1 ;; esac shift done @@ -31,7 +33,7 @@ if [[ "$portable_only" = 1 ]]; then fi echo "Running charon ..." -RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings +LIBCRUX_ENABLE_SIMD128=1 LIBCRUX_ENABLE_SIMD256=1 RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings mkdir -p c cd c @@ -39,11 +41,13 @@ echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . -if [[ -n "$HACL_PACKAGES_HOME" ]]; then +if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ cp *.h $HACL_PACKAGES_HOME/libcrux/include cp *.c $HACL_PACKAGES_HOME/libcrux/src -else +elif [[ "$no_hacl" = 0 ]] echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 +else + echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 fi diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index f5e97c63d..d6ee358e4 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -62,7 +62,7 @@ pub(crate) fn validate_public_key< PUBLIC_KEY_SIZE, crate::vector::SIMD256Vector, >(public_key); - #[cfg(not(feature = "simd256"))] + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] validate_public_key_generic::< K, RANKED_BYTES_PER_RING_ELEMENT, @@ -148,7 +148,7 @@ pub(crate) fn generate_keypair< crate::vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(ind_cpa_keypair_randomness, implicit_rejection_value); - #[cfg(not(feature = "simd256"))] + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] generate_keypair_generic::< K, CPA_PRIVATE_KEY_SIZE, @@ -279,7 +279,7 @@ pub(crate) fn encapsulate< crate::vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(public_key, randomness); - #[cfg(not(feature = "simd256"))] + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] encapsulate_generic::< K, CIPHERTEXT_SIZE, @@ -451,7 +451,7 @@ pub(crate) fn decapsulate< crate::vector::SIMD256Vector, hash_functions::avx2::Simd256Hash, >(private_key, ciphertext); - #[cfg(not(feature = "simd256"))] + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] return decapsulate_generic::< K, SECRET_KEY_SIZE, diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index aa7001407..cca502998 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -1,6 +1,6 @@ use super::traits::Operations; -#[cfg(test)] +#[cfg(all(feature = "simd256", target_arch = "x86_64", test))] mod debug; // When extracting F* or C, we don't want to extract this file. From 66c2e554124e9e802ad99e724bb4e4da4f606dbf Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 27 May 2024 13:32:13 +0200 Subject: [PATCH 28/94] fixup c.sh --- libcrux-ml-kem/c.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 36d83280e..fbee63cf7 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -46,7 +46,7 @@ if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ cp *.h $HACL_PACKAGES_HOME/libcrux/include cp *.c $HACL_PACKAGES_HOME/libcrux/src -elif [[ "$no_hacl" = 0 ]] +elif [[ "$no_hacl" = 0 ]]; then echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 else echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 From 03461b636c23ac02d97bd78f04c04575a134fb85 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 27 May 2024 20:24:47 +0200 Subject: [PATCH 29/94] add new config c2.yml --- libcrux-ml-kem/c2.yml | 55 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 libcrux-ml-kem/c2.yml diff --git a/libcrux-ml-kem/c2.yml b/libcrux-ml-kem/c2.yml new file mode 100644 index 000000000..3b09976ed --- /dev/null +++ b/libcrux-ml-kem/c2.yml @@ -0,0 +1,55 @@ +files: + # XXX: This doesn't do anything? + - name: libcrux_sha3 + api: + - [libcrux_sha3] + + - name: libcrux_platform + api: + - [libcrux_platform] + + - name: libcrux_neon_intrinsics + api: + - [libcrux_ml_kem, vector, neon, intrinsics] + + - name: libcrux_mlkem_vector + api: + - [libcrux_ml_kem, vector, traits] + + - name: libcrux_mlkem_neon + api: + # XXX: How do I get all the neon functions in here? + - [libcrux_ml_kem, vector, neon, "*"] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem512 + api: + - [libcrux_ml_kem, mlkem512] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem768 + api: + - [libcrux_ml_kem, mlkem768] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem1027 + api: + - [libcrux_ml_kem, mlkem1024] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem_common + private: + - [libcrux_mlkem, "*"] + include_in_h: + - '"libcrux_hacl_glue.h"' + inline_static: true + + - name: core + private: + - [core, "*"] + api: + - [Eurydice, "*"] From cd1de6b7c7013ba52ea248133c0766a788d7cf9f Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 10:58:07 +0200 Subject: [PATCH 30/94] externalize intrinsics into a `libcrux-intrinsics` crate --- Cargo.toml | 1 + libcrux-intrinsics/Cargo.toml | 23 +++ libcrux-intrinsics/build.rs | 28 +++ .../src/arm64.rs | 2 - libcrux-intrinsics/src/avx2.rs | 45 +++++ libcrux-intrinsics/src/lib.rs | 4 + libcrux-ml-kem/Cargo.toml | 1 + libcrux-ml-kem/src/vector/neon.rs | 1 - libcrux-ml-kem/src/vector/neon/simd128ops.rs | 3 +- libcrux-sha3/Cargo.toml | 1 + libcrux-sha3/src/simd/avx2.rs | 180 ++++++++---------- 11 files changed, 182 insertions(+), 107 deletions(-) create mode 100644 libcrux-intrinsics/Cargo.toml create mode 100644 libcrux-intrinsics/build.rs rename libcrux-ml-kem/src/vector/neon/intrinsics.rs => libcrux-intrinsics/src/arm64.rs (99%) create mode 100644 libcrux-intrinsics/src/avx2.rs create mode 100644 libcrux-intrinsics/src/lib.rs diff --git a/Cargo.toml b/Cargo.toml index 769e0291b..4505f7d11 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,7 @@ members = [ "libcrux-simd", "libcrux-sha3", "libcrux-ml-dsa", + "libcrux-intrinsics", ] [workspace.package] diff --git a/libcrux-intrinsics/Cargo.toml b/libcrux-intrinsics/Cargo.toml new file mode 100644 index 000000000..8316c3d87 --- /dev/null +++ b/libcrux-intrinsics/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "libcrux-intrinsics" +version.workspace = true +authors.workspace = true +license.workspace = true +homepage.workspace = true +edition.workspace = true +repository.workspace = true +readme.workspace = true + +[dependencies] +# libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } + +# This is only required for verification. +# The hax config is set by the hax toolchain. +[target.'cfg(hax)'.dependencies] +hax-lib = { git = "https://github.com/hacspec/hax/" } + +[features] +simd128 = [] +simd256 = [] + +[dev-dependencies] diff --git a/libcrux-intrinsics/build.rs b/libcrux-intrinsics/build.rs new file mode 100644 index 000000000..ef1138666 --- /dev/null +++ b/libcrux-intrinsics/build.rs @@ -0,0 +1,28 @@ +use std::env; + +fn main() { + let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); + let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + }; + + let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + }; + + if target_arch == "aarch64" && !disable_simd128 { + // We enable simd128 on all aarch64 builds. + println!("cargo:rustc-cfg=feature=\"simd128\""); + } + if target_arch == "x86_64" && !disable_simd256 { + // We enable simd256 on all x86_64 builds. + // Note that this doesn't mean the required CPU features are available. + // But the compiler will support them and the runtime checks ensure that + // it's only used when available. + // + // We don't enable this on x86 because it seems to generate invalid code. + println!("cargo:rustc-cfg=feature=\"simd256\""); + } +} diff --git a/libcrux-ml-kem/src/vector/neon/intrinsics.rs b/libcrux-intrinsics/src/arm64.rs similarity index 99% rename from libcrux-ml-kem/src/vector/neon/intrinsics.rs rename to libcrux-intrinsics/src/arm64.rs index 5eebb50fd..432fb3c52 100644 --- a/libcrux-ml-kem/src/vector/neon/intrinsics.rs +++ b/libcrux-intrinsics/src/arm64.rs @@ -1,5 +1,3 @@ -// TODO: Move this into a separate intrinsics crate. - #![allow(non_camel_case_types, unsafe_code)] pub(crate) use core::arch::aarch64::*; diff --git a/libcrux-intrinsics/src/avx2.rs b/libcrux-intrinsics/src/avx2.rs new file mode 100644 index 000000000..01f91fee2 --- /dev/null +++ b/libcrux-intrinsics/src/avx2.rs @@ -0,0 +1,45 @@ +pub use core::arch::x86_64::*; + +#[inline(always)] +pub fn mm256_xor_si256(a: __m256i, b: __m256i) -> __m256i { + unsafe { _mm256_xor_si256(a, b) } +} + +#[inline(always)] +pub fn mm256_slli_epi64(x: __m256i) -> __m256i { + unsafe { _mm256_slli_epi64::(x) } +} + +#[inline(always)] +pub fn mm256_srli_epi64(x: __m256i) -> __m256i { + unsafe { _mm256_srli_epi64::(x) } +} + +#[inline(always)] +pub fn mm256_andnot_si256(a: __m256i, b: __m256i) -> __m256i { + unsafe { _mm256_andnot_si256(a, b) } +} +#[inline(always)] +pub fn mm256_set1_epi64x(a: i64) -> __m256i { + unsafe { _mm256_set1_epi64x(a) } +} +#[inline(always)] +pub fn mm256_loadu_si256(mem_addr: *const __m256i) -> __m256i { + unsafe { _mm256_loadu_si256(mem_addr) } +} +#[inline(always)] +pub fn mm256_unpacklo_epi64(a: __m256i, b: __m256i) -> __m256i { + unsafe { _mm256_unpacklo_epi64(a, b) } +} +#[inline(always)] +pub fn mm256_unpackhi_epi64(a: __m256i, b: __m256i) -> __m256i { + unsafe { _mm256_unpackhi_epi64(a, b) } +} +#[inline(always)] +pub fn mm256_permute2x128_si256(a: __m256i, b: __m256i) -> __m256i { + unsafe { _mm256_permute2x128_si256::(a, b) } +} +#[inline(always)] +pub fn mm256_storeu_si256(mem_addr: *mut __m256i, a: __m256i) { + unsafe { _mm256_storeu_si256(mem_addr, a) } +} diff --git a/libcrux-intrinsics/src/lib.rs b/libcrux-intrinsics/src/lib.rs new file mode 100644 index 000000000..984c70fa3 --- /dev/null +++ b/libcrux-intrinsics/src/lib.rs @@ -0,0 +1,4 @@ +#[cfg(feature = "simd128")] +pub mod arm64; +#[cfg(feature = "simd256")] +pub mod avx2; diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 0f636313d..ecb2670ab 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -13,6 +13,7 @@ exclude = ["/tests", "/implementation_notes.pdf"] rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-pre.2", path = "../libcrux-sha3" } +libcrux-intrinsics = { version = "0.0.2-pre.2", path = "../libcrux-intrinsics" } # This is only required for verification. # The hax config is set by the hax toolchain. diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 2d6778a4b..5b7b011b4 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -2,7 +2,6 @@ use super::{Operations, FIELD_MODULUS}; -mod intrinsics; // mod rejsample; mod simd128ops; diff --git a/libcrux-ml-kem/src/vector/neon/simd128ops.rs b/libcrux-ml-kem/src/vector/neon/simd128ops.rs index 73c1cb10a..132d813d9 100644 --- a/libcrux-ml-kem/src/vector/neon/simd128ops.rs +++ b/libcrux-ml-kem/src/vector/neon/simd128ops.rs @@ -2,7 +2,8 @@ use crate::vector::traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; -use super::{intrinsics::*, FIELD_MODULUS}; +use super::FIELD_MODULUS; +use libcrux_intrinsics::arm64::*; #[derive(Clone, Copy)] pub struct SIMD128Vector { diff --git a/libcrux-sha3/Cargo.toml b/libcrux-sha3/Cargo.toml index b8bb92749..e4bd40fad 100644 --- a/libcrux-sha3/Cargo.toml +++ b/libcrux-sha3/Cargo.toml @@ -10,6 +10,7 @@ readme.workspace = true [dependencies] libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } +libcrux-intrinsics = { version = "0.0.2-pre.2", path = "../libcrux-intrinsics" } # This is only required for verification. # The hax config is set by the hax toolchain. diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index 153270906..cf37d45f2 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -1,79 +1,72 @@ use core::arch::x86_64::*; use crate::traits::*; +use libcrux_intrinsics::avx2::*; #[inline(always)] fn rotate_left(x: __m256i) -> __m256i { debug_assert!(LEFT + RIGHT == 64); // XXX: This could be done more efficiently, if the shift values are multiples of 8. - unsafe { _mm256_xor_si256(_mm256_slli_epi64::(x), _mm256_srli_epi64::(x)) } + mm256_xor_si256(mm256_slli_epi64::(x), mm256_srli_epi64::(x)) } #[inline(always)] fn _veor5q_u64(a: __m256i, b: __m256i, c: __m256i, d: __m256i, e: __m256i) -> __m256i { - let ab = unsafe { _mm256_xor_si256(a, b) }; - let cd = unsafe { _mm256_xor_si256(c, d) }; - let abcd = unsafe { _mm256_xor_si256(ab, cd) }; - unsafe { _mm256_xor_si256(abcd, e) } + let ab = mm256_xor_si256(a, b); + let cd = mm256_xor_si256(c, d); + let abcd = mm256_xor_si256(ab, cd); + mm256_xor_si256(abcd, e) } #[inline(always)] fn _vrax1q_u64(a: __m256i, b: __m256i) -> __m256i { - unsafe { _mm256_xor_si256(a, rotate_left::<1, 63>(b)) } + mm256_xor_si256(a, rotate_left::<1, 63>(b)) } #[inline(always)] fn _vxarq_u64(a: __m256i, b: __m256i) -> __m256i { - let ab = unsafe { _mm256_xor_si256(a, b) }; + let ab = mm256_xor_si256(a, b); rotate_left::(ab) } #[inline(always)] fn _vbcaxq_u64(a: __m256i, b: __m256i, c: __m256i) -> __m256i { - unsafe { _mm256_xor_si256(a, _mm256_andnot_si256(c, b)) } + mm256_xor_si256(a, mm256_andnot_si256(c, b)) } #[inline(always)] fn _veorq_n_u64(a: __m256i, c: u64) -> __m256i { // Casting here is required, doesn't change the value. - let c = unsafe { _mm256_set1_epi64x(c as i64) }; - unsafe { _mm256_xor_si256(a, c) } + let c = mm256_set1_epi64x(c as i64); + mm256_xor_si256(a, c) } #[inline(always)] pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [&[u8]; 4]) { debug_assert!(RATE <= blocks[0].len() && RATE % 8 == 0 && (RATE % 32 == 8 || RATE % 32 == 16)); for i in 0..RATE / 32 { - let v0 = unsafe { - _mm256_loadu_si256(blocks[0][32 * i..32 * (i + 1)].as_ptr() as *const __m256i) - }; - let v1 = unsafe { - _mm256_loadu_si256(blocks[1][32 * i..32 * (i + 1)].as_ptr() as *const __m256i) - }; - let v2 = unsafe { - _mm256_loadu_si256(blocks[2][32 * i..32 * (i + 1)].as_ptr() as *const __m256i) - }; - let v3 = unsafe { - _mm256_loadu_si256(blocks[3][32 * i..32 * (i + 1)].as_ptr() as *const __m256i) - }; - - let v0l = unsafe { _mm256_unpacklo_epi64(v0, v1) }; // 0 0 2 2 - let v1h = unsafe { _mm256_unpackhi_epi64(v0, v1) }; // 1 1 3 3 - let v2l = unsafe { _mm256_unpacklo_epi64(v2, v3) }; // 0 0 2 2 - let v3h = unsafe { _mm256_unpackhi_epi64(v2, v3) }; // 1 1 3 3 - - let v0 = unsafe { _mm256_permute2x128_si256(v0l, v2l, 0x20) }; // 0 0 0 0 - let v1 = unsafe { _mm256_permute2x128_si256(v1h, v3h, 0x20) }; // 1 1 1 1 - let v2 = unsafe { _mm256_permute2x128_si256(v0l, v2l, 0x31) }; // 2 2 2 2 - let v3 = unsafe { _mm256_permute2x128_si256(v1h, v3h, 0x31) }; // 3 3 3 3 - - s[(4 * i) / 5][(4 * i) % 5] = unsafe { _mm256_xor_si256(s[(4 * i) / 5][(4 * i) % 5], v0) }; + let v0 = mm256_loadu_si256(blocks[0][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); + let v1 = mm256_loadu_si256(blocks[1][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); + let v2 = mm256_loadu_si256(blocks[2][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); + let v3 = mm256_loadu_si256(blocks[3][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); + + let v0l = mm256_unpacklo_epi64(v0, v1); // 0 0 2 2 + let v1h = mm256_unpackhi_epi64(v0, v1); // 1 1 3 3 + let v2l = mm256_unpacklo_epi64(v2, v3); // 0 0 2 2 + let v3h = mm256_unpackhi_epi64(v2, v3); // 1 1 3 3 + + let v0 = mm256_permute2x128_si256::<0x20>(v0l, v2l); // 0 0 0 0 + let v1 = mm256_permute2x128_si256::<0x20>(v1h, v3h); // 1 1 1 1 + let v2 = mm256_permute2x128_si256::<0x31>(v0l, v2l); // 2 2 2 2 + let v3 = mm256_permute2x128_si256::<0x31>(v1h, v3h); // 3 3 3 3 + + s[(4 * i) / 5][(4 * i) % 5] = mm256_xor_si256(s[(4 * i) / 5][(4 * i) % 5], v0); s[(4 * i + 1) / 5][(4 * i + 1) % 5] = - unsafe { _mm256_xor_si256(s[(4 * i + 1) / 5][(4 * i + 1) % 5], v1) }; + mm256_xor_si256(s[(4 * i + 1) / 5][(4 * i + 1) % 5], v1); s[(4 * i + 2) / 5][(4 * i + 2) % 5] = - unsafe { _mm256_xor_si256(s[(4 * i + 2) / 5][(4 * i + 2) % 5], v2) }; + mm256_xor_si256(s[(4 * i + 2) / 5][(4 * i + 2) % 5], v2); s[(4 * i + 3) / 5][(4 * i + 3) % 5] = - unsafe { _mm256_xor_si256(s[(4 * i + 3) / 5][(4 * i + 3) % 5], v3) }; + mm256_xor_si256(s[(4 * i + 3) / 5][(4 * i + 3) % 5], v3); } let rem = RATE % 32; // has to be 8 or 16 @@ -83,20 +76,20 @@ pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [ u8s[8..16].copy_from_slice(&blocks[1][start..start + 8]); u8s[16..24].copy_from_slice(&blocks[2][start..start + 8]); u8s[24..32].copy_from_slice(&blocks[3][start..start + 8]); - let u = unsafe { _mm256_loadu_si256(u8s.as_ptr() as *const __m256i) }; + let u = mm256_loadu_si256(u8s.as_ptr() as *const __m256i); let i = (4 * (RATE / 32)) / 5; let j = (4 * (RATE / 32)) % 5; - s[i][j] = unsafe { _mm256_xor_si256(s[i][j], u) }; + s[i][j] = mm256_xor_si256(s[i][j], u); if rem == 16 { let mut u8s = [0u8; 32]; u8s[0..8].copy_from_slice(&blocks[0][start + 8..start + 16]); u8s[8..16].copy_from_slice(&blocks[1][start + 8..start + 16]); u8s[16..24].copy_from_slice(&blocks[2][start + 8..start + 16]); u8s[24..32].copy_from_slice(&blocks[3][start + 8..start + 16]); - let u = unsafe { _mm256_loadu_si256(u8s.as_ptr() as *const __m256i) }; + let u = mm256_loadu_si256(u8s.as_ptr() as *const __m256i); let i = (4 * (RATE / 32) + 1) / 5; let j = (4 * (RATE / 32) + 1) % 5; - s[i][j] = unsafe { _mm256_xor_si256(s[i][j], u) }; + s[i][j] = mm256_xor_si256(s[i][j], u); } } @@ -112,64 +105,45 @@ pub(crate) fn load_block_full( #[inline(always)] pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [u8]; 4]) { for i in 0..RATE / 32 { - let v0l = unsafe { - _mm256_permute2x128_si256( - s[(4 * i) / 5][(4 * i) % 5], - s[(4 * i + 2) / 5][(4 * i + 2) % 5], - 0x20, - ) - }; // 0 0 2 2 - let v1h = unsafe { - _mm256_permute2x128_si256( - s[(4 * i + 1) / 5][(4 * i + 1) % 5], - s[(4 * i + 3) / 5][(4 * i + 3) % 5], - 0x20, - ) - }; // 1 1 3 3 - let v2l = unsafe { - _mm256_permute2x128_si256( - s[(4 * i) / 5][(4 * i) % 5], - s[(4 * i + 2) / 5][(4 * i + 2) % 5], - 0x31, - ) - }; // 0 0 2 2 - let v3h = unsafe { - _mm256_permute2x128_si256( - s[(4 * i + 1) / 5][(4 * i + 1) % 5], - s[(4 * i + 3) / 5][(4 * i + 3) % 5], - 0x31, - ) - }; // 1 1 3 3 - - let v0 = unsafe { _mm256_unpacklo_epi64(v0l, v1h) }; // 0 1 2 3 - let v1 = unsafe { _mm256_unpackhi_epi64(v0l, v1h) }; // 0 1 2 3 - let v2 = unsafe { _mm256_unpacklo_epi64(v2l, v3h) }; // 0 1 2 3 - let v3 = unsafe { _mm256_unpackhi_epi64(v2l, v3h) }; // 0 1 2 3 - - unsafe { - _mm256_storeu_si256( - out[0][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v0, - ) - }; - unsafe { - _mm256_storeu_si256( - out[1][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v1, - ) - }; - unsafe { - _mm256_storeu_si256( - out[2][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v2, - ) - }; - unsafe { - _mm256_storeu_si256( - out[3][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v3, - ) - }; + let v0l = mm256_permute2x128_si256::<0x20>( + s[(4 * i) / 5][(4 * i) % 5], + s[(4 * i + 2) / 5][(4 * i + 2) % 5], + ); + // 0 0 2 2 + let v1h = mm256_permute2x128_si256::<0x20>( + s[(4 * i + 1) / 5][(4 * i + 1) % 5], + s[(4 * i + 3) / 5][(4 * i + 3) % 5], + ); // 1 1 3 3 + let v2l = mm256_permute2x128_si256::<0x31>( + s[(4 * i) / 5][(4 * i) % 5], + s[(4 * i + 2) / 5][(4 * i + 2) % 5], + ); // 0 0 2 2 + let v3h = mm256_permute2x128_si256::<0x31>( + s[(4 * i + 1) / 5][(4 * i + 1) % 5], + s[(4 * i + 3) / 5][(4 * i + 3) % 5], + ); // 1 1 3 3 + + let v0 = mm256_unpacklo_epi64(v0l, v1h); // 0 1 2 3 + let v1 = mm256_unpackhi_epi64(v0l, v1h); // 0 1 2 3 + let v2 = mm256_unpacklo_epi64(v2l, v3h); // 0 1 2 3 + let v3 = mm256_unpackhi_epi64(v2l, v3h); // 0 1 2 3 + + mm256_storeu_si256( + out[0][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, + v0, + ); + mm256_storeu_si256( + out[1][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, + v1, + ); + mm256_storeu_si256( + out[2][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, + v2, + ); + mm256_storeu_si256( + out[3][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, + v3, + ); } let rem = RATE % 32; // has to be 8 or 16 @@ -177,7 +151,7 @@ pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [ let mut u8s = [0u8; 32]; let i = (4 * (RATE / 32)) / 5; let j = (4 * (RATE / 32)) % 5; - unsafe { _mm256_storeu_si256(u8s.as_mut_ptr() as *mut __m256i, s[i][j]) }; + mm256_storeu_si256(u8s.as_mut_ptr() as *mut __m256i, s[i][j]); out[0][start..start + 8].copy_from_slice(&u8s[0..8]); out[1][start..start + 8].copy_from_slice(&u8s[8..16]); out[2][start..start + 8].copy_from_slice(&u8s[16..24]); @@ -186,7 +160,7 @@ pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [ let mut u8s = [0u8; 32]; let i = (4 * (RATE / 32) + 1) / 5; let j = (4 * (RATE / 32) + 1) % 5; - unsafe { _mm256_storeu_si256(u8s.as_mut_ptr() as *mut __m256i, s[i][j]) }; + mm256_storeu_si256(u8s.as_mut_ptr() as *mut __m256i, s[i][j]); out[0][start + 8..start + 16].copy_from_slice(&u8s[0..8]); out[1][start + 8..start + 16].copy_from_slice(&u8s[8..16]); out[2][start + 8..start + 16].copy_from_slice(&u8s[16..24]); @@ -227,7 +201,7 @@ fn split_at_mut_4(out: [&mut [u8]; 4], mid: usize) -> ([&mut [u8]; 4], [&mut [u8 impl KeccakItem<4> for __m256i { #[inline(always)] fn zero() -> Self { - unsafe { _mm256_set1_epi64x(0) } + mm256_set1_epi64x(0) } #[inline(always)] fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self { @@ -251,7 +225,7 @@ impl KeccakItem<4> for __m256i { } #[inline(always)] fn xor(a: Self, b: Self) -> Self { - unsafe { _mm256_xor_si256(a, b) } + mm256_xor_si256(a, b) } #[inline(always)] fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 4]) { From d9500568bb1cbb60f7f7a015d5d2c4f947f52328 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 28 May 2024 11:13:17 +0200 Subject: [PATCH 31/94] fixup neon; add new extraction (broken) --- libcrux-intrinsics/src/arm64.rs | 135 +-- libcrux-ml-kem/c.sh | 11 +- libcrux-ml-kem/c.yaml | 110 +- libcrux-ml-kem/c2.yml | 55 - libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/lib.rs | 2 +- libcrux-ml-kem/src/types.rs | 10 +- libcrux-ml-kem/src/vector.rs | 4 + libcrux-ml-kem/src/vector/avx2/sampling.rs | 1020 +--------------- libcrux-ml-kem/src/vector/avx2/serialize.rs | 3 +- libcrux-ml-kem/src/vector/neon.rs | 2 +- libcrux-ml-kem/src/vector/neon/rejsample.rs | 774 +----------- libcrux-ml-kem/src/vector/neon/simd128ops.rs | 18 +- libcrux-ml-kem/src/vector/rej_sample_table.rs | 1034 +++++++++++++++++ 14 files changed, 1241 insertions(+), 1939 deletions(-) delete mode 100644 libcrux-ml-kem/c2.yml create mode 100644 libcrux-ml-kem/src/vector/rej_sample_table.rs diff --git a/libcrux-intrinsics/src/arm64.rs b/libcrux-intrinsics/src/arm64.rs index 432fb3c52..2753789fe 100644 --- a/libcrux-intrinsics/src/arm64.rs +++ b/libcrux-intrinsics/src/arm64.rs @@ -1,282 +1,285 @@ #![allow(non_camel_case_types, unsafe_code)] -pub(crate) use core::arch::aarch64::*; +use core::arch::aarch64::*; + +pub type _int16x8_t = int16x8_t; +pub type _uint32x4_t = uint32x4_t; #[inline(always)] -pub(crate) fn _vdupq_n_s16(i: i16) -> int16x8_t { +pub fn _vdupq_n_s16(i: i16) -> int16x8_t { unsafe { vdupq_n_s16(i) } } #[inline(always)] -pub(crate) fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { +pub fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { unsafe { vst1q_s16(out.as_mut_ptr(), v) } } #[inline(always)] -pub(crate) fn _vld1q_s16(array: &[i16]) -> int16x8_t { +pub fn _vld1q_s16(array: &[i16]) -> int16x8_t { unsafe { vld1q_s16(array.as_ptr()) } } #[inline(always)] -pub(crate) fn _vaddq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { +pub fn _vaddq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { unsafe { vaddq_s16(lhs, rhs) } } #[inline(always)] -pub(crate) fn _vsubq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { +pub fn _vsubq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { unsafe { vsubq_s16(lhs, rhs) } } #[inline(always)] -pub(crate) fn _vmulq_n_s16(v: int16x8_t, c: i16) -> int16x8_t { +pub fn _vmulq_n_s16(v: int16x8_t, c: i16) -> int16x8_t { unsafe { vmulq_n_s16(v, c) } } #[inline(always)] -pub(crate) fn _vmulq_n_u16(v: uint16x8_t, c: u16) -> uint16x8_t { +pub fn _vmulq_n_u16(v: uint16x8_t, c: u16) -> uint16x8_t { unsafe { vmulq_n_u16(v, c) } } #[inline(always)] -pub(crate) fn _vshrq_n_s16(v: int16x8_t) -> int16x8_t { +pub fn _vshrq_n_s16(v: int16x8_t) -> int16x8_t { unsafe { vshrq_n_s16::(v) } } #[inline(always)] -pub(crate) fn _vshrq_n_u16(v: uint16x8_t) -> uint16x8_t { +pub fn _vshrq_n_u16(v: uint16x8_t) -> uint16x8_t { unsafe { vshrq_n_u16::(v) } } #[inline(always)] -pub(crate) fn _vshlq_n_s16(v: int16x8_t) -> int16x8_t { +pub fn _vshlq_n_s16(v: int16x8_t) -> int16x8_t { unsafe { vshlq_n_s16::(v) } } #[inline(always)] -pub(crate) fn _vshlq_n_u32(v: uint32x4_t) -> uint32x4_t { +pub fn _vshlq_n_u32(v: uint32x4_t) -> uint32x4_t { unsafe { vshlq_n_u32::(v) } } #[inline(always)] -pub(crate) fn _vqdmulhq_n_s16(k: int16x8_t, b: i16) -> int16x8_t { +pub fn _vqdmulhq_n_s16(k: int16x8_t, b: i16) -> int16x8_t { unsafe { vqdmulhq_n_s16(k, b) } } #[inline(always)] -pub(crate) fn _vqdmulhq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { +pub fn _vqdmulhq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { unsafe { vqdmulhq_s16(v, c) } } #[inline(always)] -pub(crate) fn _vcgeq_s16(v: int16x8_t, c: int16x8_t) -> uint16x8_t { +pub fn _vcgeq_s16(v: int16x8_t, c: int16x8_t) -> uint16x8_t { unsafe { vcgeq_s16(v, c) } } #[inline(always)] -pub(crate) fn _vandq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { +pub fn _vandq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { unsafe { vandq_s16(a, b) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s16_u16(m0: uint16x8_t) -> int16x8_t { +pub fn _vreinterpretq_s16_u16(m0: uint16x8_t) -> int16x8_t { unsafe { vreinterpretq_s16_u16(m0) } } #[inline(always)] -pub(crate) fn _vreinterpretq_u16_s16(m0: int16x8_t) -> uint16x8_t { +pub fn _vreinterpretq_u16_s16(m0: int16x8_t) -> uint16x8_t { unsafe { vreinterpretq_u16_s16(m0) } } #[inline(always)] -pub(crate) fn _vmulq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { +pub fn _vmulq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { unsafe { vmulq_s16(v, c) } } #[inline(always)] -pub(crate) fn _veorq_s16(mask: int16x8_t, shifted: int16x8_t) -> int16x8_t { +pub fn _veorq_s16(mask: int16x8_t, shifted: int16x8_t) -> int16x8_t { unsafe { veorq_s16(mask, shifted) } } #[inline(always)] -pub(crate) fn _vdupq_n_u32(value: u32) -> uint32x4_t { +pub fn _vdupq_n_u32(value: u32) -> uint32x4_t { unsafe { vdupq_n_u32(value) } } #[inline(always)] -pub(crate) fn _vaddq_u32(compressed: uint32x4_t, half: uint32x4_t) -> uint32x4_t { +pub fn _vaddq_u32(compressed: uint32x4_t, half: uint32x4_t) -> uint32x4_t { unsafe { vaddq_u32(compressed, half) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s32_u32(compressed: uint32x4_t) -> int32x4_t { +pub fn _vreinterpretq_s32_u32(compressed: uint32x4_t) -> int32x4_t { unsafe { vreinterpretq_s32_u32(compressed) } } #[inline(always)] -pub(crate) fn _vqdmulhq_n_s32(a: int32x4_t, b: i32) -> int32x4_t { +pub fn _vqdmulhq_n_s32(a: int32x4_t, b: i32) -> int32x4_t { unsafe { vqdmulhq_n_s32(a, b) } } #[inline(always)] -pub(super) fn _vreinterpretq_u32_s32(a: int32x4_t) -> uint32x4_t { +pub fn _vreinterpretq_u32_s32(a: int32x4_t) -> uint32x4_t { unsafe { vreinterpretq_u32_s32(a) } } #[inline(always)] -pub(super) fn _vshrq_n_u32(a: uint32x4_t) -> uint32x4_t { +pub fn _vshrq_n_u32(a: uint32x4_t) -> uint32x4_t { unsafe { vshrq_n_u32::(a) } } #[inline(always)] -pub(crate) fn _vandq_u32(a: uint32x4_t, b: uint32x4_t) -> uint32x4_t { +pub fn _vandq_u32(a: uint32x4_t, b: uint32x4_t) -> uint32x4_t { unsafe { vandq_u32(a, b) } } #[inline(always)] -pub(crate) fn _vreinterpretq_u32_s16(a: int16x8_t) -> uint32x4_t { +pub fn _vreinterpretq_u32_s16(a: int16x8_t) -> uint32x4_t { unsafe { vreinterpretq_u32_s16(a) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s16_u32(a: uint32x4_t) -> int16x8_t { +pub fn _vreinterpretq_s16_u32(a: uint32x4_t) -> int16x8_t { unsafe { vreinterpretq_s16_u32(a) } } #[inline(always)] -pub(crate) fn _vtrn1q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { +pub fn _vtrn1q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { unsafe { vtrn1q_s16(a, b) } } #[inline(always)] -pub(crate) fn _vtrn2q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { +pub fn _vtrn2q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { unsafe { vtrn2q_s16(a, b) } } #[inline(always)] -pub(crate) fn _vmulq_n_u32(a: uint32x4_t, b: u32) -> uint32x4_t { +pub fn _vmulq_n_u32(a: uint32x4_t, b: u32) -> uint32x4_t { unsafe { vmulq_n_u32(a, b) } } #[inline(always)] -pub(super) fn _vtrn1q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { +pub fn _vtrn1q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { unsafe { vtrn1q_s32(a, b) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s16_s32(a: int32x4_t) -> int16x8_t { +pub fn _vreinterpretq_s16_s32(a: int32x4_t) -> int16x8_t { unsafe { vreinterpretq_s16_s32(a) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s32_s16(a: int16x8_t) -> int32x4_t { +pub fn _vreinterpretq_s32_s16(a: int16x8_t) -> int32x4_t { unsafe { vreinterpretq_s32_s16(a) } } #[inline(always)] -pub(super) fn _vtrn2q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { +pub fn _vtrn2q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { unsafe { vtrn2q_s32(a, b) } } #[inline(always)] -pub(crate) fn _vtrn1q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { +pub fn _vtrn1q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { unsafe { vtrn1q_s64(a, b) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s16_s64(a: int64x2_t) -> int16x8_t { +pub fn _vreinterpretq_s16_s64(a: int64x2_t) -> int16x8_t { unsafe { vreinterpretq_s16_s64(a) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s64_s16(a: int16x8_t) -> int64x2_t { +pub fn _vreinterpretq_s64_s16(a: int16x8_t) -> int64x2_t { unsafe { vreinterpretq_s64_s16(a) } } #[inline(always)] -pub(crate) fn _vtrn2q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { +pub fn _vtrn2q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { unsafe { vtrn2q_s64(a, b) } } #[inline(always)] -pub(crate) fn _vmull_s16(a: int16x4_t, b: int16x4_t) -> int32x4_t { +pub fn _vmull_s16(a: int16x4_t, b: int16x4_t) -> int32x4_t { unsafe { vmull_s16(a, b) } } #[inline(always)] -pub(crate) fn _vget_low_s16(a: int16x8_t) -> int16x4_t { +pub fn _vget_low_s16(a: int16x8_t) -> int16x4_t { unsafe { vget_low_s16(a) } } #[inline(always)] -pub(crate) fn _vmull_high_s16(a: int16x8_t, b: int16x8_t) -> int32x4_t { +pub fn _vmull_high_s16(a: int16x8_t, b: int16x8_t) -> int32x4_t { unsafe { vmull_high_s16(a, b) } } #[inline(always)] -pub(crate) fn _vmlal_s16(a: int32x4_t, b: int16x4_t, c: int16x4_t) -> int32x4_t { +pub fn _vmlal_s16(a: int32x4_t, b: int16x4_t, c: int16x4_t) -> int32x4_t { unsafe { vmlal_s16(a, b, c) } } #[inline(always)] -pub(crate) fn _vmlal_high_s16(a: int32x4_t, b: int16x8_t, c: int16x8_t) -> int32x4_t { +pub fn _vmlal_high_s16(a: int32x4_t, b: int16x8_t, c: int16x8_t) -> int32x4_t { unsafe { vmlal_high_s16(a, b, c) } } #[inline(always)] -pub(crate) fn _vld1q_u8(ptr: &[u8]) -> uint8x16_t { +pub fn _vld1q_u8(ptr: &[u8]) -> uint8x16_t { unsafe { vld1q_u8(ptr.as_ptr()) } } #[inline(always)] -pub(crate) fn _vreinterpretq_u8_s16(a: int16x8_t) -> uint8x16_t { +pub fn _vreinterpretq_u8_s16(a: int16x8_t) -> uint8x16_t { unsafe { vreinterpretq_u8_s16(a) } } #[inline(always)] -pub(crate) fn _vqtbl1q_u8(t: uint8x16_t, idx: uint8x16_t) -> uint8x16_t { +pub fn _vqtbl1q_u8(t: uint8x16_t, idx: uint8x16_t) -> uint8x16_t { unsafe { vqtbl1q_u8(t, idx) } } #[inline(always)] -pub(crate) fn _vreinterpretq_s16_u8(a: uint8x16_t) -> int16x8_t { +pub fn _vreinterpretq_s16_u8(a: uint8x16_t) -> int16x8_t { unsafe { vreinterpretq_s16_u8(a) } } #[inline(always)] -pub(crate) fn _vshlq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { +pub fn _vshlq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { unsafe { vshlq_s16(a, b) } } #[inline(always)] -pub(crate) fn _vshlq_u16(a: uint16x8_t, b: int16x8_t) -> uint16x8_t { +pub fn _vshlq_u16(a: uint16x8_t, b: int16x8_t) -> uint16x8_t { unsafe { vshlq_u16(a, b) } } #[inline(always)] -pub(crate) fn _vaddv_u16(a: uint16x4_t) -> u16 { +pub fn _vaddv_u16(a: uint16x4_t) -> u16 { unsafe { vaddv_u16(a) } } #[inline(always)] -pub(crate) fn _vget_low_u16(a: uint16x8_t) -> uint16x4_t { +pub fn _vget_low_u16(a: uint16x8_t) -> uint16x4_t { unsafe { vget_low_u16(a) } } #[inline(always)] -pub(crate) fn _vget_high_u16(a: uint16x8_t) -> uint16x4_t { +pub fn _vget_high_u16(a: uint16x8_t) -> uint16x4_t { unsafe { vget_high_u16(a) } } #[inline(always)] -pub(crate) fn _vaddvq_s16(a: int16x8_t) -> i16 { +pub fn _vaddvq_s16(a: int16x8_t) -> i16 { unsafe { vaddvq_s16(a) } } #[inline(always)] -pub(super) fn _vsliq_n_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { +pub fn _vsliq_n_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { unsafe { vsliq_n_s32::(a, b) } } #[inline(always)] -pub(super) fn _vreinterpretq_s64_s32(a: int32x4_t) -> int64x2_t { +pub fn _vreinterpretq_s64_s32(a: int32x4_t) -> int64x2_t { unsafe { vreinterpretq_s64_s32(a) } } #[inline(always)] -pub(super) fn _vsliq_n_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { +pub fn _vsliq_n_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { unsafe { vsliq_n_s64::(a, b) } } #[inline(always)] -pub(super) fn _vreinterpretq_u8_s64(a: int64x2_t) -> uint8x16_t { +pub fn _vreinterpretq_u8_s64(a: int64x2_t) -> uint8x16_t { unsafe { vreinterpretq_u8_s64(a) } } #[inline(always)] -pub(super) fn _vst1q_u8(out: &mut [u8], v: uint8x16_t) { +pub fn _vst1q_u8(out: &mut [u8], v: uint8x16_t) { unsafe { vst1q_u8(out.as_mut_ptr(), v) } } #[inline(always)] -pub(crate) fn _vdupq_n_u16(value: u16) -> uint16x8_t { +pub fn _vdupq_n_u16(value: u16) -> uint16x8_t { unsafe { vdupq_n_u16(value) } } #[inline(always)] -pub(crate) fn _vandq_u16(a: uint16x8_t, b: uint16x8_t) -> uint16x8_t { +pub fn _vandq_u16(a: uint16x8_t, b: uint16x8_t) -> uint16x8_t { unsafe { vandq_u16(a, b) } } #[inline(always)] -pub(crate) fn _vreinterpretq_u16_u8(a: uint8x16_t) -> uint16x8_t { +pub fn _vreinterpretq_u16_u8(a: uint8x16_t) -> uint16x8_t { unsafe { vreinterpretq_u16_u8(a) } } #[inline(always)] -pub(crate) fn _vld1q_u16(ptr: &[u16]) -> uint16x8_t { +pub fn _vld1q_u16(ptr: &[u16]) -> uint16x8_t { unsafe { vld1q_u16(ptr.as_ptr()) } } #[inline(always)] -pub(crate) fn _vcleq_s16(a: int16x8_t, b: int16x8_t) -> uint16x8_t { +pub fn _vcleq_s16(a: int16x8_t, b: int16x8_t) -> uint16x8_t { unsafe { vcleq_s16(a, b) } } #[inline(always)] -pub(crate) fn _vaddvq_u16(a: uint16x8_t) -> u16 { +pub fn _vaddvq_u16(a: uint16x8_t) -> u16 { unsafe { vaddvq_u16(a) } } diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index fbee63cf7..51eb6f233 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -16,6 +16,7 @@ fi portable_only=0 no_hacl=0 +no_charon=0 # Parse command line arguments. all_args=("$@") @@ -23,6 +24,7 @@ while [ $# -gt 0 ]; do case "$1" in -p | --portable) portable_only=1 ;; --no-hacl) no_hacl=1 ;; + --no-charon) no_charon=1 ;; esac shift done @@ -32,8 +34,13 @@ if [[ "$portable_only" = 1 ]]; then export LIBCRUX_DISABLE_SIMD128=1 fi -echo "Running charon ..." -LIBCRUX_ENABLE_SIMD128=1 LIBCRUX_ENABLE_SIMD256=1 RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings +if [[ "$no_charon" = 0 ]]; then + echo "Running charon ..." + LIBCRUX_ENABLE_SIMD128=1 LIBCRUX_ENABLE_SIMD256=1 RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings +else + echo "Skipping charon" +fi + mkdir -p c cd c diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index cf2f2d91e..2afc70837 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,19 +1,111 @@ files: - - name: libcrux_digest + - name: libcrux_sha3 api: - - [libcrux, digest] - include_in_h: - - '"libcrux_hacl_glue.h"' + - [libcrux_sha3, "*"] + + # - name: libcrux_mlkem_sha3_neon + # specialized_over_trait_impl: + # - [libcrux_ml_kem, hash_functions, neon, "*"] + # api: + # - [libcrux_ml_kem, hash_functions, neon, "*"] + + - name: libcrux_mlkem_sha3_avx2 + specialized_over_trait_impl: + - [libcrux_ml_kem, hash_functions, avx2, "*"] + api: + - [libcrux_ml_kem, hash_functions, avx2, "*"] + + - name: libcrux_mlkem_sha3 + api: + - [libcrux_ml_kem, hash_functions, "*"] + - name: libcrux_platform api: - - [libcrux_platform] - - name: libcrux_kyber + - [libcrux_platform, "*"] + + - name: libcrux_neon_intrinsics + library: true + # inline_static: true api: - - [libcrux_kyber, kyber768] - private: - - [libcrux_kyber, "*"] + - [libcrux_ml_kem, vector, neon, intrinsics] + + - name: libcrux_avx2_intrinsics + library: true + # inline_static: true + api: + - [libcrux_ml_kem, vector, avx2, intrinsics_extraction] + + - name: libcrux_mlkem_vector + api: + - [libcrux_ml_kem, vector, traits] + - [libcrux_ml_kem, vector] + + - name: libcrux_mlkem_constants + api: + - [libcrux_ml_kem, constants] + + - name: libcrux_mlkem_ctops + api: + - [libcrux_ml_kem, constant_time_ops] + + # Extras needed for the C code from eurydice + - name: libcrux_mlkem_eurydice + api: + - [libcrux_ml_kem, eurydice_types, "*"] + + - name: libcrux_mlkem_neon + api: + - [libcrux_ml_kem, vector, neon, "*"] + - [libcrux_ml_kem, hash_functions, neon, "*"] + specialized_over_trait_impl: + - [libcrux_ml_kem, hash_functions, neon, "*"] + - [libcrux_ml_kem, vector, neon, "*"] + include_in_c: + - '"libcrux_hacl_glue.h"' + + # - name: libcrux_mlkem_avx2 + # api: + # - [libcrux_ml_kem, vector, avx2, "*"] + # specialized_over_trait_impl: + # - [libcrux_ml_kem, vector, avx2, "*"] + # include_in_c: + # - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem_sha3 + api: + - [libcrux_ml_kem, hash_functions, "*"] + specialized_over_trait_impl: + - [libcrux_ml_kem, hash_functions, "*"] include_in_c: - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem512 + api: + - [libcrux_ml_kem, mlkem512] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem768 + api: + - [libcrux_ml_kem, mlkem768] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem1027 + api: + - [libcrux_ml_kem, mlkem1024] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_mlkem_common + private: + - [libcrux_mlkem, "*"] + include_in_h: + - '"libcrux_hacl_glue.h"' + inline_static: true + - name: core private: - [core, "*"] + api: + - [Eurydice, "*"] diff --git a/libcrux-ml-kem/c2.yml b/libcrux-ml-kem/c2.yml deleted file mode 100644 index 3b09976ed..000000000 --- a/libcrux-ml-kem/c2.yml +++ /dev/null @@ -1,55 +0,0 @@ -files: - # XXX: This doesn't do anything? - - name: libcrux_sha3 - api: - - [libcrux_sha3] - - - name: libcrux_platform - api: - - [libcrux_platform] - - - name: libcrux_neon_intrinsics - api: - - [libcrux_ml_kem, vector, neon, intrinsics] - - - name: libcrux_mlkem_vector - api: - - [libcrux_ml_kem, vector, traits] - - - name: libcrux_mlkem_neon - api: - # XXX: How do I get all the neon functions in here? - - [libcrux_ml_kem, vector, neon, "*"] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_mlkem512 - api: - - [libcrux_ml_kem, mlkem512] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_mlkem768 - api: - - [libcrux_ml_kem, mlkem768] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_mlkem1027 - api: - - [libcrux_ml_kem, mlkem1024] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_mlkem_common - private: - - [libcrux_mlkem, "*"] - include_in_h: - - '"libcrux_hacl_glue.h"' - inline_static: true - - - name: core - private: - - [core, "*"] - api: - - [Eurydice, "*"] diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index d6ee358e4..f3c6de701 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -565,7 +565,7 @@ pub(crate) fn decapsulate_generic< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - let (ind_cpa_secret_key, secret_key) = private_key.split_at(CPA_SECRET_KEY_SIZE); + let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 6ff037514..e0687c7f8 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -37,7 +37,7 @@ //! [F*]: https://fstar-lang.org #![no_std] -#![deny(unsafe_code)] +#![forbid(unsafe_code)] #![warn(rust_2018_idioms, unused_lifetimes, unused_qualifications)] #![allow(clippy::needless_range_loop)] diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index edcc43d0c..def249817 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -49,11 +49,11 @@ macro_rules! impl_generic_struct { } // This is only used for some of the macro callers. - #[allow(dead_code)] - /// Split this value and return the raw byte slices. - pub(crate) fn split_at(&self, mid: usize) -> (&[u8], &[u8]) { - self.value.split_at(mid) - } + // #[allow(dead_code)] + // /// Split this value and return the raw byte slices. + // pub(crate) fn split_at(&self, mid: usize) -> (&[u8], &[u8]) { + // self.value.split_at(mid) + // } #[cfg(feature = "tests")] /// The number of bytes. diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index b56fbd313..ceae95450 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -17,6 +17,10 @@ pub(crate) use traits::{ Operations, FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS, }; +// XXX: This is not used on neon right now +#[cfg(feature = "simd256")] +pub(crate) mod rej_sample_table; + // There's no runtime detection here. This either exposes the real SIMD vector, // or the portable when the feature is not set. // diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index f07ab7ba4..9ce5c20f8 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -1,1027 +1,9 @@ use super::{ - super::traits::FIELD_MODULUS, + super::{rej_sample_table::REJECTION_SAMPLE_SHUFFLE_TABLE, traits::FIELD_MODULUS}, serialize::{deserialize_12, serialize_1}, *, }; -// XXX: Eurydice can't handle the multi-dimensional array. So we construct it in -// two steps. -const REJECTION_SAMPLE_SHUFFLE_TABLE0: [u8; 16] = [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE1: [u8; 16] = [ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE2: [u8; 16] = [ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE3: [u8; 16] = [ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE4: [u8; 16] = [ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE5: [u8; 16] = [ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE6: [u8; 16] = [ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE7: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE8: [u8; 16] = [ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE9: [u8; 16] = [ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE10: [u8; 16] = [ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE11: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE12: [u8; 16] = [ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE13: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE14: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE15: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE16: [u8; 16] = [ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE17: [u8; 16] = [ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE18: [u8; 16] = [ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE19: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE20: [u8; 16] = [ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE21: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE22: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE23: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE24: [u8; 16] = [ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE25: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE26: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE27: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE28: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE29: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE30: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE31: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE32: [u8; 16] = [ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE33: [u8; 16] = [ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE34: [u8; 16] = [ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE35: [u8; 16] = [ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE36: [u8; 16] = [ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE37: [u8; 16] = [ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE38: [u8; 16] = [ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE39: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE40: [u8; 16] = [ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE41: [u8; 16] = [ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE42: [u8; 16] = [ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE43: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE44: [u8; 16] = [ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE45: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE46: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE47: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE48: [u8; 16] = [ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE49: [u8; 16] = [ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE50: [u8; 16] = [ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE51: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE52: [u8; 16] = [ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE53: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE54: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE55: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE56: [u8; 16] = [ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE57: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE58: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE59: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE60: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE61: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE62: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE63: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE64: [u8; 16] = [ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE65: [u8; 16] = [ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE66: [u8; 16] = [ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE67: [u8; 16] = [ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE68: [u8; 16] = [ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE69: [u8; 16] = [ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE70: [u8; 16] = [ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE71: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE72: [u8; 16] = [ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE73: [u8; 16] = [ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE74: [u8; 16] = [ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE75: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE76: [u8; 16] = [ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE77: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE78: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE79: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE80: [u8; 16] = [ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE81: [u8; 16] = [ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE82: [u8; 16] = [ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE83: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE84: [u8; 16] = [ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE85: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE86: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE87: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE88: [u8; 16] = [ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE89: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE90: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE91: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE92: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE93: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE94: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE95: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE96: [u8; 16] = [ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE97: [u8; 16] = [ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE98: [u8; 16] = [ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE99: [u8; 16] = [ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE100: [u8; 16] = [ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE101: [u8; 16] = [ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE102: [u8; 16] = [ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE103: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE104: [u8; 16] = [ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE105: [u8; 16] = [ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE106: [u8; 16] = [ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE107: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE108: [u8; 16] = [ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE109: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE110: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE111: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE112: [u8; 16] = [ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE113: [u8; 16] = [ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE114: [u8; 16] = [ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE115: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE116: [u8; 16] = [ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE117: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE118: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE119: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE120: [u8; 16] = [ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE121: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE122: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE123: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE124: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE125: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE126: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE127: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE128: [u8; 16] = [ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE129: [u8; 16] = [ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE130: [u8; 16] = [ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE131: [u8; 16] = [ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE132: [u8; 16] = [ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE133: [u8; 16] = [ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE134: [u8; 16] = [ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE135: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE136: [u8; 16] = [ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE137: [u8; 16] = [ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE138: [u8; 16] = [ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE139: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE140: [u8; 16] = [ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE141: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE142: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE143: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE144: [u8; 16] = [ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE145: [u8; 16] = [ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE146: [u8; 16] = [ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE147: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE148: [u8; 16] = [ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE149: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE150: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE151: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE152: [u8; 16] = [ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE153: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE154: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE155: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE156: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE157: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE158: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE159: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE160: [u8; 16] = [ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE161: [u8; 16] = [ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE162: [u8; 16] = [ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE163: [u8; 16] = [ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE164: [u8; 16] = [ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE165: [u8; 16] = [ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE166: [u8; 16] = [ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE167: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE168: [u8; 16] = [ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE169: [u8; 16] = [ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE170: [u8; 16] = [ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE171: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE172: [u8; 16] = [ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE173: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE174: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE175: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE176: [u8; 16] = [ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE177: [u8; 16] = [ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE178: [u8; 16] = [ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE179: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE180: [u8; 16] = [ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE181: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE182: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE183: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE184: [u8; 16] = [ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE185: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE186: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE187: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE188: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE189: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE190: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE191: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE192: [u8; 16] = [ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE193: [u8; 16] = [ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE194: [u8; 16] = [ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE195: [u8; 16] = [ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE196: [u8; 16] = [ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE197: [u8; 16] = [ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE198: [u8; 16] = [ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE199: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE200: [u8; 16] = [ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE201: [u8; 16] = [ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE202: [u8; 16] = [ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE203: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE204: [u8; 16] = [ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE205: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE206: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE207: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE208: [u8; 16] = [ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE209: [u8; 16] = [ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE210: [u8; 16] = [ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE211: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE212: [u8; 16] = [ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE213: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE214: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE215: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE216: [u8; 16] = [ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE217: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE218: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE219: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE220: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE221: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE222: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE223: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE224: [u8; 16] = [ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE225: [u8; 16] = [ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE226: [u8; 16] = [ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE227: [u8; 16] = [ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE228: [u8; 16] = [ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE229: [u8; 16] = [ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE230: [u8; 16] = [ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE231: [u8; 16] = [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE232: [u8; 16] = [ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE233: [u8; 16] = [ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE234: [u8; 16] = [ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE235: [u8; 16] = [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE236: [u8; 16] = [ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE237: [u8; 16] = [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE238: [u8; 16] = [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE239: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE240: [u8; 16] = [ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE241: [u8; 16] = [ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE242: [u8; 16] = [ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE243: [u8; 16] = [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE244: [u8; 16] = [ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE245: [u8; 16] = [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE246: [u8; 16] = [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE247: [u8; 16] = - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE248: [u8; 16] = [ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE249: [u8; 16] = [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE250: [u8; 16] = [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE251: [u8; 16] = - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE252: [u8; 16] = [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE253: [u8; 16] = - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE254: [u8; 16] = - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE255: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; - -const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ - REJECTION_SAMPLE_SHUFFLE_TABLE0, - REJECTION_SAMPLE_SHUFFLE_TABLE1, - REJECTION_SAMPLE_SHUFFLE_TABLE2, - REJECTION_SAMPLE_SHUFFLE_TABLE3, - REJECTION_SAMPLE_SHUFFLE_TABLE4, - REJECTION_SAMPLE_SHUFFLE_TABLE5, - REJECTION_SAMPLE_SHUFFLE_TABLE6, - REJECTION_SAMPLE_SHUFFLE_TABLE7, - REJECTION_SAMPLE_SHUFFLE_TABLE8, - REJECTION_SAMPLE_SHUFFLE_TABLE9, - REJECTION_SAMPLE_SHUFFLE_TABLE10, - REJECTION_SAMPLE_SHUFFLE_TABLE11, - REJECTION_SAMPLE_SHUFFLE_TABLE12, - REJECTION_SAMPLE_SHUFFLE_TABLE13, - REJECTION_SAMPLE_SHUFFLE_TABLE14, - REJECTION_SAMPLE_SHUFFLE_TABLE15, - REJECTION_SAMPLE_SHUFFLE_TABLE16, - REJECTION_SAMPLE_SHUFFLE_TABLE17, - REJECTION_SAMPLE_SHUFFLE_TABLE18, - REJECTION_SAMPLE_SHUFFLE_TABLE19, - REJECTION_SAMPLE_SHUFFLE_TABLE20, - REJECTION_SAMPLE_SHUFFLE_TABLE21, - REJECTION_SAMPLE_SHUFFLE_TABLE22, - REJECTION_SAMPLE_SHUFFLE_TABLE23, - REJECTION_SAMPLE_SHUFFLE_TABLE24, - REJECTION_SAMPLE_SHUFFLE_TABLE25, - REJECTION_SAMPLE_SHUFFLE_TABLE26, - REJECTION_SAMPLE_SHUFFLE_TABLE27, - REJECTION_SAMPLE_SHUFFLE_TABLE28, - REJECTION_SAMPLE_SHUFFLE_TABLE29, - REJECTION_SAMPLE_SHUFFLE_TABLE30, - REJECTION_SAMPLE_SHUFFLE_TABLE31, - REJECTION_SAMPLE_SHUFFLE_TABLE32, - REJECTION_SAMPLE_SHUFFLE_TABLE33, - REJECTION_SAMPLE_SHUFFLE_TABLE34, - REJECTION_SAMPLE_SHUFFLE_TABLE35, - REJECTION_SAMPLE_SHUFFLE_TABLE36, - REJECTION_SAMPLE_SHUFFLE_TABLE37, - REJECTION_SAMPLE_SHUFFLE_TABLE38, - REJECTION_SAMPLE_SHUFFLE_TABLE39, - REJECTION_SAMPLE_SHUFFLE_TABLE40, - REJECTION_SAMPLE_SHUFFLE_TABLE41, - REJECTION_SAMPLE_SHUFFLE_TABLE42, - REJECTION_SAMPLE_SHUFFLE_TABLE43, - REJECTION_SAMPLE_SHUFFLE_TABLE44, - REJECTION_SAMPLE_SHUFFLE_TABLE45, - REJECTION_SAMPLE_SHUFFLE_TABLE46, - REJECTION_SAMPLE_SHUFFLE_TABLE47, - REJECTION_SAMPLE_SHUFFLE_TABLE48, - REJECTION_SAMPLE_SHUFFLE_TABLE49, - REJECTION_SAMPLE_SHUFFLE_TABLE50, - REJECTION_SAMPLE_SHUFFLE_TABLE51, - REJECTION_SAMPLE_SHUFFLE_TABLE52, - REJECTION_SAMPLE_SHUFFLE_TABLE53, - REJECTION_SAMPLE_SHUFFLE_TABLE54, - REJECTION_SAMPLE_SHUFFLE_TABLE55, - REJECTION_SAMPLE_SHUFFLE_TABLE56, - REJECTION_SAMPLE_SHUFFLE_TABLE57, - REJECTION_SAMPLE_SHUFFLE_TABLE58, - REJECTION_SAMPLE_SHUFFLE_TABLE59, - REJECTION_SAMPLE_SHUFFLE_TABLE60, - REJECTION_SAMPLE_SHUFFLE_TABLE61, - REJECTION_SAMPLE_SHUFFLE_TABLE62, - REJECTION_SAMPLE_SHUFFLE_TABLE63, - REJECTION_SAMPLE_SHUFFLE_TABLE64, - REJECTION_SAMPLE_SHUFFLE_TABLE65, - REJECTION_SAMPLE_SHUFFLE_TABLE66, - REJECTION_SAMPLE_SHUFFLE_TABLE67, - REJECTION_SAMPLE_SHUFFLE_TABLE68, - REJECTION_SAMPLE_SHUFFLE_TABLE69, - REJECTION_SAMPLE_SHUFFLE_TABLE70, - REJECTION_SAMPLE_SHUFFLE_TABLE71, - REJECTION_SAMPLE_SHUFFLE_TABLE72, - REJECTION_SAMPLE_SHUFFLE_TABLE73, - REJECTION_SAMPLE_SHUFFLE_TABLE74, - REJECTION_SAMPLE_SHUFFLE_TABLE75, - REJECTION_SAMPLE_SHUFFLE_TABLE76, - REJECTION_SAMPLE_SHUFFLE_TABLE77, - REJECTION_SAMPLE_SHUFFLE_TABLE78, - REJECTION_SAMPLE_SHUFFLE_TABLE79, - REJECTION_SAMPLE_SHUFFLE_TABLE80, - REJECTION_SAMPLE_SHUFFLE_TABLE81, - REJECTION_SAMPLE_SHUFFLE_TABLE82, - REJECTION_SAMPLE_SHUFFLE_TABLE83, - REJECTION_SAMPLE_SHUFFLE_TABLE84, - REJECTION_SAMPLE_SHUFFLE_TABLE85, - REJECTION_SAMPLE_SHUFFLE_TABLE86, - REJECTION_SAMPLE_SHUFFLE_TABLE87, - REJECTION_SAMPLE_SHUFFLE_TABLE88, - REJECTION_SAMPLE_SHUFFLE_TABLE89, - REJECTION_SAMPLE_SHUFFLE_TABLE90, - REJECTION_SAMPLE_SHUFFLE_TABLE91, - REJECTION_SAMPLE_SHUFFLE_TABLE92, - REJECTION_SAMPLE_SHUFFLE_TABLE93, - REJECTION_SAMPLE_SHUFFLE_TABLE94, - REJECTION_SAMPLE_SHUFFLE_TABLE95, - REJECTION_SAMPLE_SHUFFLE_TABLE96, - REJECTION_SAMPLE_SHUFFLE_TABLE97, - REJECTION_SAMPLE_SHUFFLE_TABLE98, - REJECTION_SAMPLE_SHUFFLE_TABLE99, - REJECTION_SAMPLE_SHUFFLE_TABLE100, - REJECTION_SAMPLE_SHUFFLE_TABLE101, - REJECTION_SAMPLE_SHUFFLE_TABLE102, - REJECTION_SAMPLE_SHUFFLE_TABLE103, - REJECTION_SAMPLE_SHUFFLE_TABLE104, - REJECTION_SAMPLE_SHUFFLE_TABLE105, - REJECTION_SAMPLE_SHUFFLE_TABLE106, - REJECTION_SAMPLE_SHUFFLE_TABLE107, - REJECTION_SAMPLE_SHUFFLE_TABLE108, - REJECTION_SAMPLE_SHUFFLE_TABLE109, - REJECTION_SAMPLE_SHUFFLE_TABLE110, - REJECTION_SAMPLE_SHUFFLE_TABLE111, - REJECTION_SAMPLE_SHUFFLE_TABLE112, - REJECTION_SAMPLE_SHUFFLE_TABLE113, - REJECTION_SAMPLE_SHUFFLE_TABLE114, - REJECTION_SAMPLE_SHUFFLE_TABLE115, - REJECTION_SAMPLE_SHUFFLE_TABLE116, - REJECTION_SAMPLE_SHUFFLE_TABLE117, - REJECTION_SAMPLE_SHUFFLE_TABLE118, - REJECTION_SAMPLE_SHUFFLE_TABLE119, - REJECTION_SAMPLE_SHUFFLE_TABLE120, - REJECTION_SAMPLE_SHUFFLE_TABLE121, - REJECTION_SAMPLE_SHUFFLE_TABLE122, - REJECTION_SAMPLE_SHUFFLE_TABLE123, - REJECTION_SAMPLE_SHUFFLE_TABLE124, - REJECTION_SAMPLE_SHUFFLE_TABLE125, - REJECTION_SAMPLE_SHUFFLE_TABLE126, - REJECTION_SAMPLE_SHUFFLE_TABLE127, - REJECTION_SAMPLE_SHUFFLE_TABLE128, - REJECTION_SAMPLE_SHUFFLE_TABLE129, - REJECTION_SAMPLE_SHUFFLE_TABLE130, - REJECTION_SAMPLE_SHUFFLE_TABLE131, - REJECTION_SAMPLE_SHUFFLE_TABLE132, - REJECTION_SAMPLE_SHUFFLE_TABLE133, - REJECTION_SAMPLE_SHUFFLE_TABLE134, - REJECTION_SAMPLE_SHUFFLE_TABLE135, - REJECTION_SAMPLE_SHUFFLE_TABLE136, - REJECTION_SAMPLE_SHUFFLE_TABLE137, - REJECTION_SAMPLE_SHUFFLE_TABLE138, - REJECTION_SAMPLE_SHUFFLE_TABLE139, - REJECTION_SAMPLE_SHUFFLE_TABLE140, - REJECTION_SAMPLE_SHUFFLE_TABLE141, - REJECTION_SAMPLE_SHUFFLE_TABLE142, - REJECTION_SAMPLE_SHUFFLE_TABLE143, - REJECTION_SAMPLE_SHUFFLE_TABLE144, - REJECTION_SAMPLE_SHUFFLE_TABLE145, - REJECTION_SAMPLE_SHUFFLE_TABLE146, - REJECTION_SAMPLE_SHUFFLE_TABLE147, - REJECTION_SAMPLE_SHUFFLE_TABLE148, - REJECTION_SAMPLE_SHUFFLE_TABLE149, - REJECTION_SAMPLE_SHUFFLE_TABLE150, - REJECTION_SAMPLE_SHUFFLE_TABLE151, - REJECTION_SAMPLE_SHUFFLE_TABLE152, - REJECTION_SAMPLE_SHUFFLE_TABLE153, - REJECTION_SAMPLE_SHUFFLE_TABLE154, - REJECTION_SAMPLE_SHUFFLE_TABLE155, - REJECTION_SAMPLE_SHUFFLE_TABLE156, - REJECTION_SAMPLE_SHUFFLE_TABLE157, - REJECTION_SAMPLE_SHUFFLE_TABLE158, - REJECTION_SAMPLE_SHUFFLE_TABLE159, - REJECTION_SAMPLE_SHUFFLE_TABLE160, - REJECTION_SAMPLE_SHUFFLE_TABLE161, - REJECTION_SAMPLE_SHUFFLE_TABLE162, - REJECTION_SAMPLE_SHUFFLE_TABLE163, - REJECTION_SAMPLE_SHUFFLE_TABLE164, - REJECTION_SAMPLE_SHUFFLE_TABLE165, - REJECTION_SAMPLE_SHUFFLE_TABLE166, - REJECTION_SAMPLE_SHUFFLE_TABLE167, - REJECTION_SAMPLE_SHUFFLE_TABLE168, - REJECTION_SAMPLE_SHUFFLE_TABLE169, - REJECTION_SAMPLE_SHUFFLE_TABLE170, - REJECTION_SAMPLE_SHUFFLE_TABLE171, - REJECTION_SAMPLE_SHUFFLE_TABLE172, - REJECTION_SAMPLE_SHUFFLE_TABLE173, - REJECTION_SAMPLE_SHUFFLE_TABLE174, - REJECTION_SAMPLE_SHUFFLE_TABLE175, - REJECTION_SAMPLE_SHUFFLE_TABLE176, - REJECTION_SAMPLE_SHUFFLE_TABLE177, - REJECTION_SAMPLE_SHUFFLE_TABLE178, - REJECTION_SAMPLE_SHUFFLE_TABLE179, - REJECTION_SAMPLE_SHUFFLE_TABLE180, - REJECTION_SAMPLE_SHUFFLE_TABLE181, - REJECTION_SAMPLE_SHUFFLE_TABLE182, - REJECTION_SAMPLE_SHUFFLE_TABLE183, - REJECTION_SAMPLE_SHUFFLE_TABLE184, - REJECTION_SAMPLE_SHUFFLE_TABLE185, - REJECTION_SAMPLE_SHUFFLE_TABLE186, - REJECTION_SAMPLE_SHUFFLE_TABLE187, - REJECTION_SAMPLE_SHUFFLE_TABLE188, - REJECTION_SAMPLE_SHUFFLE_TABLE189, - REJECTION_SAMPLE_SHUFFLE_TABLE190, - REJECTION_SAMPLE_SHUFFLE_TABLE191, - REJECTION_SAMPLE_SHUFFLE_TABLE192, - REJECTION_SAMPLE_SHUFFLE_TABLE193, - REJECTION_SAMPLE_SHUFFLE_TABLE194, - REJECTION_SAMPLE_SHUFFLE_TABLE195, - REJECTION_SAMPLE_SHUFFLE_TABLE196, - REJECTION_SAMPLE_SHUFFLE_TABLE197, - REJECTION_SAMPLE_SHUFFLE_TABLE198, - REJECTION_SAMPLE_SHUFFLE_TABLE199, - REJECTION_SAMPLE_SHUFFLE_TABLE200, - REJECTION_SAMPLE_SHUFFLE_TABLE201, - REJECTION_SAMPLE_SHUFFLE_TABLE202, - REJECTION_SAMPLE_SHUFFLE_TABLE203, - REJECTION_SAMPLE_SHUFFLE_TABLE204, - REJECTION_SAMPLE_SHUFFLE_TABLE205, - REJECTION_SAMPLE_SHUFFLE_TABLE206, - REJECTION_SAMPLE_SHUFFLE_TABLE207, - REJECTION_SAMPLE_SHUFFLE_TABLE208, - REJECTION_SAMPLE_SHUFFLE_TABLE209, - REJECTION_SAMPLE_SHUFFLE_TABLE210, - REJECTION_SAMPLE_SHUFFLE_TABLE211, - REJECTION_SAMPLE_SHUFFLE_TABLE212, - REJECTION_SAMPLE_SHUFFLE_TABLE213, - REJECTION_SAMPLE_SHUFFLE_TABLE214, - REJECTION_SAMPLE_SHUFFLE_TABLE215, - REJECTION_SAMPLE_SHUFFLE_TABLE216, - REJECTION_SAMPLE_SHUFFLE_TABLE217, - REJECTION_SAMPLE_SHUFFLE_TABLE218, - REJECTION_SAMPLE_SHUFFLE_TABLE219, - REJECTION_SAMPLE_SHUFFLE_TABLE220, - REJECTION_SAMPLE_SHUFFLE_TABLE221, - REJECTION_SAMPLE_SHUFFLE_TABLE222, - REJECTION_SAMPLE_SHUFFLE_TABLE223, - REJECTION_SAMPLE_SHUFFLE_TABLE224, - REJECTION_SAMPLE_SHUFFLE_TABLE225, - REJECTION_SAMPLE_SHUFFLE_TABLE226, - REJECTION_SAMPLE_SHUFFLE_TABLE227, - REJECTION_SAMPLE_SHUFFLE_TABLE228, - REJECTION_SAMPLE_SHUFFLE_TABLE229, - REJECTION_SAMPLE_SHUFFLE_TABLE230, - REJECTION_SAMPLE_SHUFFLE_TABLE231, - REJECTION_SAMPLE_SHUFFLE_TABLE232, - REJECTION_SAMPLE_SHUFFLE_TABLE233, - REJECTION_SAMPLE_SHUFFLE_TABLE234, - REJECTION_SAMPLE_SHUFFLE_TABLE235, - REJECTION_SAMPLE_SHUFFLE_TABLE236, - REJECTION_SAMPLE_SHUFFLE_TABLE237, - REJECTION_SAMPLE_SHUFFLE_TABLE238, - REJECTION_SAMPLE_SHUFFLE_TABLE239, - REJECTION_SAMPLE_SHUFFLE_TABLE240, - REJECTION_SAMPLE_SHUFFLE_TABLE241, - REJECTION_SAMPLE_SHUFFLE_TABLE242, - REJECTION_SAMPLE_SHUFFLE_TABLE243, - REJECTION_SAMPLE_SHUFFLE_TABLE244, - REJECTION_SAMPLE_SHUFFLE_TABLE245, - REJECTION_SAMPLE_SHUFFLE_TABLE246, - REJECTION_SAMPLE_SHUFFLE_TABLE247, - REJECTION_SAMPLE_SHUFFLE_TABLE248, - REJECTION_SAMPLE_SHUFFLE_TABLE249, - REJECTION_SAMPLE_SHUFFLE_TABLE250, - REJECTION_SAMPLE_SHUFFLE_TABLE251, - REJECTION_SAMPLE_SHUFFLE_TABLE252, - REJECTION_SAMPLE_SHUFFLE_TABLE253, - REJECTION_SAMPLE_SHUFFLE_TABLE254, - REJECTION_SAMPLE_SHUFFLE_TABLE255, -]; - #[inline(always)] pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index fa7468cc7..b377d543a 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -388,7 +388,8 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> Vec256 { #[inline(always)] pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { - let input = portable::from_i16_array(to_i16_array(SIMD256Vector { elements: vector })); + let array = to_i16_array(SIMD256Vector { elements: vector }); + let input = portable::from_i16_array(array); portable::serialize_11(input) } diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 5b7b011b4..a409ee1c2 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -5,7 +5,7 @@ use super::{Operations, FIELD_MODULUS}; // mod rejsample; mod simd128ops; -pub use simd128ops::SIMD128Vector; +pub(crate) use simd128ops::SIMD128Vector; use simd128ops::*; // This is an empty shell, calling into standalone functions in `simd128ops`. diff --git a/libcrux-ml-kem/src/vector/neon/rejsample.rs b/libcrux-ml-kem/src/vector/neon/rejsample.rs index 64e64a0dc..393762719 100644 --- a/libcrux-ml-kem/src/vector/neon/rejsample.rs +++ b/libcrux-ml-kem/src/vector/neon/rejsample.rs @@ -1,771 +1,7 @@ #![forbid(unsafe_code)] -use crate::neon::*; - -/// This table is taken from PQClean. It is used in rej_sample -// It implements the following logic: -// let mut index : [u8;16] = [0u8; 16]; -// let mut idx = 0; -// for i in 0..8 { -// if used > 0 { -// let next = used.trailing_zeros(); -// idx = idx + next; -// index[i*2] = (idx*2) as u8; -// index[i*2+1] = (idx*2 + 1) as u8; -// idx = idx + 1; -// used = used >> (next+1); -// } -// } -// let index_vec = unsafe { vld1q_u8(index.as_ptr() as *const u8) }; -// End of index table lookup calculation - -const IDX_TABLE: [[u8; 16]; 256] = [ - [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, - ], // 0 - [ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 1 - [ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 2 - [ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 3 - [ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 4 - [ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 5 - [ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 6 - [ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 7 - [ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 8 - [ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 9 - [ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 10 - [ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 11 - [ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 12 - [ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 13 - [ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 14 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 15 - [ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 16 - [ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 17 - [ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 18 - [ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 19 - [ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 20 - [ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 21 - [ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 22 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 23 - [ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 24 - [ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 25 - [ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 26 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 27 - [ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 28 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 29 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 30 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 31 - [ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 32 - [ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 33 - [ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 34 - [ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 35 - [ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 36 - [ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 37 - [ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 38 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 39 - [ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 40 - [ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 41 - [ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 42 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 43 - [ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 44 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 45 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 46 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 47 - [ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 48 - [ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 49 - [ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 50 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 51 - [ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 52 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 53 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 54 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 55 - [ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 56 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 57 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 58 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 59 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 60 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 61 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 62 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], // 63 - [ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 64 - [ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 65 - [ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 66 - [ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 67 - [ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 68 - [ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 69 - [ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 70 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 71 - [ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 72 - [ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 73 - [ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 74 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 75 - [ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 76 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 77 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 78 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 79 - [ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 80 - [ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 81 - [ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 82 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 83 - [ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 84 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 85 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 86 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 87 - [ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 88 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 89 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 90 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 91 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 92 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 93 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 94 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], // 95 - [ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 96 - [ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 97 - [ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 98 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 99 - [ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 100 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 101 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 102 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 103 - [ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 104 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 105 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 106 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 107 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 108 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 109 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 110 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 111 - [ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 112 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 113 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 114 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 115 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 116 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 117 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 118 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 119 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 120 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 121 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 122 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 123 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 124 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 125 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 126 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], // 127 - [ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 128 - [ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 129 - [ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 130 - [ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 131 - [ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 132 - [ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 133 - [ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 134 - [ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 135 - [ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 136 - [ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 137 - [ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 138 - [ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 139 - [ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 140 - [ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 141 - [ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 142 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 143 - [ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 144 - [ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 145 - [ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 146 - [ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 147 - [ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 148 - [ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 149 - [ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 150 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 151 - [ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 152 - [ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 153 - [ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 154 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 155 - [ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 156 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 157 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 158 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], // 159 - [ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 160 - [ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 161 - [ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 162 - [ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 163 - [ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 164 - [ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 165 - [ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 166 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 167 - [ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 168 - [ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 169 - [ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 170 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 171 - [ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 172 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 173 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 174 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 175 - [ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 176 - [ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 177 - [ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 178 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 179 - [ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 180 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 181 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 182 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 183 - [ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 184 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 185 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 186 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 187 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 188 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 189 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 190 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], // 191 - [ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 192 - [ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 193 - [ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 194 - [ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 195 - [ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 196 - [ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 197 - [ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 198 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 199 - [ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 200 - [ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 201 - [ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 202 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 203 - [ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 204 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 205 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 206 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 207 - [ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 208 - [ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 209 - [ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 210 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 211 - [ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 212 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 213 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 214 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 215 - [ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 216 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 217 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 218 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 219 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 220 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 221 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 222 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], // 223 - [ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 224 - [ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 225 - [ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 226 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 227 - [ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 228 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 229 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 230 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 231 - [ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 232 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 233 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 234 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 235 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 236 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 237 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 238 - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 239 - [ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 240 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 241 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 242 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 243 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 244 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 245 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 246 - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 247 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 248 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 249 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 250 - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 251 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 252 - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 253 - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 254 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], // 255 -]; +use super::intrinsics::*; +use crate::vector::rej_sample_table::REJECTION_SAMPLE_SHUFFLE_TABLE; #[inline(always)] pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { @@ -784,13 +20,13 @@ pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { let pick1 = used1.count_ones(); // XXX: the indices used0 and used1 must be < 256. - let index_vec0 = _vld1q_u8(&IDX_TABLE[(used0 as u8) as usize]); + let index_vec0 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used0 as u8) as usize]); let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); - let index_vec1 = _vld1q_u8(&IDX_TABLE[(used1 as u8) as usize]); + let index_vec1 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used1 as u8) as usize]); let shifted1 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); - let idx0 = usize::try_from(pick0).unwrap(); + let idx0 = pick0 as usize; _vst1q_s16(&mut out[0..8], shifted0); _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); (pick0 + pick1) as usize diff --git a/libcrux-ml-kem/src/vector/neon/simd128ops.rs b/libcrux-ml-kem/src/vector/neon/simd128ops.rs index 132d813d9..2bb4800c1 100644 --- a/libcrux-ml-kem/src/vector/neon/simd128ops.rs +++ b/libcrux-ml-kem/src/vector/neon/simd128ops.rs @@ -1,5 +1,3 @@ -#![forbid(unsafe_code)] - use crate::vector::traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; use super::FIELD_MODULUS; @@ -7,8 +5,8 @@ use libcrux_intrinsics::arm64::*; #[derive(Clone, Copy)] pub struct SIMD128Vector { - pub low: int16x8_t, - pub high: int16x8_t, + pub low: _int16x8_t, + pub high: _int16x8_t, } #[allow(non_snake_case)] @@ -96,7 +94,7 @@ pub(crate) fn cond_subtract_3329(mut v: SIMD128Vector) -> SIMD128Vector { const BARRETT_MULTIPLIER: i16 = 20159; #[inline(always)] -fn barrett_reduce_int16x8_t(v: int16x8_t) -> int16x8_t { +fn barrett_reduce_int16x8_t(v: _int16x8_t) -> _int16x8_t { //let pv = crate::simd::portable::from_i16_array(to_i16_array(v)); //from_i16_array(crate::simd::portable::to_i16_array(crate::simd::portable::barrett_reduce(pv))) @@ -129,7 +127,7 @@ pub(crate) fn barrett_reduce(mut v: SIMD128Vector) -> SIMD128Vector { } #[inline(always)] -fn montgomery_reduce_int16x8_t(low: int16x8_t, high: int16x8_t) -> int16x8_t { +fn montgomery_reduce_int16x8_t(low: _int16x8_t, high: _int16x8_t) -> _int16x8_t { // This is what we are trying to do in portable: // let k = low as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); @@ -145,7 +143,7 @@ fn montgomery_reduce_int16x8_t(low: int16x8_t, high: int16x8_t) -> int16x8_t { } #[inline(always)] -fn montgomery_multiply_by_constant_int16x8_t(v: int16x8_t, c: i16) -> int16x8_t { +fn montgomery_multiply_by_constant_int16x8_t(v: _int16x8_t, c: i16) -> _int16x8_t { // This is what we are trying to do in portable: // let value = v as i16 * c // let k = (value as i16) as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; @@ -160,7 +158,7 @@ fn montgomery_multiply_by_constant_int16x8_t(v: int16x8_t, c: i16) -> int16x8_t } #[inline(always)] -fn montgomery_multiply_int16x8_t(v: int16x8_t, c: int16x8_t) -> int16x8_t { +fn montgomery_multiply_int16x8_t(v: _int16x8_t, c: _int16x8_t) -> _int16x8_t { // This is what we are trying to do in portable: // let value = v as i16 * c // let k = (value as i16) as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; @@ -224,7 +222,7 @@ fn mask_n_least_significant_bits(coefficient_bits: i16) -> i16 { } #[inline(always)] -fn compress_int32x4_t(v: uint32x4_t) -> uint32x4_t { +fn compress_int32x4_t(v: _uint32x4_t) -> _uint32x4_t { // This is what we are trying to do in portable: // let mut compressed = (fe as u64) << coefficient_bits; // compressed += 1664 as u64; @@ -273,7 +271,7 @@ pub(crate) fn compress(mut v: SIMD128Vector) -> SIM } #[inline(always)] -fn decompress_uint32x4_t(v: uint32x4_t) -> uint32x4_t { +fn decompress_uint32x4_t(v: _uint32x4_t) -> _uint32x4_t { let coeff = _vdupq_n_u32(1 << (COEFFICIENT_BITS - 1)); let decompressed = _vmulq_n_u32(v, FIELD_MODULUS as u32); let decompressed = _vaddq_u32(decompressed, coeff); diff --git a/libcrux-ml-kem/src/vector/rej_sample_table.rs b/libcrux-ml-kem/src/vector/rej_sample_table.rs new file mode 100644 index 000000000..c096be3f2 --- /dev/null +++ b/libcrux-ml-kem/src/vector/rej_sample_table.rs @@ -0,0 +1,1034 @@ +// This table is taken from PQClean. It is used in rej_sample +// It implements the following logic: +// let mut index : [u8;16] = [0u8; 16]; +// let mut idx = 0; +// for i in 0..8 { +// if used > 0 { +// let next = used.trailing_zeros(); +// idx = idx + next; +// index[i*2] = (idx*2) as u8; +// index[i*2+1] = (idx*2 + 1) as u8; +// idx = idx + 1; +// used = used >> (next+1); +// } +// } +// let index_vec = unsafe { vld1q_u8(index.as_ptr() as *const u8) }; +// End of index table lookup calculation + +// XXX: Eurydice can't handle the multi-dimensional array. So we construct it in +// two steps. +const REJECTION_SAMPLE_SHUFFLE_TABLE0: [u8; 16] = [ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE1: [u8; 16] = [ + 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE2: [u8; 16] = [ + 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE3: [u8; 16] = [ + 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE4: [u8; 16] = [ + 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE5: [u8; 16] = [ + 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE6: [u8; 16] = [ + 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE7: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE8: [u8; 16] = [ + 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE9: [u8; 16] = [ + 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE10: [u8; 16] = [ + 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE11: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE12: [u8; 16] = [ + 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE13: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE14: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE15: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE16: [u8; 16] = [ + 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE17: [u8; 16] = [ + 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE18: [u8; 16] = [ + 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE19: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE20: [u8; 16] = [ + 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE21: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE22: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE23: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE24: [u8; 16] = [ + 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE25: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE26: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE27: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE28: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE29: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE30: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE31: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE32: [u8; 16] = [ + 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE33: [u8; 16] = [ + 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE34: [u8; 16] = [ + 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE35: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE36: [u8; 16] = [ + 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE37: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE38: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE39: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE40: [u8; 16] = [ + 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE41: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE42: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE43: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE44: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE45: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE46: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE47: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE48: [u8; 16] = [ + 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE49: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE50: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE51: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE52: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE53: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE54: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE55: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE56: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE57: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE58: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE59: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE60: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE61: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE62: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE63: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE64: [u8; 16] = [ + 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE65: [u8; 16] = [ + 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE66: [u8; 16] = [ + 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE67: [u8; 16] = [ + 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE68: [u8; 16] = [ + 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE69: [u8; 16] = [ + 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE70: [u8; 16] = [ + 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE71: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE72: [u8; 16] = [ + 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE73: [u8; 16] = [ + 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE74: [u8; 16] = [ + 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE75: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE76: [u8; 16] = [ + 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE77: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE78: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE79: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE80: [u8; 16] = [ + 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE81: [u8; 16] = [ + 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE82: [u8; 16] = [ + 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE83: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE84: [u8; 16] = [ + 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE85: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE86: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE87: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE88: [u8; 16] = [ + 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE89: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE90: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE91: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE92: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE93: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE94: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE95: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE96: [u8; 16] = [ + 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE97: [u8; 16] = [ + 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE98: [u8; 16] = [ + 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE99: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE100: [u8; 16] = [ + 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE101: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE102: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE103: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE104: [u8; 16] = [ + 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE105: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE106: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE107: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE108: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE109: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE110: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE111: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE112: [u8; 16] = [ + 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE113: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE114: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE115: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE116: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE117: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE118: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE119: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE120: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE121: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE122: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE123: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE124: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE125: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE126: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE127: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE128: [u8; 16] = [ + 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE129: [u8; 16] = [ + 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE130: [u8; 16] = [ + 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE131: [u8; 16] = [ + 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE132: [u8; 16] = [ + 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE133: [u8; 16] = [ + 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE134: [u8; 16] = [ + 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE135: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE136: [u8; 16] = [ + 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE137: [u8; 16] = [ + 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE138: [u8; 16] = [ + 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE139: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE140: [u8; 16] = [ + 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE141: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE142: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE143: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE144: [u8; 16] = [ + 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE145: [u8; 16] = [ + 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE146: [u8; 16] = [ + 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE147: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE148: [u8; 16] = [ + 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE149: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE150: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE151: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE152: [u8; 16] = [ + 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE153: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE154: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE155: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE156: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE157: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE158: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE159: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE160: [u8; 16] = [ + 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE161: [u8; 16] = [ + 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE162: [u8; 16] = [ + 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE163: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE164: [u8; 16] = [ + 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE165: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE166: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE167: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE168: [u8; 16] = [ + 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE169: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE170: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE171: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE172: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE173: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE174: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE175: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE176: [u8; 16] = [ + 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE177: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE178: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE179: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE180: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE181: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE182: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE183: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE184: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE185: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE186: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE187: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE188: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE189: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE190: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE191: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE192: [u8; 16] = [ + 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE193: [u8; 16] = [ + 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE194: [u8; 16] = [ + 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE195: [u8; 16] = [ + 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE196: [u8; 16] = [ + 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE197: [u8; 16] = [ + 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE198: [u8; 16] = [ + 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE199: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE200: [u8; 16] = [ + 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE201: [u8; 16] = [ + 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE202: [u8; 16] = [ + 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE203: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE204: [u8; 16] = [ + 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE205: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE206: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE207: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE208: [u8; 16] = [ + 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE209: [u8; 16] = [ + 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE210: [u8; 16] = [ + 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE211: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE212: [u8; 16] = [ + 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE213: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE214: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE215: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE216: [u8; 16] = [ + 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE217: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE218: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE219: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE220: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE221: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE222: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE223: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE224: [u8; 16] = [ + 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE225: [u8; 16] = [ + 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE226: [u8; 16] = [ + 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE227: [u8; 16] = [ + 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE228: [u8; 16] = [ + 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE229: [u8; 16] = [ + 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE230: [u8; 16] = [ + 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE231: [u8; 16] = [ + 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE232: [u8; 16] = [ + 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE233: [u8; 16] = [ + 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE234: [u8; 16] = [ + 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE235: [u8; 16] = [ + 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE236: [u8; 16] = [ + 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE237: [u8; 16] = [ + 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE238: [u8; 16] = [ + 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE239: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE240: [u8; 16] = [ + 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE241: [u8; 16] = [ + 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE242: [u8; 16] = [ + 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE243: [u8; 16] = [ + 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE244: [u8; 16] = [ + 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE245: [u8; 16] = [ + 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE246: [u8; 16] = [ + 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE247: [u8; 16] = + [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE248: [u8; 16] = [ + 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE249: [u8; 16] = [ + 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE250: [u8; 16] = [ + 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE251: [u8; 16] = + [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE252: [u8; 16] = [ + 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, +]; +const REJECTION_SAMPLE_SHUFFLE_TABLE253: [u8; 16] = + [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE254: [u8; 16] = + [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; +const REJECTION_SAMPLE_SHUFFLE_TABLE255: [u8; 16] = + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; + +pub(super) const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ + REJECTION_SAMPLE_SHUFFLE_TABLE0, + REJECTION_SAMPLE_SHUFFLE_TABLE1, + REJECTION_SAMPLE_SHUFFLE_TABLE2, + REJECTION_SAMPLE_SHUFFLE_TABLE3, + REJECTION_SAMPLE_SHUFFLE_TABLE4, + REJECTION_SAMPLE_SHUFFLE_TABLE5, + REJECTION_SAMPLE_SHUFFLE_TABLE6, + REJECTION_SAMPLE_SHUFFLE_TABLE7, + REJECTION_SAMPLE_SHUFFLE_TABLE8, + REJECTION_SAMPLE_SHUFFLE_TABLE9, + REJECTION_SAMPLE_SHUFFLE_TABLE10, + REJECTION_SAMPLE_SHUFFLE_TABLE11, + REJECTION_SAMPLE_SHUFFLE_TABLE12, + REJECTION_SAMPLE_SHUFFLE_TABLE13, + REJECTION_SAMPLE_SHUFFLE_TABLE14, + REJECTION_SAMPLE_SHUFFLE_TABLE15, + REJECTION_SAMPLE_SHUFFLE_TABLE16, + REJECTION_SAMPLE_SHUFFLE_TABLE17, + REJECTION_SAMPLE_SHUFFLE_TABLE18, + REJECTION_SAMPLE_SHUFFLE_TABLE19, + REJECTION_SAMPLE_SHUFFLE_TABLE20, + REJECTION_SAMPLE_SHUFFLE_TABLE21, + REJECTION_SAMPLE_SHUFFLE_TABLE22, + REJECTION_SAMPLE_SHUFFLE_TABLE23, + REJECTION_SAMPLE_SHUFFLE_TABLE24, + REJECTION_SAMPLE_SHUFFLE_TABLE25, + REJECTION_SAMPLE_SHUFFLE_TABLE26, + REJECTION_SAMPLE_SHUFFLE_TABLE27, + REJECTION_SAMPLE_SHUFFLE_TABLE28, + REJECTION_SAMPLE_SHUFFLE_TABLE29, + REJECTION_SAMPLE_SHUFFLE_TABLE30, + REJECTION_SAMPLE_SHUFFLE_TABLE31, + REJECTION_SAMPLE_SHUFFLE_TABLE32, + REJECTION_SAMPLE_SHUFFLE_TABLE33, + REJECTION_SAMPLE_SHUFFLE_TABLE34, + REJECTION_SAMPLE_SHUFFLE_TABLE35, + REJECTION_SAMPLE_SHUFFLE_TABLE36, + REJECTION_SAMPLE_SHUFFLE_TABLE37, + REJECTION_SAMPLE_SHUFFLE_TABLE38, + REJECTION_SAMPLE_SHUFFLE_TABLE39, + REJECTION_SAMPLE_SHUFFLE_TABLE40, + REJECTION_SAMPLE_SHUFFLE_TABLE41, + REJECTION_SAMPLE_SHUFFLE_TABLE42, + REJECTION_SAMPLE_SHUFFLE_TABLE43, + REJECTION_SAMPLE_SHUFFLE_TABLE44, + REJECTION_SAMPLE_SHUFFLE_TABLE45, + REJECTION_SAMPLE_SHUFFLE_TABLE46, + REJECTION_SAMPLE_SHUFFLE_TABLE47, + REJECTION_SAMPLE_SHUFFLE_TABLE48, + REJECTION_SAMPLE_SHUFFLE_TABLE49, + REJECTION_SAMPLE_SHUFFLE_TABLE50, + REJECTION_SAMPLE_SHUFFLE_TABLE51, + REJECTION_SAMPLE_SHUFFLE_TABLE52, + REJECTION_SAMPLE_SHUFFLE_TABLE53, + REJECTION_SAMPLE_SHUFFLE_TABLE54, + REJECTION_SAMPLE_SHUFFLE_TABLE55, + REJECTION_SAMPLE_SHUFFLE_TABLE56, + REJECTION_SAMPLE_SHUFFLE_TABLE57, + REJECTION_SAMPLE_SHUFFLE_TABLE58, + REJECTION_SAMPLE_SHUFFLE_TABLE59, + REJECTION_SAMPLE_SHUFFLE_TABLE60, + REJECTION_SAMPLE_SHUFFLE_TABLE61, + REJECTION_SAMPLE_SHUFFLE_TABLE62, + REJECTION_SAMPLE_SHUFFLE_TABLE63, + REJECTION_SAMPLE_SHUFFLE_TABLE64, + REJECTION_SAMPLE_SHUFFLE_TABLE65, + REJECTION_SAMPLE_SHUFFLE_TABLE66, + REJECTION_SAMPLE_SHUFFLE_TABLE67, + REJECTION_SAMPLE_SHUFFLE_TABLE68, + REJECTION_SAMPLE_SHUFFLE_TABLE69, + REJECTION_SAMPLE_SHUFFLE_TABLE70, + REJECTION_SAMPLE_SHUFFLE_TABLE71, + REJECTION_SAMPLE_SHUFFLE_TABLE72, + REJECTION_SAMPLE_SHUFFLE_TABLE73, + REJECTION_SAMPLE_SHUFFLE_TABLE74, + REJECTION_SAMPLE_SHUFFLE_TABLE75, + REJECTION_SAMPLE_SHUFFLE_TABLE76, + REJECTION_SAMPLE_SHUFFLE_TABLE77, + REJECTION_SAMPLE_SHUFFLE_TABLE78, + REJECTION_SAMPLE_SHUFFLE_TABLE79, + REJECTION_SAMPLE_SHUFFLE_TABLE80, + REJECTION_SAMPLE_SHUFFLE_TABLE81, + REJECTION_SAMPLE_SHUFFLE_TABLE82, + REJECTION_SAMPLE_SHUFFLE_TABLE83, + REJECTION_SAMPLE_SHUFFLE_TABLE84, + REJECTION_SAMPLE_SHUFFLE_TABLE85, + REJECTION_SAMPLE_SHUFFLE_TABLE86, + REJECTION_SAMPLE_SHUFFLE_TABLE87, + REJECTION_SAMPLE_SHUFFLE_TABLE88, + REJECTION_SAMPLE_SHUFFLE_TABLE89, + REJECTION_SAMPLE_SHUFFLE_TABLE90, + REJECTION_SAMPLE_SHUFFLE_TABLE91, + REJECTION_SAMPLE_SHUFFLE_TABLE92, + REJECTION_SAMPLE_SHUFFLE_TABLE93, + REJECTION_SAMPLE_SHUFFLE_TABLE94, + REJECTION_SAMPLE_SHUFFLE_TABLE95, + REJECTION_SAMPLE_SHUFFLE_TABLE96, + REJECTION_SAMPLE_SHUFFLE_TABLE97, + REJECTION_SAMPLE_SHUFFLE_TABLE98, + REJECTION_SAMPLE_SHUFFLE_TABLE99, + REJECTION_SAMPLE_SHUFFLE_TABLE100, + REJECTION_SAMPLE_SHUFFLE_TABLE101, + REJECTION_SAMPLE_SHUFFLE_TABLE102, + REJECTION_SAMPLE_SHUFFLE_TABLE103, + REJECTION_SAMPLE_SHUFFLE_TABLE104, + REJECTION_SAMPLE_SHUFFLE_TABLE105, + REJECTION_SAMPLE_SHUFFLE_TABLE106, + REJECTION_SAMPLE_SHUFFLE_TABLE107, + REJECTION_SAMPLE_SHUFFLE_TABLE108, + REJECTION_SAMPLE_SHUFFLE_TABLE109, + REJECTION_SAMPLE_SHUFFLE_TABLE110, + REJECTION_SAMPLE_SHUFFLE_TABLE111, + REJECTION_SAMPLE_SHUFFLE_TABLE112, + REJECTION_SAMPLE_SHUFFLE_TABLE113, + REJECTION_SAMPLE_SHUFFLE_TABLE114, + REJECTION_SAMPLE_SHUFFLE_TABLE115, + REJECTION_SAMPLE_SHUFFLE_TABLE116, + REJECTION_SAMPLE_SHUFFLE_TABLE117, + REJECTION_SAMPLE_SHUFFLE_TABLE118, + REJECTION_SAMPLE_SHUFFLE_TABLE119, + REJECTION_SAMPLE_SHUFFLE_TABLE120, + REJECTION_SAMPLE_SHUFFLE_TABLE121, + REJECTION_SAMPLE_SHUFFLE_TABLE122, + REJECTION_SAMPLE_SHUFFLE_TABLE123, + REJECTION_SAMPLE_SHUFFLE_TABLE124, + REJECTION_SAMPLE_SHUFFLE_TABLE125, + REJECTION_SAMPLE_SHUFFLE_TABLE126, + REJECTION_SAMPLE_SHUFFLE_TABLE127, + REJECTION_SAMPLE_SHUFFLE_TABLE128, + REJECTION_SAMPLE_SHUFFLE_TABLE129, + REJECTION_SAMPLE_SHUFFLE_TABLE130, + REJECTION_SAMPLE_SHUFFLE_TABLE131, + REJECTION_SAMPLE_SHUFFLE_TABLE132, + REJECTION_SAMPLE_SHUFFLE_TABLE133, + REJECTION_SAMPLE_SHUFFLE_TABLE134, + REJECTION_SAMPLE_SHUFFLE_TABLE135, + REJECTION_SAMPLE_SHUFFLE_TABLE136, + REJECTION_SAMPLE_SHUFFLE_TABLE137, + REJECTION_SAMPLE_SHUFFLE_TABLE138, + REJECTION_SAMPLE_SHUFFLE_TABLE139, + REJECTION_SAMPLE_SHUFFLE_TABLE140, + REJECTION_SAMPLE_SHUFFLE_TABLE141, + REJECTION_SAMPLE_SHUFFLE_TABLE142, + REJECTION_SAMPLE_SHUFFLE_TABLE143, + REJECTION_SAMPLE_SHUFFLE_TABLE144, + REJECTION_SAMPLE_SHUFFLE_TABLE145, + REJECTION_SAMPLE_SHUFFLE_TABLE146, + REJECTION_SAMPLE_SHUFFLE_TABLE147, + REJECTION_SAMPLE_SHUFFLE_TABLE148, + REJECTION_SAMPLE_SHUFFLE_TABLE149, + REJECTION_SAMPLE_SHUFFLE_TABLE150, + REJECTION_SAMPLE_SHUFFLE_TABLE151, + REJECTION_SAMPLE_SHUFFLE_TABLE152, + REJECTION_SAMPLE_SHUFFLE_TABLE153, + REJECTION_SAMPLE_SHUFFLE_TABLE154, + REJECTION_SAMPLE_SHUFFLE_TABLE155, + REJECTION_SAMPLE_SHUFFLE_TABLE156, + REJECTION_SAMPLE_SHUFFLE_TABLE157, + REJECTION_SAMPLE_SHUFFLE_TABLE158, + REJECTION_SAMPLE_SHUFFLE_TABLE159, + REJECTION_SAMPLE_SHUFFLE_TABLE160, + REJECTION_SAMPLE_SHUFFLE_TABLE161, + REJECTION_SAMPLE_SHUFFLE_TABLE162, + REJECTION_SAMPLE_SHUFFLE_TABLE163, + REJECTION_SAMPLE_SHUFFLE_TABLE164, + REJECTION_SAMPLE_SHUFFLE_TABLE165, + REJECTION_SAMPLE_SHUFFLE_TABLE166, + REJECTION_SAMPLE_SHUFFLE_TABLE167, + REJECTION_SAMPLE_SHUFFLE_TABLE168, + REJECTION_SAMPLE_SHUFFLE_TABLE169, + REJECTION_SAMPLE_SHUFFLE_TABLE170, + REJECTION_SAMPLE_SHUFFLE_TABLE171, + REJECTION_SAMPLE_SHUFFLE_TABLE172, + REJECTION_SAMPLE_SHUFFLE_TABLE173, + REJECTION_SAMPLE_SHUFFLE_TABLE174, + REJECTION_SAMPLE_SHUFFLE_TABLE175, + REJECTION_SAMPLE_SHUFFLE_TABLE176, + REJECTION_SAMPLE_SHUFFLE_TABLE177, + REJECTION_SAMPLE_SHUFFLE_TABLE178, + REJECTION_SAMPLE_SHUFFLE_TABLE179, + REJECTION_SAMPLE_SHUFFLE_TABLE180, + REJECTION_SAMPLE_SHUFFLE_TABLE181, + REJECTION_SAMPLE_SHUFFLE_TABLE182, + REJECTION_SAMPLE_SHUFFLE_TABLE183, + REJECTION_SAMPLE_SHUFFLE_TABLE184, + REJECTION_SAMPLE_SHUFFLE_TABLE185, + REJECTION_SAMPLE_SHUFFLE_TABLE186, + REJECTION_SAMPLE_SHUFFLE_TABLE187, + REJECTION_SAMPLE_SHUFFLE_TABLE188, + REJECTION_SAMPLE_SHUFFLE_TABLE189, + REJECTION_SAMPLE_SHUFFLE_TABLE190, + REJECTION_SAMPLE_SHUFFLE_TABLE191, + REJECTION_SAMPLE_SHUFFLE_TABLE192, + REJECTION_SAMPLE_SHUFFLE_TABLE193, + REJECTION_SAMPLE_SHUFFLE_TABLE194, + REJECTION_SAMPLE_SHUFFLE_TABLE195, + REJECTION_SAMPLE_SHUFFLE_TABLE196, + REJECTION_SAMPLE_SHUFFLE_TABLE197, + REJECTION_SAMPLE_SHUFFLE_TABLE198, + REJECTION_SAMPLE_SHUFFLE_TABLE199, + REJECTION_SAMPLE_SHUFFLE_TABLE200, + REJECTION_SAMPLE_SHUFFLE_TABLE201, + REJECTION_SAMPLE_SHUFFLE_TABLE202, + REJECTION_SAMPLE_SHUFFLE_TABLE203, + REJECTION_SAMPLE_SHUFFLE_TABLE204, + REJECTION_SAMPLE_SHUFFLE_TABLE205, + REJECTION_SAMPLE_SHUFFLE_TABLE206, + REJECTION_SAMPLE_SHUFFLE_TABLE207, + REJECTION_SAMPLE_SHUFFLE_TABLE208, + REJECTION_SAMPLE_SHUFFLE_TABLE209, + REJECTION_SAMPLE_SHUFFLE_TABLE210, + REJECTION_SAMPLE_SHUFFLE_TABLE211, + REJECTION_SAMPLE_SHUFFLE_TABLE212, + REJECTION_SAMPLE_SHUFFLE_TABLE213, + REJECTION_SAMPLE_SHUFFLE_TABLE214, + REJECTION_SAMPLE_SHUFFLE_TABLE215, + REJECTION_SAMPLE_SHUFFLE_TABLE216, + REJECTION_SAMPLE_SHUFFLE_TABLE217, + REJECTION_SAMPLE_SHUFFLE_TABLE218, + REJECTION_SAMPLE_SHUFFLE_TABLE219, + REJECTION_SAMPLE_SHUFFLE_TABLE220, + REJECTION_SAMPLE_SHUFFLE_TABLE221, + REJECTION_SAMPLE_SHUFFLE_TABLE222, + REJECTION_SAMPLE_SHUFFLE_TABLE223, + REJECTION_SAMPLE_SHUFFLE_TABLE224, + REJECTION_SAMPLE_SHUFFLE_TABLE225, + REJECTION_SAMPLE_SHUFFLE_TABLE226, + REJECTION_SAMPLE_SHUFFLE_TABLE227, + REJECTION_SAMPLE_SHUFFLE_TABLE228, + REJECTION_SAMPLE_SHUFFLE_TABLE229, + REJECTION_SAMPLE_SHUFFLE_TABLE230, + REJECTION_SAMPLE_SHUFFLE_TABLE231, + REJECTION_SAMPLE_SHUFFLE_TABLE232, + REJECTION_SAMPLE_SHUFFLE_TABLE233, + REJECTION_SAMPLE_SHUFFLE_TABLE234, + REJECTION_SAMPLE_SHUFFLE_TABLE235, + REJECTION_SAMPLE_SHUFFLE_TABLE236, + REJECTION_SAMPLE_SHUFFLE_TABLE237, + REJECTION_SAMPLE_SHUFFLE_TABLE238, + REJECTION_SAMPLE_SHUFFLE_TABLE239, + REJECTION_SAMPLE_SHUFFLE_TABLE240, + REJECTION_SAMPLE_SHUFFLE_TABLE241, + REJECTION_SAMPLE_SHUFFLE_TABLE242, + REJECTION_SAMPLE_SHUFFLE_TABLE243, + REJECTION_SAMPLE_SHUFFLE_TABLE244, + REJECTION_SAMPLE_SHUFFLE_TABLE245, + REJECTION_SAMPLE_SHUFFLE_TABLE246, + REJECTION_SAMPLE_SHUFFLE_TABLE247, + REJECTION_SAMPLE_SHUFFLE_TABLE248, + REJECTION_SAMPLE_SHUFFLE_TABLE249, + REJECTION_SAMPLE_SHUFFLE_TABLE250, + REJECTION_SAMPLE_SHUFFLE_TABLE251, + REJECTION_SAMPLE_SHUFFLE_TABLE252, + REJECTION_SAMPLE_SHUFFLE_TABLE253, + REJECTION_SAMPLE_SHUFFLE_TABLE254, + REJECTION_SAMPLE_SHUFFLE_TABLE255, +]; From 61271919748e337a61ee94ffd35aa51665a9aa67 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 28 May 2024 11:29:14 +0200 Subject: [PATCH 32/94] update extraction --- libcrux-intrinsics/build.rs | 26 ++++++++++++++++---------- libcrux-ml-kem/c.sh | 2 +- libcrux-ml-kem/c.yaml | 17 +++++++++++------ 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/libcrux-intrinsics/build.rs b/libcrux-intrinsics/build.rs index ef1138666..91a6fae70 100644 --- a/libcrux-intrinsics/build.rs +++ b/libcrux-intrinsics/build.rs @@ -2,21 +2,20 @@ use std::env; fn main() { let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); - let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; + let disable_simd128 = read_env("LIBCRUX_DISABLE_SIMD128"); + let disable_simd256 = read_env("LIBCRUX_DISABLE_SIMD256"); - let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; + // Force a simd build. Make sure you know what you're doing. + let enable_simd128 = read_env("LIBCRUX_ENABLE_SIMD128"); + let enable_simd256 = read_env("LIBCRUX_ENABLE_SIMD256"); - if target_arch == "aarch64" && !disable_simd128 { + let simd128_possible = target_arch == "aarch64"; + if (simd128_possible || enable_simd128) && !disable_simd128 { // We enable simd128 on all aarch64 builds. println!("cargo:rustc-cfg=feature=\"simd128\""); } - if target_arch == "x86_64" && !disable_simd256 { + let simd126_possible = target_arch == "x86_64"; + if (simd126_possible || enable_simd256) && !disable_simd256 { // We enable simd256 on all x86_64 builds. // Note that this doesn't mean the required CPU features are available. // But the compiler will support them and the runtime checks ensure that @@ -26,3 +25,10 @@ fn main() { println!("cargo:rustc-cfg=feature=\"simd256\""); } } + +fn read_env(key: &str) -> bool { + match env::var(key) { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + } +} diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 51eb6f233..e42e39549 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -36,7 +36,7 @@ fi if [[ "$no_charon" = 0 ]]; then echo "Running charon ..." - LIBCRUX_ENABLE_SIMD128=1 LIBCRUX_ENABLE_SIMD256=1 RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings + RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings else echo "Skipping charon" fi diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 2afc70837..04062337f 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,8 +1,19 @@ files: + # Different crate - name: libcrux_sha3 api: - [libcrux_sha3, "*"] + # Different crate + - name: libcrux_intrinsics_neon + api: + - [libcrux_intrinsics, arm64] + + # Different crate + - name: libcrux_intrinsics_avx2 + api: + - [libcrux_intrinsics, avx2] + # - name: libcrux_mlkem_sha3_neon # specialized_over_trait_impl: # - [libcrux_ml_kem, hash_functions, neon, "*"] @@ -29,12 +40,6 @@ files: api: - [libcrux_ml_kem, vector, neon, intrinsics] - - name: libcrux_avx2_intrinsics - library: true - # inline_static: true - api: - - [libcrux_ml_kem, vector, avx2, intrinsics_extraction] - - name: libcrux_mlkem_vector api: - [libcrux_ml_kem, vector, traits] From 4c90f8e84f06221441d9afb3448a7c34d0b33d41 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 11:41:39 +0200 Subject: [PATCH 33/94] externalize more intrinsics --- libcrux-intrinsics/src/avx2.rs | 374 ++++++++++++++++++++++++++++-- libcrux-ml-kem/src/vector/avx2.rs | 14 +- libcrux-sha3/src/simd/avx2.rs | 36 +-- 3 files changed, 369 insertions(+), 55 deletions(-) diff --git a/libcrux-intrinsics/src/avx2.rs b/libcrux-intrinsics/src/avx2.rs index 01f91fee2..58d0bdb26 100644 --- a/libcrux-intrinsics/src/avx2.rs +++ b/libcrux-intrinsics/src/avx2.rs @@ -1,45 +1,379 @@ +#[cfg(target_arch = "x86")] +pub use core::arch::x86::*; +#[cfg(target_arch = "x86_64")] pub use core::arch::x86_64::*; -#[inline(always)] -pub fn mm256_xor_si256(a: __m256i, b: __m256i) -> __m256i { - unsafe { _mm256_xor_si256(a, b) } +pub type Vec256 = __m256i; +pub type Vec128 = __m128i; + +pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: __m256i) { + debug_assert_eq!(output.len(), 16); + unsafe { + _mm256_storeu_si256(output.as_mut_ptr() as *mut __m256i, vector); + } } -#[inline(always)] -pub fn mm256_slli_epi64(x: __m256i) -> __m256i { - unsafe { _mm256_slli_epi64::(x) } +pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: __m256i) { + debug_assert_eq!(output.len(), 32); + unsafe { + _mm256_storeu_si256(output.as_mut_ptr() as *mut __m256i, vector); + } +} +pub fn mm_storeu_si128(output: &mut [i16], vector: __m128i) { + // debug_assert_eq!(output.len(), 8); + unsafe { + _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); + } +} + +pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: __m128i) { + debug_assert_eq!(output.len(), 16); + unsafe { + _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); + } +} + +pub fn mm_loadu_si128(input: &[u8]) -> __m128i { + debug_assert_eq!(input.len(), 16); + unsafe { _mm_loadu_si128(input.as_ptr() as *const __m128i) } +} + +pub fn mm256_loadu_si256_u8(input: &[u8]) -> __m256i { + debug_assert_eq!(input.len(), 16); + unsafe { _mm256_loadu_si256(input.as_ptr() as *const __m256i) } +} + +pub fn mm256_loadu_si256_i16(input: &[i16]) -> __m256i { + debug_assert_eq!(input.len(), 16); + unsafe { _mm256_loadu_si256(input.as_ptr() as *const __m256i) } +} + +pub fn mm256_setzero_si256() -> __m256i { + unsafe { _mm256_setzero_si256() } +} + +pub fn mm_set_epi8( + byte15: u8, + byte14: u8, + byte13: u8, + byte12: u8, + byte11: u8, + byte10: u8, + byte9: u8, + byte8: u8, + byte7: u8, + byte6: u8, + byte5: u8, + byte4: u8, + byte3: u8, + byte2: u8, + byte1: u8, + byte0: u8, +) -> __m128i { + unsafe { + _mm_set_epi8( + byte15 as i8, + byte14 as i8, + byte13 as i8, + byte12 as i8, + byte11 as i8, + byte10 as i8, + byte9 as i8, + byte8 as i8, + byte7 as i8, + byte6 as i8, + byte5 as i8, + byte4 as i8, + byte3 as i8, + byte2 as i8, + byte1 as i8, + byte0 as i8, + ) + } +} + +pub fn mm256_set_epi8( + byte31: i8, + byte30: i8, + byte29: i8, + byte28: i8, + byte27: i8, + byte26: i8, + byte25: i8, + byte24: i8, + byte23: i8, + byte22: i8, + byte21: i8, + byte20: i8, + byte19: i8, + byte18: i8, + byte17: i8, + byte16: i8, + byte15: i8, + byte14: i8, + byte13: i8, + byte12: i8, + byte11: i8, + byte10: i8, + byte9: i8, + byte8: i8, + byte7: i8, + byte6: i8, + byte5: i8, + byte4: i8, + byte3: i8, + byte2: i8, + byte1: i8, + byte0: i8, +) -> __m256i { + unsafe { + _mm256_set_epi8( + byte31, byte30, byte29, byte28, byte27, byte26, byte25, byte24, byte23, byte22, byte21, + byte20, byte19, byte18, byte17, byte16, byte15, byte14, byte13, byte12, byte11, byte10, + byte9, byte8, byte7, byte6, byte5, byte4, byte3, byte2, byte1, byte0, + ) + } +} + +pub fn mm256_set1_epi16(constant: i16) -> __m256i { + unsafe { _mm256_set1_epi16(constant) } +} +pub fn mm256_set_epi16( + input15: i16, + input14: i16, + input13: i16, + input12: i16, + input11: i16, + input10: i16, + input9: i16, + input8: i16, + input7: i16, + input6: i16, + input5: i16, + input4: i16, + input3: i16, + input2: i16, + input1: i16, + input0: i16, +) -> __m256i { + unsafe { + _mm256_set_epi16( + input15, input14, input13, input12, input11, input10, input9, input8, input7, input6, + input5, input4, input3, input2, input1, input0, + ) + } +} + +pub fn mm_set1_epi16(constant: i16) -> __m128i { + unsafe { _mm_set1_epi16(constant) } +} + +pub fn mm256_set1_epi32(constant: i32) -> __m256i { + unsafe { _mm256_set1_epi32(constant) } +} +pub fn mm256_set_epi32( + input7: i32, + input6: i32, + input5: i32, + input4: i32, + input3: i32, + input2: i32, + input1: i32, + input0: i32, +) -> __m256i { + unsafe { + _mm256_set_epi32( + input7, input6, input5, input4, input3, input2, input1, input0, + ) + } +} + +pub fn mm_add_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { + unsafe { _mm_add_epi16(lhs, rhs) } +} +pub fn mm256_add_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_add_epi16(lhs, rhs) } +} +pub fn mm256_madd_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_madd_epi16(lhs, rhs) } +} +pub fn mm256_add_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_add_epi32(lhs, rhs) } +} + +pub fn mm256_sub_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_sub_epi16(lhs, rhs) } +} +pub fn mm_sub_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { + unsafe { _mm_sub_epi16(lhs, rhs) } +} + +pub fn mm256_mullo_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_mullo_epi16(lhs, rhs) } +} + +pub fn mm_mullo_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { + unsafe { _mm_mullo_epi16(lhs, rhs) } +} + +pub fn mm256_cmpgt_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_cmpgt_epi16(lhs, rhs) } +} + +pub fn mm_mulhi_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { + unsafe { _mm_mulhi_epi16(lhs, rhs) } +} + +pub fn mm256_mullo_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_mullo_epi32(lhs, rhs) } +} + +pub fn mm256_mulhi_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_mulhi_epi16(lhs, rhs) } +} + +pub fn mm256_mul_epu32(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_mul_epu32(lhs, rhs) } +} + +pub fn mm256_and_si256(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_and_si256(lhs, rhs) } +} + +pub fn mm256_xor_si256(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_xor_si256(lhs, rhs) } +} + +pub fn mm256_srai_epi16(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unsafe { _mm256_srai_epi16(vector, SHIFT_BY) } +} +pub fn mm256_srai_epi32(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unsafe { _mm256_srai_epi32(vector, SHIFT_BY) } +} + +pub fn mm256_srli_epi16(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unsafe { _mm256_srli_epi16(vector, SHIFT_BY) } +} +pub fn mm256_srli_epi32(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unsafe { _mm256_srli_epi32(vector, SHIFT_BY) } +} + +pub fn mm256_srli_epi64(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); + unsafe { _mm256_srli_epi64(vector, SHIFT_BY) } +} + +pub fn mm256_slli_epi16(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unsafe { _mm256_slli_epi16(vector, SHIFT_BY) } +} + +pub fn mm256_slli_epi32(vector: __m256i) -> __m256i { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unsafe { _mm256_slli_epi32(vector, SHIFT_BY) } +} + +pub fn mm_shuffle_epi8(vector: __m128i, control: __m128i) -> __m128i { + unsafe { _mm_shuffle_epi8(vector, control) } +} +pub fn mm256_shuffle_epi8(vector: __m256i, control: __m256i) -> __m256i { + unsafe { _mm256_shuffle_epi8(vector, control) } +} +pub fn mm256_shuffle_epi32(vector: __m256i) -> __m256i { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unsafe { _mm256_shuffle_epi32(vector, CONTROL) } +} + +pub fn mm256_permute4x64_epi64(vector: __m256i) -> __m256i { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unsafe { _mm256_permute4x64_epi64(vector, CONTROL) } +} + +pub fn mm256_unpackhi_epi64(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_unpackhi_epi64(lhs, rhs) } +} + +pub fn mm256_unpacklo_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_unpacklo_epi32(lhs, rhs) } +} + +pub fn mm256_unpackhi_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_unpackhi_epi32(lhs, rhs) } +} + +pub fn mm256_castsi256_si128(vector: __m256i) -> __m128i { + unsafe { _mm256_castsi256_si128(vector) } +} +pub fn mm256_castsi128_si256(vector: __m128i) -> __m256i { + unsafe { _mm256_castsi128_si256(vector) } +} + +pub fn mm256_cvtepi16_epi32(vector: __m128i) -> __m256i { + unsafe { _mm256_cvtepi16_epi32(vector) } +} + +pub fn mm_packs_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { + unsafe { _mm_packs_epi16(lhs, rhs) } +} +pub fn mm256_packs_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { + unsafe { _mm256_packs_epi32(lhs, rhs) } +} + +pub fn mm256_extracti128_si256(vector: __m256i) -> __m128i { + debug_assert!(CONTROL == 0 || CONTROL == 1); + unsafe { _mm256_extracti128_si256(vector, CONTROL) } +} + +pub fn mm256_inserti128_si256( + vector: __m256i, + vector_i128: __m128i, +) -> __m256i { + debug_assert!(CONTROL == 0 || CONTROL == 1); + unsafe { _mm256_inserti128_si256(vector, vector_i128, CONTROL) } +} + +pub fn mm256_blend_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unsafe { _mm256_blend_epi16(lhs, rhs, CONTROL) } +} + +pub fn mm_movemask_epi8(vector: __m128i) -> i32 { + unsafe { _mm_movemask_epi8(vector) } +} + +pub fn mm256_permutevar8x32_epi32(vector: __m256i, control: __m256i) -> __m256i { + unsafe { _mm256_permutevar8x32_epi32(vector, control) } +} + +pub fn mm256_sllv_epi32(vector: __m256i, counts: __m256i) -> __m256i { + unsafe { _mm256_sllv_epi32(vector, counts) } } #[inline(always)] -pub fn mm256_srli_epi64(x: __m256i) -> __m256i { - unsafe { _mm256_srli_epi64::(x) } +pub fn mm256_slli_epi64(x: __m256i) -> __m256i { + unsafe { _mm256_slli_epi64::(x) } } #[inline(always)] pub fn mm256_andnot_si256(a: __m256i, b: __m256i) -> __m256i { unsafe { _mm256_andnot_si256(a, b) } } + #[inline(always)] pub fn mm256_set1_epi64x(a: i64) -> __m256i { unsafe { _mm256_set1_epi64x(a) } } -#[inline(always)] -pub fn mm256_loadu_si256(mem_addr: *const __m256i) -> __m256i { - unsafe { _mm256_loadu_si256(mem_addr) } -} + #[inline(always)] pub fn mm256_unpacklo_epi64(a: __m256i, b: __m256i) -> __m256i { unsafe { _mm256_unpacklo_epi64(a, b) } } -#[inline(always)] -pub fn mm256_unpackhi_epi64(a: __m256i, b: __m256i) -> __m256i { - unsafe { _mm256_unpackhi_epi64(a, b) } -} + #[inline(always)] pub fn mm256_permute2x128_si256(a: __m256i, b: __m256i) -> __m256i { unsafe { _mm256_permute2x128_si256::(a, b) } } -#[inline(always)] -pub fn mm256_storeu_si256(mem_addr: *mut __m256i, a: __m256i) { - unsafe { _mm256_storeu_si256(mem_addr, a) } -} diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index cca502998..6b816c7a2 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -3,15 +3,7 @@ use super::traits::Operations; #[cfg(all(feature = "simd256", target_arch = "x86_64", test))] mod debug; -// When extracting F* or C, we don't want to extract this file. -#[cfg(not(any(eurydice, hax)))] -mod intrinsics; -#[cfg(not(any(eurydice, hax)))] -pub(crate) use intrinsics::*; -#[cfg(any(eurydice, hax))] -mod intrinsics_extraction; -#[cfg(any(eurydice, hax))] -pub(crate) use intrinsics_extraction::*; +pub(crate) use libcrux_intrinsics::avx2::*; mod arithmetic; mod compress; @@ -35,14 +27,14 @@ fn zero() -> SIMD256Vector { #[inline(always)] fn to_i16_array(v: SIMD256Vector) -> [i16; 16] { let mut output = [0i16; 16]; - mm256_storeu_si256(&mut output, v.elements); + mm256_storeu_si256_i16(&mut output, v.elements); output } #[inline(always)] fn from_i16_array(array: &[i16]) -> SIMD256Vector { SIMD256Vector { - elements: mm256_loadu_si256(array), + elements: mm256_loadu_si256_i16(array), } } diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index cf37d45f2..ea51e9a1b 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -45,10 +45,10 @@ fn _veorq_n_u64(a: __m256i, c: u64) -> __m256i { pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [&[u8]; 4]) { debug_assert!(RATE <= blocks[0].len() && RATE % 8 == 0 && (RATE % 32 == 8 || RATE % 32 == 16)); for i in 0..RATE / 32 { - let v0 = mm256_loadu_si256(blocks[0][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); - let v1 = mm256_loadu_si256(blocks[1][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); - let v2 = mm256_loadu_si256(blocks[2][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); - let v3 = mm256_loadu_si256(blocks[3][32 * i..32 * (i + 1)].as_ptr() as *const __m256i); + let v0 = mm256_loadu_si256_u8(&blocks[0][32 * i..32 * (i + 1)]); + let v1 = mm256_loadu_si256_u8(&blocks[1][32 * i..32 * (i + 1)]); + let v2 = mm256_loadu_si256_u8(&blocks[2][32 * i..32 * (i + 1)]); + let v3 = mm256_loadu_si256_u8(&blocks[3][32 * i..32 * (i + 1)]); let v0l = mm256_unpacklo_epi64(v0, v1); // 0 0 2 2 let v1h = mm256_unpackhi_epi64(v0, v1); // 1 1 3 3 @@ -76,7 +76,7 @@ pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [ u8s[8..16].copy_from_slice(&blocks[1][start..start + 8]); u8s[16..24].copy_from_slice(&blocks[2][start..start + 8]); u8s[24..32].copy_from_slice(&blocks[3][start..start + 8]); - let u = mm256_loadu_si256(u8s.as_ptr() as *const __m256i); + let u = mm256_loadu_si256_u8(u8s.as_slice()); let i = (4 * (RATE / 32)) / 5; let j = (4 * (RATE / 32)) % 5; s[i][j] = mm256_xor_si256(s[i][j], u); @@ -86,7 +86,7 @@ pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [ u8s[8..16].copy_from_slice(&blocks[1][start + 8..start + 16]); u8s[16..24].copy_from_slice(&blocks[2][start + 8..start + 16]); u8s[24..32].copy_from_slice(&blocks[3][start + 8..start + 16]); - let u = mm256_loadu_si256(u8s.as_ptr() as *const __m256i); + let u = mm256_loadu_si256_u8(u8s.as_slice()); let i = (4 * (RATE / 32) + 1) / 5; let j = (4 * (RATE / 32) + 1) % 5; s[i][j] = mm256_xor_si256(s[i][j], u); @@ -128,22 +128,10 @@ pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [ let v2 = mm256_unpacklo_epi64(v2l, v3h); // 0 1 2 3 let v3 = mm256_unpackhi_epi64(v2l, v3h); // 0 1 2 3 - mm256_storeu_si256( - out[0][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v0, - ); - mm256_storeu_si256( - out[1][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v1, - ); - mm256_storeu_si256( - out[2][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v2, - ); - mm256_storeu_si256( - out[3][32 * i..32 * (i + 1)].as_mut_ptr() as *mut __m256i, - v3, - ); + mm256_storeu_si256_u8(&mut out[0][32 * i..32 * (i + 1)], v0); + mm256_storeu_si256_u8(&mut out[1][32 * i..32 * (i + 1)], v1); + mm256_storeu_si256_u8(&mut out[2][32 * i..32 * (i + 1)], v2); + mm256_storeu_si256_u8(&mut out[3][32 * i..32 * (i + 1)], v3); } let rem = RATE % 32; // has to be 8 or 16 @@ -151,7 +139,7 @@ pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [ let mut u8s = [0u8; 32]; let i = (4 * (RATE / 32)) / 5; let j = (4 * (RATE / 32)) % 5; - mm256_storeu_si256(u8s.as_mut_ptr() as *mut __m256i, s[i][j]); + mm256_storeu_si256_u8(&mut u8s, s[i][j]); out[0][start..start + 8].copy_from_slice(&u8s[0..8]); out[1][start..start + 8].copy_from_slice(&u8s[8..16]); out[2][start..start + 8].copy_from_slice(&u8s[16..24]); @@ -160,7 +148,7 @@ pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [ let mut u8s = [0u8; 32]; let i = (4 * (RATE / 32) + 1) / 5; let j = (4 * (RATE / 32) + 1) % 5; - mm256_storeu_si256(u8s.as_mut_ptr() as *mut __m256i, s[i][j]); + mm256_storeu_si256_u8(&mut u8s, s[i][j]); out[0][start + 8..start + 16].copy_from_slice(&u8s[0..8]); out[1][start + 8..start + 16].copy_from_slice(&u8s[8..16]); out[2][start + 8..start + 16].copy_from_slice(&u8s[16..24]); From 2a530250e1197d6391f012e2365f18a360df3792 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 12:04:26 +0200 Subject: [PATCH 34/94] fix: assert_debug, expect 32, not 16 --- libcrux-intrinsics/src/avx2.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-intrinsics/src/avx2.rs b/libcrux-intrinsics/src/avx2.rs index 58d0bdb26..4d2b81e1e 100644 --- a/libcrux-intrinsics/src/avx2.rs +++ b/libcrux-intrinsics/src/avx2.rs @@ -39,7 +39,7 @@ pub fn mm_loadu_si128(input: &[u8]) -> __m128i { } pub fn mm256_loadu_si256_u8(input: &[u8]) -> __m256i { - debug_assert_eq!(input.len(), 16); + debug_assert_eq!(input.len(), 32); unsafe { _mm256_loadu_si256(input.as_ptr() as *const __m256i) } } From 40bb6e809676b4581c4597bb4515ce56146cc174 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 12:04:47 +0200 Subject: [PATCH 35/94] kill `avx2/debug` module --- libcrux-ml-kem/src/vector/avx2.rs | 3 -- libcrux-ml-kem/src/vector/avx2/debug.rs | 41 ------------------------- 2 files changed, 44 deletions(-) delete mode 100644 libcrux-ml-kem/src/vector/avx2/debug.rs diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 6b816c7a2..90d793da0 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -1,8 +1,5 @@ use super::traits::Operations; -#[cfg(all(feature = "simd256", target_arch = "x86_64", test))] -mod debug; - pub(crate) use libcrux_intrinsics::avx2::*; mod arithmetic; diff --git a/libcrux-ml-kem/src/vector/avx2/debug.rs b/libcrux-ml-kem/src/vector/avx2/debug.rs deleted file mode 100644 index a9124604e..000000000 --- a/libcrux-ml-kem/src/vector/avx2/debug.rs +++ /dev/null @@ -1,41 +0,0 @@ -#![allow(unsafe_code)] - -use std::println; - -#[cfg(target_arch = "x86")] -use core::arch::x86::*; -#[cfg(target_arch = "x86_64")] -use core::arch::x86_64::*; - -#[allow(dead_code)] -pub(crate) fn print_m256i_as_i16s(a: __m256i, prefix: &'static str) { - let mut a_bytes = [0i16; 16]; - unsafe { _mm256_store_si256(a_bytes.as_mut_ptr() as *mut __m256i, a) }; - println!("{}: {:?}", prefix, a_bytes); -} - -#[allow(dead_code)] -pub(crate) fn print_m256i_as_i8s(a: __m256i, prefix: &'static str) { - let mut a_bytes = [0i8; 32]; - unsafe { _mm256_store_si256(a_bytes.as_mut_ptr() as *mut __m256i, a) }; - println!("{}: {:?}", prefix, a_bytes); -} - -#[allow(dead_code)] -pub(crate) fn print_m256i_as_i32s(a: __m256i, prefix: &'static str) { - let mut a_bytes = [0i32; 8]; - unsafe { _mm256_store_si256(a_bytes.as_mut_ptr() as *mut __m256i, a) }; - println!("{}: {:?}", prefix, a_bytes); -} -#[allow(dead_code)] -pub(crate) fn print_m128i_as_i16s(a: __m128i, prefix: &'static str) { - let mut a_bytes = [0i16; 8]; - unsafe { _mm_store_si128(a_bytes.as_mut_ptr() as *mut __m128i, a) }; - println!("{}: {:?}", prefix, a_bytes); -} -#[allow(dead_code)] -pub(crate) fn print_m128i_as_i8s(a: __m128i, prefix: &'static str) { - let mut a_bytes = [0i8; 16]; - unsafe { _mm_store_si128(a_bytes.as_mut_ptr() as *mut __m128i, a) }; - println!("{}: {:?}", prefix, a_bytes); -} From 1cbc9a7a450d4a627791f587f16cd09e52e4dab7 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 14:11:52 +0200 Subject: [PATCH 36/94] kill stale intrinsics modules --- libcrux-ml-kem/src/vector/avx2/intrinsics.rs | 346 ------------------ .../src/vector/avx2/intrinsics_extraction.rs | 300 --------------- 2 files changed, 646 deletions(-) delete mode 100644 libcrux-ml-kem/src/vector/avx2/intrinsics.rs delete mode 100644 libcrux-ml-kem/src/vector/avx2/intrinsics_extraction.rs diff --git a/libcrux-ml-kem/src/vector/avx2/intrinsics.rs b/libcrux-ml-kem/src/vector/avx2/intrinsics.rs deleted file mode 100644 index eacfa40c9..000000000 --- a/libcrux-ml-kem/src/vector/avx2/intrinsics.rs +++ /dev/null @@ -1,346 +0,0 @@ -// TODO: Move this into a separate intrinsics crate. - -#![allow(unsafe_code)] - -#[cfg(target_arch = "x86")] -pub(crate) use core::arch::x86::*; -#[cfg(target_arch = "x86_64")] -pub(crate) use core::arch::x86_64::*; - -pub(crate) type Vec256 = __m256i; -pub(crate) type Vec128 = __m128i; - -pub(crate) fn mm256_storeu_si256(output: &mut [i16], vector: __m256i) { - debug_assert_eq!(output.len(), 16); - unsafe { - _mm256_storeu_si256(output.as_mut_ptr() as *mut __m256i, vector); - } -} -pub(crate) fn mm_storeu_si128(output: &mut [i16], vector: __m128i) { - // debug_assert_eq!(output.len(), 8); - unsafe { - _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); - } -} - -pub(crate) fn mm_storeu_bytes_si128(output: &mut [u8], vector: __m128i) { - debug_assert_eq!(output.len(), 16); - unsafe { - _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); - } -} - -pub(crate) fn mm_loadu_si128(input: &[u8]) -> __m128i { - debug_assert_eq!(input.len(), 16); - unsafe { _mm_loadu_si128(input.as_ptr() as *const __m128i) } -} - -pub(crate) fn mm256_loadu_si256(input: &[i16]) -> __m256i { - debug_assert_eq!(input.len(), 16); - unsafe { _mm256_loadu_si256(input.as_ptr() as *const __m256i) } -} - -pub(crate) fn mm256_setzero_si256() -> __m256i { - unsafe { _mm256_setzero_si256() } -} - -pub(crate) fn mm_set_epi8( - byte15: u8, - byte14: u8, - byte13: u8, - byte12: u8, - byte11: u8, - byte10: u8, - byte9: u8, - byte8: u8, - byte7: u8, - byte6: u8, - byte5: u8, - byte4: u8, - byte3: u8, - byte2: u8, - byte1: u8, - byte0: u8, -) -> __m128i { - unsafe { - _mm_set_epi8( - byte15 as i8, - byte14 as i8, - byte13 as i8, - byte12 as i8, - byte11 as i8, - byte10 as i8, - byte9 as i8, - byte8 as i8, - byte7 as i8, - byte6 as i8, - byte5 as i8, - byte4 as i8, - byte3 as i8, - byte2 as i8, - byte1 as i8, - byte0 as i8, - ) - } -} - -pub(crate) fn mm256_set_epi8( - byte31: i8, - byte30: i8, - byte29: i8, - byte28: i8, - byte27: i8, - byte26: i8, - byte25: i8, - byte24: i8, - byte23: i8, - byte22: i8, - byte21: i8, - byte20: i8, - byte19: i8, - byte18: i8, - byte17: i8, - byte16: i8, - byte15: i8, - byte14: i8, - byte13: i8, - byte12: i8, - byte11: i8, - byte10: i8, - byte9: i8, - byte8: i8, - byte7: i8, - byte6: i8, - byte5: i8, - byte4: i8, - byte3: i8, - byte2: i8, - byte1: i8, - byte0: i8, -) -> __m256i { - unsafe { - _mm256_set_epi8( - byte31, byte30, byte29, byte28, byte27, byte26, byte25, byte24, byte23, byte22, byte21, - byte20, byte19, byte18, byte17, byte16, byte15, byte14, byte13, byte12, byte11, byte10, - byte9, byte8, byte7, byte6, byte5, byte4, byte3, byte2, byte1, byte0, - ) - } -} - -pub(crate) fn mm256_set1_epi16(constant: i16) -> __m256i { - unsafe { _mm256_set1_epi16(constant) } -} -pub(crate) fn mm256_set_epi16( - input15: i16, - input14: i16, - input13: i16, - input12: i16, - input11: i16, - input10: i16, - input9: i16, - input8: i16, - input7: i16, - input6: i16, - input5: i16, - input4: i16, - input3: i16, - input2: i16, - input1: i16, - input0: i16, -) -> __m256i { - unsafe { - _mm256_set_epi16( - input15, input14, input13, input12, input11, input10, input9, input8, input7, input6, - input5, input4, input3, input2, input1, input0, - ) - } -} - -pub(crate) fn mm_set1_epi16(constant: i16) -> __m128i { - unsafe { _mm_set1_epi16(constant) } -} - -pub(crate) fn mm256_set1_epi32(constant: i32) -> __m256i { - unsafe { _mm256_set1_epi32(constant) } -} -pub(crate) fn mm256_set_epi32( - input7: i32, - input6: i32, - input5: i32, - input4: i32, - input3: i32, - input2: i32, - input1: i32, - input0: i32, -) -> __m256i { - unsafe { - _mm256_set_epi32( - input7, input6, input5, input4, input3, input2, input1, input0, - ) - } -} - -pub(crate) fn mm_add_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { - unsafe { _mm_add_epi16(lhs, rhs) } -} -pub(crate) fn mm256_add_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_add_epi16(lhs, rhs) } -} -pub(crate) fn mm256_madd_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_madd_epi16(lhs, rhs) } -} -pub(crate) fn mm256_add_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_add_epi32(lhs, rhs) } -} - -pub(crate) fn mm256_sub_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_sub_epi16(lhs, rhs) } -} -pub(crate) fn mm_sub_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { - unsafe { _mm_sub_epi16(lhs, rhs) } -} - -pub(crate) fn mm256_mullo_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_mullo_epi16(lhs, rhs) } -} - -pub(crate) fn mm_mullo_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { - unsafe { _mm_mullo_epi16(lhs, rhs) } -} - -pub(crate) fn mm256_cmpgt_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_cmpgt_epi16(lhs, rhs) } -} - -pub(crate) fn mm_mulhi_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { - unsafe { _mm_mulhi_epi16(lhs, rhs) } -} - -pub(crate) fn mm256_mullo_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_mullo_epi32(lhs, rhs) } -} - -pub(crate) fn mm256_mulhi_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_mulhi_epi16(lhs, rhs) } -} - -pub(crate) fn mm256_mul_epu32(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_mul_epu32(lhs, rhs) } -} - -pub(crate) fn mm256_and_si256(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_and_si256(lhs, rhs) } -} - -pub(crate) fn mm256_xor_si256(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_xor_si256(lhs, rhs) } -} - -pub(crate) fn mm256_srai_epi16(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); - unsafe { _mm256_srai_epi16(vector, SHIFT_BY) } -} -pub(crate) fn mm256_srai_epi32(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); - unsafe { _mm256_srai_epi32(vector, SHIFT_BY) } -} - -pub(crate) fn mm256_srli_epi16(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); - unsafe { _mm256_srli_epi16(vector, SHIFT_BY) } -} -pub(crate) fn mm256_srli_epi32(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); - unsafe { _mm256_srli_epi32(vector, SHIFT_BY) } -} - -pub(crate) fn mm256_srli_epi64(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); - unsafe { _mm256_srli_epi64(vector, SHIFT_BY) } -} - -pub(crate) fn mm256_slli_epi16(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); - unsafe { _mm256_slli_epi16(vector, SHIFT_BY) } -} - -pub(crate) fn mm256_slli_epi32(vector: __m256i) -> __m256i { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); - unsafe { _mm256_slli_epi32(vector, SHIFT_BY) } -} - -pub(crate) fn mm_shuffle_epi8(vector: __m128i, control: __m128i) -> __m128i { - unsafe { _mm_shuffle_epi8(vector, control) } -} -pub(crate) fn mm256_shuffle_epi8(vector: __m256i, control: __m256i) -> __m256i { - unsafe { _mm256_shuffle_epi8(vector, control) } -} -pub(crate) fn mm256_shuffle_epi32(vector: __m256i) -> __m256i { - debug_assert!(CONTROL >= 0 && CONTROL < 256); - unsafe { _mm256_shuffle_epi32(vector, CONTROL) } -} - -pub(crate) fn mm256_permute4x64_epi64(vector: __m256i) -> __m256i { - debug_assert!(CONTROL >= 0 && CONTROL < 256); - unsafe { _mm256_permute4x64_epi64(vector, CONTROL) } -} - -pub(crate) fn mm256_unpackhi_epi64(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_unpackhi_epi64(lhs, rhs) } -} - -pub(crate) fn mm256_unpacklo_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_unpacklo_epi32(lhs, rhs) } -} - -pub(crate) fn mm256_unpackhi_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_unpackhi_epi32(lhs, rhs) } -} - -pub(crate) fn mm256_castsi256_si128(vector: __m256i) -> __m128i { - unsafe { _mm256_castsi256_si128(vector) } -} -pub(crate) fn mm256_castsi128_si256(vector: __m128i) -> __m256i { - unsafe { _mm256_castsi128_si256(vector) } -} - -pub(crate) fn mm256_cvtepi16_epi32(vector: __m128i) -> __m256i { - unsafe { _mm256_cvtepi16_epi32(vector) } -} - -pub(crate) fn mm_packs_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { - unsafe { _mm_packs_epi16(lhs, rhs) } -} -pub(crate) fn mm256_packs_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { - unsafe { _mm256_packs_epi32(lhs, rhs) } -} - -pub(crate) fn mm256_extracti128_si256(vector: __m256i) -> __m128i { - debug_assert!(CONTROL == 0 || CONTROL == 1); - unsafe { _mm256_extracti128_si256(vector, CONTROL) } -} - -pub(crate) fn mm256_inserti128_si256( - vector: __m256i, - vector_i128: __m128i, -) -> __m256i { - debug_assert!(CONTROL == 0 || CONTROL == 1); - unsafe { _mm256_inserti128_si256(vector, vector_i128, CONTROL) } -} - -pub(crate) fn mm256_blend_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { - debug_assert!(CONTROL >= 0 && CONTROL < 256); - unsafe { _mm256_blend_epi16(lhs, rhs, CONTROL) } -} - -pub(crate) fn mm_movemask_epi8(vector: __m128i) -> i32 { - unsafe { _mm_movemask_epi8(vector) } -} - -pub(crate) fn mm256_permutevar8x32_epi32(vector: __m256i, control: __m256i) -> __m256i { - unsafe { _mm256_permutevar8x32_epi32(vector, control) } -} - -pub(crate) fn mm256_sllv_epi32(vector: __m256i, counts: __m256i) -> __m256i { - unsafe { _mm256_sllv_epi32(vector, counts) } -} diff --git a/libcrux-ml-kem/src/vector/avx2/intrinsics_extraction.rs b/libcrux-ml-kem/src/vector/avx2/intrinsics_extraction.rs deleted file mode 100644 index 58b2da876..000000000 --- a/libcrux-ml-kem/src/vector/avx2/intrinsics_extraction.rs +++ /dev/null @@ -1,300 +0,0 @@ -#![allow(unused_variables)] - -pub(crate) type Vec256 = u8; -pub(crate) type Vec128 = u8; - -pub(crate) fn mm256_storeu_si256(output: &mut [i16], vector: Vec256) { - debug_assert_eq!(output.len(), 16); - unimplemented!() -} - -pub(crate) fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { - debug_assert_eq!(output.len(), 8); - unimplemented!() -} - -pub(crate) fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { - debug_assert_eq!(output.len(), 16); - unimplemented!() -} - -pub(crate) fn mm_loadu_si128(input: &[u8]) -> Vec128 { - debug_assert_eq!(input.len(), 16); - unimplemented!() -} - -pub(crate) fn mm256_loadu_si256(input: &[i16]) -> Vec256 { - debug_assert_eq!(input.len(), 16); - unimplemented!() -} - -pub(crate) fn mm256_setzero_si256() -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm_set_epi8( - byte15: u8, - byte14: u8, - byte13: u8, - byte12: u8, - byte11: u8, - byte10: u8, - byte9: u8, - byte8: u8, - byte7: u8, - byte6: u8, - byte5: u8, - byte4: u8, - byte3: u8, - byte2: u8, - byte1: u8, - byte0: u8, -) -> Vec128 { - unimplemented!() -} - -pub(crate) fn mm256_set_epi8( - byte31: i8, - byte30: i8, - byte29: i8, - byte28: i8, - byte27: i8, - byte26: i8, - byte25: i8, - byte24: i8, - byte23: i8, - byte22: i8, - byte21: i8, - byte20: i8, - byte19: i8, - byte18: i8, - byte17: i8, - byte16: i8, - byte15: i8, - byte14: i8, - byte13: i8, - byte12: i8, - byte11: i8, - byte10: i8, - byte9: i8, - byte8: i8, - byte7: i8, - byte6: i8, - byte5: i8, - byte4: i8, - byte3: i8, - byte2: i8, - byte1: i8, - byte0: i8, -) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_set1_epi16(constant: i16) -> Vec256 { - unimplemented!() -} -pub(crate) fn mm256_set_epi16( - input15: i16, - input14: i16, - input13: i16, - input12: i16, - input11: i16, - input10: i16, - input9: i16, - input8: i16, - input7: i16, - input6: i16, - input5: i16, - input4: i16, - input3: i16, - input2: i16, - input1: i16, - input0: i16, -) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm_set1_epi16(constant: i16) -> Vec128 { - unimplemented!() -} - -pub(crate) fn mm256_set1_epi32(constant: i32) -> Vec256 { - unimplemented!() -} -pub(crate) fn mm256_set_epi32( - input7: i32, - input6: i32, - input5: i32, - input4: i32, - input3: i32, - input2: i32, - input1: i32, - input0: i32, -) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { - unimplemented!() -} -pub(crate) fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} -pub(crate) fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} -pub(crate) fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} -pub(crate) fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { - unimplemented!() -} - -pub(crate) fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { - unimplemented!() -} - -pub(crate) fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { - unimplemented!() -} - -pub(crate) fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_srai_epi16(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); - unimplemented!() -} -pub(crate) fn mm256_srai_epi32(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); - unimplemented!() -} - -pub(crate) fn mm256_srli_epi16(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); - unimplemented!() -} -pub(crate) fn mm256_srli_epi32(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); - unimplemented!() -} - -pub(crate) fn mm256_srli_epi64(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); - unimplemented!() -} - -pub(crate) fn mm256_slli_epi16(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); - unimplemented!() -} - -pub(crate) fn mm256_slli_epi32(vector: Vec256) -> Vec256 { - debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); - unimplemented!() -} - -pub(crate) fn mm_shuffle_epi8(vector: Vec128, control: Vec128) -> Vec128 { - unimplemented!() -} -pub(crate) fn mm256_shuffle_epi8(vector: Vec256, control: Vec256) -> Vec256 { - unimplemented!() -} -pub(crate) fn mm256_shuffle_epi32(vector: Vec256) -> Vec256 { - debug_assert!(CONTROL >= 0 && CONTROL < 256); - unimplemented!() -} - -pub(crate) fn mm256_permute4x64_epi64(vector: Vec256) -> Vec256 { - debug_assert!(CONTROL >= 0 && CONTROL < 256); - unimplemented!() -} - -pub(crate) fn mm256_unpackhi_epi64(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_unpacklo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { - unimplemented!() -} -pub(crate) fn mm256_castsi128_si256(vector: Vec128) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { - unimplemented!() -} -pub(crate) fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { - debug_assert!(CONTROL == 0 || CONTROL == 1); - unimplemented!() -} - -pub(crate) fn mm256_inserti128_si256( - vector: Vec256, - vector_i128: Vec128, -) -> Vec256 { - debug_assert!(CONTROL == 0 || CONTROL == 1); - unimplemented!() -} - -pub(crate) fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { - debug_assert!(CONTROL >= 0 && CONTROL < 256); - unimplemented!() -} - -pub(crate) fn mm_movemask_epi8(vector: Vec128) -> i32 { - unimplemented!() -} - -pub(crate) fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { - unimplemented!() -} - -pub(crate) fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { - unimplemented!() -} From 15a7b29bd4e5bb5b7b9501ff12d9fd3cb01252fb Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 14:13:03 +0200 Subject: [PATCH 37/94] check in `c` extractions --- libcrux-ml-kem/.gitignore | 2 +- libcrux-ml-kem/c/core.c | 34 + libcrux-ml-kem/c/core.h | 38 + libcrux-ml-kem/c/eurydice_glue.h | 220 + libcrux-ml-kem/c/internal/core.h | 31 + libcrux-ml-kem/c/internal/libcrux_mlkem1027.h | 31 + .../c/internal/libcrux_mlkem_vector.h | 35 + libcrux-ml-kem/c/libcrux_intrinsics_avx2.h | 334 + libcrux-ml-kem/c/libcrux_ml_kem.c | 4223 ++++++++++ libcrux-ml-kem/c/libcrux_ml_kem.h | 1649 ++++ libcrux-ml-kem/c/libcrux_mlkem1027.c | 7430 +++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem1027.h | 1518 ++++ libcrux-ml-kem/c/libcrux_mlkem512.c | 4005 +++++++++ libcrux-ml-kem/c/libcrux_mlkem512.h | 805 ++ libcrux-ml-kem/c/libcrux_mlkem768.c | 4265 ++++++++++ libcrux-ml-kem/c/libcrux_mlkem768.h | 860 ++ libcrux-ml-kem/c/libcrux_mlkem_constants.h | 40 + libcrux-ml-kem/c/libcrux_mlkem_ctops.c | 44 + libcrux-ml-kem/c/libcrux_mlkem_ctops.h | 34 + libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 30 + libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h | 25 + libcrux-ml-kem/c/libcrux_mlkem_vector.c | 1365 +++ libcrux-ml-kem/c/libcrux_mlkem_vector.h | 198 + libcrux-ml-kem/c/libcrux_platform.h | 26 + libcrux-ml-kem/c/libcrux_sha3.h | 68 + 25 files changed, 27309 insertions(+), 1 deletion(-) create mode 100644 libcrux-ml-kem/c/core.c create mode 100644 libcrux-ml-kem/c/core.h create mode 100644 libcrux-ml-kem/c/eurydice_glue.h create mode 100644 libcrux-ml-kem/c/internal/core.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem1027.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h create mode 100644 libcrux-ml-kem/c/libcrux_intrinsics_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.c create mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1027.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1027.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_constants.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_ctops.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_ctops.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_sha3.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_vector.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_vector.h create mode 100644 libcrux-ml-kem/c/libcrux_platform.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3.h diff --git a/libcrux-ml-kem/.gitignore b/libcrux-ml-kem/.gitignore index fed5ebf9b..0eccf5f52 100644 --- a/libcrux-ml-kem/.gitignore +++ b/libcrux-ml-kem/.gitignore @@ -1,4 +1,4 @@ Cargo.lock proofs/fstar/extraction/.cache/ proofs/fstar/extraction/.depend -c +# c diff --git a/libcrux-ml-kem/c/core.c b/libcrux-ml-kem/c/core.c new file mode 100644 index 000000000..ef9f514c0 --- /dev/null +++ b/libcrux-ml-kem/c/core.c @@ -0,0 +1,34 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/core.h" + +typedef size_t RangeTo__size_t; + +typedef size_t RangeFrom__size_t; + +typedef struct Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +Option__size_t; + +typedef struct Option__uint32_t_s +{ + core_option_Option__size_t_tags tag; + uint32_t f0; +} +Option__uint32_t; + +typedef struct Option__int32_t_s +{ + core_option_Option__size_t_tags tag; + int32_t f0; +} +Option__int32_t; + diff --git a/libcrux-ml-kem/c/core.h b/libcrux-ml-kem/c/core.h new file mode 100644 index 000000000..88909dbc1 --- /dev/null +++ b/libcrux-ml-kem/c/core.h @@ -0,0 +1,38 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __core_H +#define __core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +#if defined(__cplusplus) +} +#endif + +#define __core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h new file mode 100644 index 000000000..c8b0825db --- /dev/null +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -0,0 +1,220 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. +// the number of elements in the slice (this is NOT the number of bytes). This design choice has two +// important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end +// index in x (excluded). The argument x must be suitably cast to something that can decay (see +// remark above about how pointer arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +#define EURYDICE_SLICE_LEN(s, _) s.len +#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) + +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + +// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. +typedef struct +{ + uint8_t tag; + uint8_t case_Ok[]; +} +result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) +{ + return x; +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ + ((iter_ptr)->start == (iter_ptr)->end) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ + ) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static +// inline function cannot receive a type as an argument. Instead, we receive the element size and +// use it to peform manual offset computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; + Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); + chunks->slice = ((Eurydice_slice) { + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size + }); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ + .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ + .chunk_size = sz_ }) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t)) })) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ + (((iter)->index == (iter)->s.len) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) + +// MISC + +#define core_fmt_Formatter void + + +// VECTORS + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size/sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX/2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t*)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) + +#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-ml-kem/c/internal/core.h b/libcrux-ml-kem/c/internal/core.h new file mode 100644 index 000000000..e6217d8fd --- /dev/null +++ b/libcrux-ml-kem/c/internal/core.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_core_H +#define __internal_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../core.h" +#include "eurydice_glue.h" + +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); + +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + +#define CORE_NUM__U32_8__BITS (32U) + +#if defined(__cplusplus) +} +#endif + +#define __internal_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem1027.h b/libcrux-ml-kem/c/internal/libcrux_mlkem1027.h new file mode 100644 index 000000000..79804a82f --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem1027.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_libcrux_mlkem1027_H +#define __internal_libcrux_mlkem1027_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/core.h" +#include "../libcrux_mlkem1027.h" +#include "eurydice_glue.h" + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem1027_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h new file mode 100644 index 000000000..bb57a1f88 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h @@ -0,0 +1,35 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_libcrux_mlkem_vector_H +#define __internal_libcrux_mlkem_vector_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_vector.h" +#include "eurydice_glue.h" + +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s +{ + core_option_Option__size_t_tags tag; + Eurydice_slice f0; +} +core_option_Option__Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_vector_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/libcrux_intrinsics_avx2.h new file mode 100644 index 000000000..d75aa05af --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_intrinsics_avx2.h @@ -0,0 +1,334 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_intrinsics_avx2_H +#define __libcrux_intrinsics_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srai_epi16(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi16(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16( + int16_t x0, + int16_t x1, + int16_t x2, + int16_t x3, + int16_t x4, + int16_t x5, + int16_t x6, + int16_t x7, + int16_t x8, + int16_t x9, + int16_t x10, + int16_t x11, + int16_t x12, + int16_t x13, + int16_t x14, + int16_t x15 +); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_inserti128_si256( + int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m128i x2 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_blend_epi16( + int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m256i x2 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, + int8_t x1, + int8_t x2, + int8_t x3, + int8_t x4, + int8_t x5, + int8_t x6, + int8_t x7, + int8_t x8, + int8_t x9, + int8_t x10, + int8_t x11, + int8_t x12, + int8_t x13, + int8_t x14, + int8_t x15, + int8_t x16, + int8_t x17, + int8_t x18, + int8_t x19, + int8_t x20, + int8_t x21, + int8_t x22, + int8_t x23, + int8_t x24, + int8_t x25, + int8_t x26, + int8_t x27, + int8_t x28, + int8_t x29, + int8_t x30, + int8_t x31 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32( + int32_t x0, + int32_t x1, + int32_t x2, + int32_t x3, + int32_t x4, + int32_t x5, + int32_t x6, + int32_t x7 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi16(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern void +libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, + uint8_t x1, + uint8_t x2, + uint8_t x3, + uint8_t x4, + uint8_t x5, + uint8_t x6, + uint8_t x7, + uint8_t x8, + uint8_t x9, + uint8_t x10, + uint8_t x11, + uint8_t x12, + uint8_t x13, + uint8_t x14, + uint8_t x15 +); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern void +libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern void +libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c new file mode 100644 index 000000000..1ab72ed56 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_ml_kem.c @@ -0,0 +1,4223 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_ml_kem.h" + +#include "internal/libcrux_mlkem_vector.h" +#include "internal/core.h" + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +) +{ + return self[0U]; +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) +{ + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_avx2_zero(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) +{ + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i + sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + v_minus_field_modulus, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, + field_modulus); + return + libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + t = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i uu____1 = t; + core_core_arch_x86___m256i + t0 = + libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i + quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, + t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = quotient; + core_core_arch_x86___m256i + quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i + value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)2); + core_core_arch_x86___m256i + field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)4); + core_core_arch_x86___m256i + shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i + mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + shifted, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i + shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + shifted_to_positive_in_range, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + prod13 = + libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i + uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, + -zeta3, + zeta3, + zeta3, + -zeta2, + -zeta2, + zeta2, + zeta2, + -zeta1, + -zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, + -zeta1, + -zeta1, + -zeta1, + zeta1, + zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + -zeta0, + -zeta0, + zeta0, + zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +) +{ + core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i uu____0 = value_low; + core_core_arch_x86___m128i + k = + libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i uu____1 = k; + core_core_arch_x86___m128i + k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i uu____0 = rhs; + core_core_arch_x86___m128i + rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i + upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum0; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, + zeta3, + (int16_t)0, + (int16_t)0, + zeta2, + zeta2, + (int16_t)0, + (int16_t)0, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0)); + core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, + zeta1, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0)); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i uu____0 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients0, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) +{ + core_core_arch_x86___m256i uu____0 = v; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, + v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i + result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + result, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, + result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0, + (int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0); + core_core_arch_x86___m256i + lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i + lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + lhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i + lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i + lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i + rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i + rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + rhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i + rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i + rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + rhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i + left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i + right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i + right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i uu____0 = right0; + core_core_arch_x86___m256i + right1 = + libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, + (int32_t)zeta3, + -(int32_t)zeta2, + (int32_t)zeta2, + -(int32_t)zeta1, + (int32_t)zeta1, + -(int32_t)zeta0, + (int32_t)zeta0)); + core_core_arch_x86___m256i + products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i + products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); + core_core_arch_x86___m256i uu____1 = rhs; + core_core_arch_x86___m256i + rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2)); + core_core_arch_x86___m256i + products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i + products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); + core_core_arch_x86___m256i + products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + products_right0, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, + products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return + libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], + rhs[0U], + zeta0, + zeta1, + zeta2, + zeta3); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + core_core_arch_x86___m256i + lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i + high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lsb_to_msb, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = { 0U }; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) +{ + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U, + (int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i + coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_8size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t serialized[16U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0)); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)4, + (int32_t)0)); + core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, + serialized, + uint8_t, + Eurydice_slice), + combined0); + uint8_t ret0[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)16U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients_in_msb, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____15, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +typedef struct Result__uint8_t_10size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_10size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, + adjacent_4_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_8_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined1, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + Result__uint8_t_10size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [10U], + void *); + unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) +{ + uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + core_core_arch_x86___m128i + coefficients = + libcrux_intrinsics_avx2_mm_set_epi8(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i + coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients_loaded, + coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_loaded0; + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)15, + (int8_t)14, + (int8_t)13, + (int8_t)12, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)9, + (int8_t)8, + (int8_t)7, + (int8_t)6, + (int8_t)7, + (int8_t)6, + (int8_t)5, + (int8_t)4, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m256i uu____16 = coefficients0; + core_core_arch_x86___m256i + coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U, + (int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, + coefficients1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +typedef struct Result__uint8_t_20size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_20size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + Result__uint8_t_20size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [20U], + void *); + unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, + 8U, + 8U, + 7U, + 7U, + 6U, + 6U, + 5U, + 4U, + 3U, + 3U, + 2U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 13U, + 12U, + 12U, + 11U, + 10U, + 9U, + 9U, + 8U, + 8U, + 7U, + 7U, + 6U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) +{ + int16_t output[16U] = { 0U }; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, + output, + int16_t, + Eurydice_slice), + v); + memcpy(ret, output, (size_t)16U * sizeof (int16_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) +{ + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); + return lit; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + int16_t array[16U]; + libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector + input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + result = libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +) +{ + memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); + int16_t ret[16U]; + libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); + return + libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, + ret, + int16_t, + Eurydice_slice)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +typedef struct Result__uint8_t_24size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_24size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + Result__uint8_t_24size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [24U], + void *); + unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, + 10U, + 10U, + 9U, + 8U, + 7U, + 7U, + 6U, + 5U, + 4U, + 4U, + 3U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 12U, + 11U, + 11U, + 10U, + 9U, + 8U, + 8U, + 7U, + 6U, + 5U, + 5U, + 4U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U] = + { + 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U] = + { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U] = + { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U] = + { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U] = + { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U] = + { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U] = + { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U] = + { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U] = + { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U] = + { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U] = + { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U] = + { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U] = + { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U] = + { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U] = + { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U] = + { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U] = + { + 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U] = + { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U] = + { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U] = + { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U] = + { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U] = + { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U] = + { + 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U] = + { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U] = + { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U] = + { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U] = + { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U] = + { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U] = + { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U] = + { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U] = + { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U] = + { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U] = + { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U] = + { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U] = + { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U] = + { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U] = + { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U] = + { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U] = + { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U] = + { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U] = + { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U] = + { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U] = + { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U] = + { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U] = + { + 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U] = + { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U] = + { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U] = + { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U] = + { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U] = + { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U] = + { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U] = + { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U] = + { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U] = + { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U] = + { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U] = + { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U] = + { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U] = + { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U] = + { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U] = + { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U] = + { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U] = + { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U] = + { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U] = + { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U] = + { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U] = + { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U] = + { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U] = + { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U] = + { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U] = + { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U] = + { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U] = + { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U] = + { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U] = + { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U] = + { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U] = + { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U] = + { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U] = + { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U] = + { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U] = + { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U] = + { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U] = + { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U] = + { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U] = + { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U] = + { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U] = + { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U] = + { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U] = + { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = + { + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255 + }; + +inline size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i + compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + lower_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + upper_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + potential_coefficients, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, + ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( + libcrux_ml_kem_vector_PortableVector *self +) +{ + return self[0U]; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_zero(); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_from_i16_array(array); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return libcrux_ml_kem_vector_add(lhs, rhs); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return libcrux_ml_kem_vector_sub(lhs, rhs); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_multiply_by_constant(v, c); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_cond_subtract_3329(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_barrett_reduce(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t r +) +{ + return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress_1(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_1(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_4(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_5(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_10(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_11(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_12(a); +} + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_vector_rej_sample(a, out); +} + +const +int16_t +libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = + { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, + (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, + (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, + (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, + (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, + (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, + (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, + (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, + (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, + (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, + (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, + (int16_t)1522, (int16_t)1628 + }; + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +) +{ + return self[0U]; +} + diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_ml_kem.h new file mode 100644 index 000000000..cd701d66b --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_ml_kem.h @@ -0,0 +1,1649 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_ml_kem_H +#define __libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_intrinsics_avx2.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) + +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +); + +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_avx2_portable_PortableVector; + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); + +void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +); + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; + +size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +); + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( + libcrux_ml_kem_vector_PortableVector *self +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( + void +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( + Eurydice_slice array +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t r +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +); + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1027.c b/libcrux-ml-kem/c/libcrux_mlkem1027.c new file mode 100644 index 000000000..f19524ef4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1027.c @@ -0,0 +1,7430 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/libcrux_mlkem1027.h" + +#include "internal/core.h" +#include "libcrux_hacl_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( + void +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a +) +{ + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); + core_core_arch_x86___m256i + fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &fm); +} + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_shift_right___15int32_t(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +) +{ + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t(a); + libcrux_ml_kem_vector_PortableVector + fm = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &fm); +} + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if + (libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + state = + libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)4U, + uu____0, + libcrux_sha3_avx2_x4_incremental_KeccakState4); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +) +{ + uint8_t ret0[4U][504U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, + (size_t)4U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +) +{ + uint8_t ret0[4U][168U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, + (size_t)4U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice a +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[4U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] + )); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +{ + uint8_t out[34U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +{ + uint8_t out[33U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t ret0[4U][128U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)4U, input, ret0, void *); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [128U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + fer); +} + +inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, + zeta_r); + b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &t); + return + ( + (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +) +{ + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_portable_KeccakState1 state[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_portable_KeccakState1 uu____1[4U]; + memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; + memcpy(lit.shake128_state, uu____1, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[4U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, + fer); +} + +inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, + zeta_r); + b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, + &t); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &t); + return + ( + (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[4U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +) +{ + return self->value; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &b)); + b = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, + zeta_r); + return + ( + (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), + (int16_t)1665); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + core_core_arch_x86___m256i + tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &tmp); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficients = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, + &a); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &b)); + b = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, + zeta_r); + return + ( + (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(), + &v), + (int16_t)1665); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)10, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___10int32_t(v); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)11, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___11int32_t(v); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)4, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___4int32_t(v); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)5, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___5int32_t(v); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficients = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, + result); + return result; +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) +{ + uint8_t out[1600U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t(v); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); + decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t(v); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); + decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t(v); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); + decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t(v); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem1027.h b/libcrux-ml-kem/c/libcrux_mlkem1027.h new file mode 100644 index 000000000..c7610d578 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1027.h @@ -0,0 +1,1518 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem1027_H +#define __libcrux_mlkem1027_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_platform.h" +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_ctops.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_ml_kem.h" +#include "libcrux_intrinsics_avx2.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ core_core_arch_x86___m256i coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( + void +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[384U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s +{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], + uint8_t ret[1536U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemPublicKey____1568size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice a +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, + int16_t fer +); + +typedef struct +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; + +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[4U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s +{ + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} +K___uint8_t_1536size_t__uint8_t_1568size_t_; + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +); + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s +{ libcrux_sha3_portable_KeccakState1 shake128_state[4U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U][4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +); + +typedef struct K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s +{ + libcrux_ml_kem_vector_PortableVector fst; + libcrux_ml_kem_vector_PortableVector snd; +} +K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; + +K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +); + +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +); + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemCiphertext____1568size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], + Eurydice_slice out +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + size_t _ +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + size_t _ +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1027_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c new file mode 100644 index 000000000..e61287cb2 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -0,0 +1,4005 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_mlkem512.h" + +#include "internal/libcrux_mlkem1027.h" +#include "libcrux_hacl_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + state = + libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)2U, + uu____0, + libcrux_sha3_avx2_x4_incremental_KeccakState4); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +) +{ + uint8_t ret0[2U][504U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, + (size_t)2U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +) +{ + uint8_t ret0[2U][168U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, + (size_t)2U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[2U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t ret0[2U][192U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)192U, (size_t)2U, input, ret0, void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [192U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +) +{ + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_portable_KeccakState1 state[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_portable_KeccakState1 uu____1[2U]; + memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; + memcpy(lit.shake128_state, uu____1, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[2U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)192U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[2U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +) +{ + return self->value; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t ret0[2U][128U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)2U, input, ret0, void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) +{ + uint8_t out[800U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +) +{ + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h new file mode 100644 index 000000000..5e7cba29c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -0,0 +1,805 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem512_H +#define __libcrux_mlkem512_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_platform.h" +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_ctops.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_mlkem768.h" +#include "libcrux_mlkem1027.h" +#include "libcrux_ml_kem.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], + uint8_t ret[768U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } +libcrux_ml_kem_types_MlKemPublicKey____800size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[2U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[800U]; +} +K___uint8_t_768size_t__uint8_t_800size_t_; + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +); + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s +{ libcrux_sha3_portable_KeccakState1 shake128_state[2U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U][2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice randomness +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +); + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } +libcrux_ml_kem_types_MlKemCiphertext____768size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c new file mode 100644 index 000000000..46e008c13 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -0,0 +1,4265 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_mlkem768.h" + +#include "internal/libcrux_mlkem1027.h" +#include "libcrux_hacl_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if + (libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + state = + libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)3U, + uu____0, + libcrux_sha3_avx2_x4_incremental_KeccakState4); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +) +{ + uint8_t ret0[3U][504U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, + (size_t)3U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +) +{ + uint8_t ret0[3U][168U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, + (size_t)3U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t ret0[3U][128U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)3U, input, ret0, void *); + memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +) +{ + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_portable_KeccakState1 state[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_portable_KeccakState1 uu____1[3U]; + memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; + memcpy(lit.shake128_state, uu____1, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[3U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +) +{ + return self->value; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +{ + uint8_t out[1120U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h new file mode 100644 index 000000000..7ca71a018 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -0,0 +1,860 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem768_H +#define __libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_platform.h" +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_ctops.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_mlkem1027.h" +#include "libcrux_ml_kem.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], + uint8_t ret[1152U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } +libcrux_ml_kem_types_MlKemPublicKey____1184size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[3U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s +{ + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} +K___uint8_t_1152size_t__uint8_t_1184size_t_; + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +); + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s +{ libcrux_sha3_portable_KeccakState1 shake128_state[3U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +); + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } +libcrux_ml_kem_types_MlKemCiphertext____1088size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_constants.h b/libcrux-ml-kem/c/libcrux_mlkem_constants.h new file mode 100644 index 000000000..8ca89d66c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_constants.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_constants_H +#define __libcrux_mlkem_constants_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_constants_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_ctops.c b/libcrux-ml-kem/c/libcrux_mlkem_ctops.c new file mode 100644 index 000000000..997f534fd --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_ctops.c @@ -0,0 +1,44 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_mlkem_ctops.h" + +#include "internal/core.h" + +uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) +{ + uint16_t value0 = (uint16_t)value; + uint16_t uu____0 = value0; + uint16_t + result = + (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) + >> 8U + & 1U; + return (uint8_t)result; +} + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +) +{ + uint8_t + mask = core_num__u8_6__wrapping_sub(libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); + uint8_t out[32U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) + { + size_t i0 = i; + uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); + out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); + } + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem_ctops.h b/libcrux-ml-kem/c/libcrux_mlkem_ctops.h new file mode 100644 index 000000000..309c331ad --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_ctops.h @@ -0,0 +1,34 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_ctops_H +#define __libcrux_mlkem_ctops_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem_constants.h" +#include "core.h" +#include "eurydice_glue.h" + +uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value); + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_ctops_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h new file mode 100644 index 000000000..d4f207ec8 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h @@ -0,0 +1,30 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_sha3_H +#define __libcrux_mlkem_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) + +typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s +{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } +libcrux_ml_kem_hash_functions_neon_Simd128Hash; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h new file mode 100644 index 000000000..c6e3cdb02 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h @@ -0,0 +1,25 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_sha3_avx2_H +#define __libcrux_mlkem_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2_Simd256Hash; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_vector.c b/libcrux-ml-kem/c/libcrux_mlkem_vector.c new file mode 100644 index 000000000..bd9851398 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_vector.c @@ -0,0 +1,1365 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/libcrux_mlkem_vector.h" + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void) +{ + libcrux_ml_kem_vector_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +typedef struct Result__int16_t_16size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + int16_t case_Ok[16U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__int16_t_16size_t__core_array_TryFromSliceError; + +static void +unwrap__int16_t_16size_t__core_array_TryFromSliceError( + Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +) +{ + if (self.tag == core_result_Ok) + { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) +{ + libcrux_ml_kem_vector_PortableVector lit; + int16_t ret[16U]; + Result__int16_t_16size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + int16_t [16U], + void *); + unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + return lit; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) + { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + } + } + return v; +} + +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) +{ + int32_t + t = + (int32_t)value + * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); + int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) +{ + int32_t + k = + (int32_t)(int16_t)value + * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t + k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + return value_high - c; +} + +inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) +{ + return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * (int32_t)fer); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + v.elements[i0] = uu____0; + } + return v; +} + +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) +{ + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient((uint16_t)v.elements[i0]); + v.elements[i0] = (int16_t)uu____0; + } + return v; +} + +inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value) +{ + return value & ((1U << (uint32_t)n) - 1U); +} + +int16_t +libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) +{ + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return + (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits(coefficient_bits, + (uint32_t)compressed); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); + v.elements[2U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); + v.elements[3U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); + v.elements[6U] = v.elements[4U] - t1; + v.elements[4U] = v.elements[4U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); + v.elements[7U] = v.elements[5U] - t2; + v.elements[5U] = v.elements[5U] + t2; + int16_t + t3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], + zeta2); + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], + zeta2); + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], + zeta3); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t + t6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], + zeta3); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); + v.elements[4U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); + v.elements[5U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); + v.elements[6U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); + v.elements[7U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t + t3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], + zeta1); + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], + zeta1); + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], + zeta1); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t + t6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], + zeta1); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + v.elements[8U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + v.elements[9U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[10U], zeta); + v.elements[10U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[11U], zeta); + v.elements[11U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[12U], zeta); + v.elements[12U] = v.elements[4U] - t3; + v.elements[4U] = v.elements[4U] + t3; + int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[13U], zeta); + v.elements[13U] = v.elements[5U] - t4; + v.elements[5U] = v.elements[5U] + t4; + int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[14U], zeta); + v.elements[14U] = v.elements[6U] - t5; + v.elements[6U] = v.elements[6U] + t5; + int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[15U], zeta); + v.elements[15U] = v.elements[7U] - t6; + v.elements[7U] = v.elements[7U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t a_minus_b = v.elements[2U] - v.elements[0U]; + int16_t + uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[0U] + v.elements[2U]); + v.elements[0U] = uu____0; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[2U] = uu____1; + int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; + int16_t + uu____2 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[1U] + v.elements[3U]); + v.elements[1U] = uu____2; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[3U] = uu____3; + int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; + int16_t + uu____4 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[4U] + v.elements[6U]); + v.elements[4U] = uu____4; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + v.elements[6U] = uu____5; + int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; + int16_t + uu____6 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[5U] + v.elements[7U]); + v.elements[5U] = uu____6; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + v.elements[7U] = uu____7; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t + uu____8 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); + v.elements[(size_t)8U + (size_t)0U] = uu____8; + int16_t uu____9 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + v.elements[(size_t)8U + (size_t)2U] = uu____9; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t + uu____10 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); + v.elements[(size_t)8U + (size_t)1U] = uu____10; + int16_t uu____11 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + v.elements[(size_t)8U + (size_t)3U] = uu____11; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t + uu____12 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); + v.elements[(size_t)8U + (size_t)4U] = uu____12; + int16_t uu____13 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + v.elements[(size_t)8U + (size_t)6U] = uu____13; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t + uu____14 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); + v.elements[(size_t)8U + (size_t)5U] = uu____14; + int16_t uu____15 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + v.elements[(size_t)8U + (size_t)7U] = uu____15; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +) +{ + int16_t a_minus_b = v.elements[4U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[4U]; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[4U] = uu____0; + int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[5U]; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[5U] = uu____1; + int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[6U]; + int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + v.elements[6U] = uu____2; + int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[7U]; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + v.elements[7U] = uu____3; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v.elements[(size_t)8U + (size_t)4U] = uu____4; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v.elements[(size_t)8U + (size_t)5U] = uu____5; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + + (size_t)2U] + + v.elements[(size_t)8U + (size_t)6U]; + int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v.elements[(size_t)8U + (size_t)6U] = uu____6; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + + (size_t)3U] + + v.elements[(size_t)8U + (size_t)7U]; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v.elements[(size_t)8U + (size_t)7U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta +) +{ + int16_t a_minus_b = v.elements[8U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[8U]; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + v.elements[8U] = uu____0; + int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[9U]; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + v.elements[9U] = uu____1; + int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[10U]; + int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + v.elements[10U] = uu____2; + int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[11U]; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + v.elements[11U] = uu____3; + int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; + v.elements[4U] = v.elements[4U] + v.elements[12U]; + int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + v.elements[12U] = uu____4; + int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; + v.elements[5U] = v.elements[5U] + v.elements[13U]; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + v.elements[13U] = uu____5; + int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; + v.elements[6U] = v.elements[6U] + v.elements[14U]; + int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + v.elements[14U] = uu____6; + int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; + v.elements[7U] = v.elements[7U] + v.elements[15U]; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + v.elements[15U] = uu____7; + return v; +} + +inline K___int16_t_int16_t +libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +) +{ + int16_t a0 = _.fst; + int16_t a1 = _.snd; + int16_t b0 = _0.fst; + int16_t b1 = _0.snd; + int32_t uu____0 = (int32_t)a0 * (int32_t)b0; + int16_t + uu____1 = + libcrux_ml_kem_vector_montgomery_reduce_element(uu____0 + + + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a1 * (int32_t)b1) + * (int32_t)zeta); + return + ( + (K___int16_t_int16_t){ + .fst = uu____1, + .snd = libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a0 + * (int32_t)b1 + + (int32_t)a1 * (int32_t)b0) + } + ); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + libcrux_ml_kem_vector_PortableVector out = libcrux_ml_kem_vector_zero(); + K___int16_t_int16_t lit0; + lit0.fst = lhs->elements[0U]; + lit0.snd = lhs->elements[1U]; + K___int16_t_int16_t lit1; + lit1.fst = rhs->elements[0U]; + lit1.snd = rhs->elements[1U]; + K___int16_t_int16_t product = libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + out.elements[0U] = product.fst; + out.elements[1U] = product.snd; + K___int16_t_int16_t lit2; + lit2.fst = lhs->elements[2U]; + lit2.snd = lhs->elements[3U]; + K___int16_t_int16_t lit3; + lit3.fst = rhs->elements[2U]; + lit3.snd = rhs->elements[3U]; + K___int16_t_int16_t + product0 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + out.elements[2U] = product0.fst; + out.elements[3U] = product0.snd; + K___int16_t_int16_t lit4; + lit4.fst = lhs->elements[4U]; + lit4.snd = lhs->elements[5U]; + K___int16_t_int16_t lit5; + lit5.fst = rhs->elements[4U]; + lit5.snd = rhs->elements[5U]; + K___int16_t_int16_t product1 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + out.elements[4U] = product1.fst; + out.elements[5U] = product1.snd; + K___int16_t_int16_t lit6; + lit6.fst = lhs->elements[6U]; + lit6.snd = lhs->elements[7U]; + K___int16_t_int16_t lit7; + lit7.fst = rhs->elements[6U]; + lit7.snd = rhs->elements[7U]; + K___int16_t_int16_t + product2 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + out.elements[6U] = product2.fst; + out.elements[7U] = product2.snd; + K___int16_t_int16_t lit8; + lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; + lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; + K___int16_t_int16_t lit9; + lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; + lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; + K___int16_t_int16_t product3 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + out.elements[(size_t)8U + (size_t)0U] = product3.fst; + out.elements[(size_t)8U + (size_t)1U] = product3.snd; + K___int16_t_int16_t lit10; + lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; + lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; + K___int16_t_int16_t lit11; + lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; + lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; + K___int16_t_int16_t + product4 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + out.elements[(size_t)8U + (size_t)2U] = product4.fst; + out.elements[(size_t)8U + (size_t)3U] = product4.snd; + K___int16_t_int16_t lit12; + lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; + lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; + K___int16_t_int16_t lit13; + lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; + lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; + K___int16_t_int16_t + product5 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + out.elements[(size_t)8U + (size_t)4U] = product5.fst; + out.elements[(size_t)8U + (size_t)5U] = product5.snd; + K___int16_t_int16_t lit14; + lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; + lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; + K___int16_t_int16_t lit; + lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; + lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; + K___int16_t_int16_t + product6 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + out.elements[(size_t)8U + (size_t)6U] = product6.fst; + out.elements[(size_t)8U + (size_t)7U] = product6.snd; + return out; +} + +void libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) +{ + uint8_t result[2U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) + { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] + | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) +{ + libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); + } + for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + } + return result; +} + +void libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) +{ + uint8_t result[8U] = { 0U }; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); + return v; +} + +void +libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) +{ + uint8_t result[10U] = { 0U }; + result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); + result[1U] = + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); + result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + result[3U] = + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); + result[5U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) + << 5U + | v.elements[(size_t)8U + (size_t)0U]); + result[6U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) + << 7U + | v.elements[(size_t)8U + (size_t)2U] << 2U) + | v.elements[(size_t)8U + (size_t)1U] >> 3U); + result[7U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | v.elements[(size_t)8U + (size_t)3U] >> 1U); + result[8U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) + << 6U + | v.elements[(size_t)8U + (size_t)5U] << 1U) + | v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)7U] + << 3U + | v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); + uint8_t + uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); + uint8_t + uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); + uint8_t + uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); + uint8_t + uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); + uint8_t + uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) + << 3U; + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); + uint8_t + uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) + << 1U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t + uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) + << 4U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); + uint8_t + uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) + << 2U; + uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); + return v; +} + +void +libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) +{ + uint8_t result[20U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); + result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); + result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[11U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + result[18U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); + result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; + int16_t + uu____8 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); + int16_t + uu____10 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; + int16_t + uu____12 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; + int16_t + uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; + int16_t + uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); + result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; + int16_t + uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); + int16_t + uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; + int16_t + uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); + result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; + int16_t + uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); + result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; + return result; +} + +void +libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +void +libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) +{ + uint8_t result[24U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); + result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); + result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); + result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); + result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); + result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); + result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[13U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)0U] + >> 8U + | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); + result[16U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)2U] + >> 8U + | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)4U] + >> 8U + | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); + result[22U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)6U] + >> 8U + | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector re = libcrux_ml_kem_vector_zero(); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); + int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); + re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); + re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); + re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); + re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); + re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); + re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); + int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); + int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); + int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); + int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); + int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); + int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); + int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); + int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); + int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); + int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); + int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); + int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); + re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); + re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); + re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); + re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); + re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); + re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); + re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); + re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); + return re; +} + +size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem_vector.h b/libcrux-ml-kem/c/libcrux_mlkem_vector.h new file mode 100644 index 000000000..6501762e8 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_vector.h @@ -0,0 +1,198 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_vector_H +#define __libcrux_mlkem_vector_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_PortableVector; + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v); + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) + +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v); + +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) + +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); + +int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v); + +uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value); + +int16_t +libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta +); + +typedef struct K___int16_t_int16_t_s +{ + int16_t fst; + int16_t snd; +} +K___int16_t_int16_t; + +K___int16_t_int16_t +libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]); + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); + +void +libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]); + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]); + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result); + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_vector_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h new file mode 100644 index 000000000..d1481c77f --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_platform_H +#define __libcrux_platform_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_platform_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h new file mode 100644 index 000000000..25a35dcc5 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -0,0 +1,68 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_sha3_H +#define __libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); + +extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); + +#define libcrux_sha3_portable_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_shake256_(x_0, x_1, x_2) + +extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); + +extern libcrux_sha3_portable_KeccakState1 +libcrux_sha3_portable_incremental_shake128_init(void); + +extern void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_portable_KeccakState1 *x0, + Eurydice_slice x1 +); + +extern void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_portable_KeccakState1 *x0, + Eurydice_slice x1 +); + +extern void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_portable_KeccakState1 *x0, + Eurydice_slice x1 +); + +extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); + +extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); + +#define libcrux_sha3_neon_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_shake256_(x_0, x_1, x_2) + +extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); + +#define libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_(x_0, x_1, x_2) + +extern void +libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_( + size_t x0, + uint8_t (*x1)[34U], + libcrux_sha3_neon_x2_incremental_KeccakState2 x2[2U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_H_DEFINED +#endif From f75fee453e038b3a6e66081ac44d8093bf317548 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 14:15:46 +0200 Subject: [PATCH 38/94] Revert "check in `c` extractions" This reverts commit 15a7b29bd4e5bb5b7b9501ff12d9fd3cb01252fb. --- libcrux-ml-kem/.gitignore | 2 +- libcrux-ml-kem/c/core.c | 34 - libcrux-ml-kem/c/core.h | 38 - libcrux-ml-kem/c/eurydice_glue.h | 220 - libcrux-ml-kem/c/internal/core.h | 31 - libcrux-ml-kem/c/internal/libcrux_mlkem1027.h | 31 - .../c/internal/libcrux_mlkem_vector.h | 35 - libcrux-ml-kem/c/libcrux_intrinsics_avx2.h | 334 - libcrux-ml-kem/c/libcrux_ml_kem.c | 4223 ---------- libcrux-ml-kem/c/libcrux_ml_kem.h | 1649 ---- libcrux-ml-kem/c/libcrux_mlkem1027.c | 7430 ----------------- libcrux-ml-kem/c/libcrux_mlkem1027.h | 1518 ---- libcrux-ml-kem/c/libcrux_mlkem512.c | 4005 --------- libcrux-ml-kem/c/libcrux_mlkem512.h | 805 -- libcrux-ml-kem/c/libcrux_mlkem768.c | 4265 ---------- libcrux-ml-kem/c/libcrux_mlkem768.h | 860 -- libcrux-ml-kem/c/libcrux_mlkem_constants.h | 40 - libcrux-ml-kem/c/libcrux_mlkem_ctops.c | 44 - libcrux-ml-kem/c/libcrux_mlkem_ctops.h | 34 - libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 30 - libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h | 25 - libcrux-ml-kem/c/libcrux_mlkem_vector.c | 1365 --- libcrux-ml-kem/c/libcrux_mlkem_vector.h | 198 - libcrux-ml-kem/c/libcrux_platform.h | 26 - libcrux-ml-kem/c/libcrux_sha3.h | 68 - 25 files changed, 1 insertion(+), 27309 deletions(-) delete mode 100644 libcrux-ml-kem/c/core.c delete mode 100644 libcrux-ml-kem/c/core.h delete mode 100644 libcrux-ml-kem/c/eurydice_glue.h delete mode 100644 libcrux-ml-kem/c/internal/core.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem1027.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h delete mode 100644 libcrux-ml-kem/c/libcrux_intrinsics_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.c delete mode 100644 libcrux-ml-kem/c/libcrux_ml_kem.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1027.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1027.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_constants.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_ctops.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_ctops.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_sha3.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_vector.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_vector.h delete mode 100644 libcrux-ml-kem/c/libcrux_platform.h delete mode 100644 libcrux-ml-kem/c/libcrux_sha3.h diff --git a/libcrux-ml-kem/.gitignore b/libcrux-ml-kem/.gitignore index 0eccf5f52..fed5ebf9b 100644 --- a/libcrux-ml-kem/.gitignore +++ b/libcrux-ml-kem/.gitignore @@ -1,4 +1,4 @@ Cargo.lock proofs/fstar/extraction/.cache/ proofs/fstar/extraction/.depend -# c +c diff --git a/libcrux-ml-kem/c/core.c b/libcrux-ml-kem/c/core.c deleted file mode 100644 index ef9f514c0..000000000 --- a/libcrux-ml-kem/c/core.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/core.h" - -typedef size_t RangeTo__size_t; - -typedef size_t RangeFrom__size_t; - -typedef struct Option__size_t_s -{ - core_option_Option__size_t_tags tag; - size_t f0; -} -Option__size_t; - -typedef struct Option__uint32_t_s -{ - core_option_Option__size_t_tags tag; - uint32_t f0; -} -Option__uint32_t; - -typedef struct Option__int32_t_s -{ - core_option_Option__size_t_tags tag; - int32_t f0; -} -Option__int32_t; - diff --git a/libcrux-ml-kem/c/core.h b/libcrux-ml-kem/c/core.h deleted file mode 100644 index 88909dbc1..000000000 --- a/libcrux-ml-kem/c/core.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __core_H -#define __core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef struct core_ops_range_Range__size_t_s -{ - size_t start; - size_t end; -} -core_ops_range_Range__size_t; - -extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); - -extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); - -#define core_option_None 0 -#define core_option_Some 1 - -typedef uint8_t core_option_Option__size_t_tags; - -#if defined(__cplusplus) -} -#endif - -#define __core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h deleted file mode 100644 index c8b0825db..000000000 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ /dev/null @@ -1,220 +0,0 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) - -// SLICES, ARRAYS, ETC. - -// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. -// the number of elements in the slice (this is NOT the number of bytes). This design choice has two -// important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it -// by sizeof t, where t is the type of the elements. -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end -// index in x (excluded). The argument x must be suitably cast to something that can decay (see -// remark above about how pointer arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) -#define EURYDICE_SLICE_LEN(s, _) s.len -#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) - -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) - -// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. -typedef struct -{ - uint8_t tag; - uint8_t case_Ok[]; -} -result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { - uint32_t x = htobe32(src); - memcpy(dst, &x, 4); -} - -static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) -{ - return x; -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } - -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { - *x0 = *x0 + *x1; -} - -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } - -// ITERATORS - -#define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ - ((iter_ptr)->start == (iter_ptr)->end) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ - ) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter - -typedef struct { - Eurydice_slice slice; - size_t chunk_size; -} Eurydice_chunks; - - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static -// inline function cannot receive a type as an argument. Instead, we receive the element size and -// use it to peform manual offset computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); - chunks->slice = ((Eurydice_slice) { - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size - }); - return curr_chunk; -} - -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ - .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ - .chunk_size = sz_ }) -#define core_slice_iter_Chunks Eurydice_chunks -#define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t)) })) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ - core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) - -typedef struct { - Eurydice_slice s; - size_t index; -} Eurydice_slice_iterator; - -#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) -#define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ - (((iter)->index == (iter)->s.len) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) - -// MISC - -#define core_fmt_Formatter void - - -// VECTORS - -/* For now these are passed by value -- three words. We could conceivably change - * the representation to heap-allocate this struct and only pass around the - * pointer (one word). */ -typedef struct { - void *ptr; - size_t len; /* the number of elements */ - size_t alloc_size; /* the size of the allocation, in number of BYTES */ -} Eurydice_vec_s, *Eurydice_vec; - -/* Here, we set everything to zero rather than use a non-standard GCC - * statement-expression -- this suitably initializes ptr to NULL and len and - * size to 0. */ -#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size/sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX/2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t*)v->ptr)[v->len] = x; \ - v->len++; \ - } while (0) - -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ - } while (0) - -#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] -#define EURYDICE_VEC_LEN(v, t) (v)->len - -/* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) - -#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) - -#if defined(__cplusplus) -} -#endif diff --git a/libcrux-ml-kem/c/internal/core.h b/libcrux-ml-kem/c/internal/core.h deleted file mode 100644 index e6217d8fd..000000000 --- a/libcrux-ml-kem/c/internal/core.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_core_H -#define __internal_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../core.h" -#include "eurydice_glue.h" - -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); - -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - -#define CORE_NUM__U32_8__BITS (32U) - -#if defined(__cplusplus) -} -#endif - -#define __internal_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem1027.h b/libcrux-ml-kem/c/internal/libcrux_mlkem1027.h deleted file mode 100644 index 79804a82f..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem1027.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_libcrux_mlkem1027_H -#define __internal_libcrux_mlkem1027_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/core.h" -#include "../libcrux_mlkem1027.h" -#include "eurydice_glue.h" - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem1027_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h deleted file mode 100644 index bb57a1f88..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_vector.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_libcrux_mlkem_vector_H -#define __internal_libcrux_mlkem_vector_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_mlkem_vector.h" -#include "eurydice_glue.h" - -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; - -typedef struct core_option_Option__Eurydice_slice_uint8_t_s -{ - core_option_Option__size_t_tags tag; - Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_vector_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/libcrux_intrinsics_avx2.h deleted file mode 100644 index d75aa05af..000000000 --- a/libcrux-ml-kem/c/libcrux_intrinsics_avx2.h +++ /dev/null @@ -1,334 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_intrinsics_avx2_H -#define __libcrux_intrinsics_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srai_epi16(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi16(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16( - int16_t x0, - int16_t x1, - int16_t x2, - int16_t x3, - int16_t x4, - int16_t x5, - int16_t x6, - int16_t x7, - int16_t x8, - int16_t x9, - int16_t x10, - int16_t x11, - int16_t x12, - int16_t x13, - int16_t x14, - int16_t x15 -); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mullo_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mulhi_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_sub_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_add_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_inserti128_si256( - int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m128i x2 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_blend_epi16( - int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m256i x2 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi8( - int8_t x0, - int8_t x1, - int8_t x2, - int8_t x3, - int8_t x4, - int8_t x5, - int8_t x6, - int8_t x7, - int8_t x8, - int8_t x9, - int8_t x10, - int8_t x11, - int8_t x12, - int8_t x13, - int8_t x14, - int8_t x15, - int8_t x16, - int8_t x17, - int8_t x18, - int8_t x19, - int8_t x20, - int8_t x21, - int8_t x22, - int8_t x23, - int8_t x24, - int8_t x25, - int8_t x26, - int8_t x27, - int8_t x28, - int8_t x29, - int8_t x30, - int8_t x31 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32( - int32_t x0, - int32_t x1, - int32_t x2, - int32_t x3, - int32_t x4, - int32_t x5, - int32_t x6, - int32_t x7 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi16(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_packs_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern void -libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_set_epi8( - uint8_t x0, - uint8_t x1, - uint8_t x2, - uint8_t x3, - uint8_t x4, - uint8_t x5, - uint8_t x6, - uint8_t x7, - uint8_t x8, - uint8_t x9, - uint8_t x10, - uint8_t x11, - uint8_t x12, - uint8_t x13, - uint8_t x14, - uint8_t x15 -); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern void -libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern void -libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.c b/libcrux-ml-kem/c/libcrux_ml_kem.c deleted file mode 100644 index 1ab72ed56..000000000 --- a/libcrux-ml-kem/c/libcrux_ml_kem.c +++ /dev/null @@ -1,4223 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_ml_kem.h" - -#include "internal/libcrux_mlkem_vector.h" -#include "internal/core.h" - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -) -{ - return self[0U]; -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) -{ - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_avx2_zero(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) -{ - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i - sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - v_minus_field_modulus, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, - field_modulus); - return - libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - t = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i uu____1 = t; - core_core_arch_x86___m256i - t0 = - libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i - quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, - t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = quotient; - core_core_arch_x86___m256i - quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i - value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)2); - core_core_arch_x86___m256i - field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)4); - core_core_arch_x86___m256i - shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i - mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - shifted, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i - shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - shifted_to_positive_in_range, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - lhs, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - prod13 = - libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); - core_core_arch_x86___m256i - uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); - return - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, - -zeta3, - zeta3, - zeta3, - -zeta2, - -zeta2, - zeta2, - zeta2, - -zeta1, - -zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, - -zeta1, - -zeta1, - -zeta1, - zeta1, - zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - -zeta0, - -zeta0, - zeta0, - zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, - vector, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -) -{ - core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i uu____0 = value_low; - core_core_arch_x86___m128i - k = - libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i uu____1 = k; - core_core_arch_x86___m128i - k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i uu____0 = rhs; - core_core_arch_x86___m128i - rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i - upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients, - core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum0; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, - zeta3, - (int16_t)0, - (int16_t)0, - zeta2, - zeta2, - (int16_t)0, - (int16_t)0, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0)); - core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, - zeta1, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0)); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i uu____0 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients0, - core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) -{ - core_core_arch_x86___m256i uu____0 = v; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, - v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i - result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - result, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, - result0, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0, - (int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0); - core_core_arch_x86___m256i - lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i - lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - lhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i - lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i - lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i - rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i - rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - rhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i - rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i - rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - rhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i - left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i - right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i - right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i uu____0 = right0; - core_core_arch_x86___m256i - right1 = - libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, - (int32_t)zeta3, - -(int32_t)zeta2, - (int32_t)zeta2, - -(int32_t)zeta1, - (int32_t)zeta1, - -(int32_t)zeta0, - (int32_t)zeta0)); - core_core_arch_x86___m256i - products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i - products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); - core_core_arch_x86___m256i uu____1 = rhs; - core_core_arch_x86___m256i - rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2)); - core_core_arch_x86___m256i - products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i - products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); - core_core_arch_x86___m256i - products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - products_right0, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, - products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return - libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], - rhs[0U], - zeta0, - zeta1, - zeta2, - zeta3); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - core_core_arch_x86___m256i - lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i - high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lsb_to_msb, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = { 0U }; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) -{ - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); - core_core_arch_x86___m256i - shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U, - (int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U); - core_core_arch_x86___m256i - coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_8size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t serialized[16U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0)); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)4, - (int32_t)0)); - core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, - serialized, - uint8_t, - Eurydice_slice), - combined0); - uint8_t ret0[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)16U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); - core_core_arch_x86___m256i - coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients_in_msb, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____15, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -typedef struct Result__uint8_t_10size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_10size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, - adjacent_4_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_8_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined1, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - Result__uint8_t_10size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [10U], - void *); - unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) -{ - uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - core_core_arch_x86___m128i - coefficients = - libcrux_intrinsics_avx2_mm_set_epi8(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); - core_core_arch_x86___m256i - coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i - coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients_loaded, - coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_loaded0; - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)15, - (int8_t)14, - (int8_t)13, - (int8_t)12, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)9, - (int8_t)8, - (int8_t)7, - (int8_t)6, - (int8_t)7, - (int8_t)6, - (int8_t)5, - (int8_t)4, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m256i uu____16 = coefficients0; - core_core_arch_x86___m256i - coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U, - (int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, - coefficients1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -typedef struct Result__uint8_t_20size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_20size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - Result__uint8_t_20size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [20U], - void *); - unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(9U, - 8U, - 8U, - 7U, - 7U, - 6U, - 6U, - 5U, - 4U, - 3U, - 3U, - 2U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 13U, - 12U, - 12U, - 11U, - 10U, - 9U, - 9U, - 8U, - 8U, - 7U, - 7U, - 6U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, - coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) -{ - int16_t output[16U] = { 0U }; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, - output, - int16_t, - Eurydice_slice), - v); - memcpy(ret, output, (size_t)16U * sizeof (int16_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) -{ - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); - return lit; -} - -inline void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ - int16_t array[16U]; - libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector - input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - result = libcrux_ml_kem_vector_avx2_portable_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) - & (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) - & (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) - & (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -inline void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -) -{ - memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); - int16_t ret[16U]; - libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); - return - libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, - ret, - int16_t, - Eurydice_slice)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -typedef struct Result__uint8_t_24size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_24size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - Result__uint8_t_24size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [24U], - void *); - unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(11U, - 10U, - 10U, - 9U, - 8U, - 7U, - 7U, - 6U, - 5U, - 4U, - 4U, - 3U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 12U, - 11U, - 11U, - 10U, - 9U, - 8U, - 8U, - 7U, - 6U, - 5U, - 5U, - 4U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U] = - { - 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U] = - { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U] = - { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U] = - { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U] = - { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U] = - { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U] = - { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U] = - { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U] = - { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U] = - { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U] = - { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U] = - { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U] = - { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U] = - { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U] = - { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U] = - { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U] = - { - 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U] = - { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U] = - { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U] = - { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U] = - { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U] = - { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U] = - { - 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U] = - { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U] = - { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U] = - { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U] = - { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U] = - { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U] = - { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U] = - { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U] = - { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U] = - { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U] = - { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U] = - { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U] = - { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U] = - { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U] = - { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U] = - { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U] = - { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U] = - { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U] = - { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U] = - { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U] = - { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U] = - { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U] = - { - 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U] = - { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U] = - { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U] = - { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U] = - { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U] = - { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U] = - { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U] = - { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U] = - { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U] = - { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U] = - { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U] = - { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U] = - { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U] = - { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U] = - { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U] = - { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U] = - { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U] = - { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U] = - { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U] = - { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U] = - { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U] = - { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U] = - { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U] = - { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U] = - { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U] = - { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U] = - { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U] = - { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U] = - { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U] = - { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U] = - { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U] = - { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U] = - { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U] = - { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U] = - { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U] = - { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U] = - { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U] = - { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U] = - { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U] = - { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U] = - { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U] = - { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U] = - { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U] = - { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = - { - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255 - }; - -inline size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i - compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - lower_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - upper_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - potential_coefficients, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, - ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( - libcrux_ml_kem_vector_PortableVector *self -) -{ - return self[0U]; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_zero(); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_from_i16_array(array); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - return libcrux_ml_kem_vector_add(lhs, rhs); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - return libcrux_ml_kem_vector_sub(lhs, rhs); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_multiply_by_constant(v, c); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_cond_subtract_3329(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_barrett_reduce(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t r -) -{ - return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress_1(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_1(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_4(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_5(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_10(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_11(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_12(a); -} - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return libcrux_ml_kem_vector_rej_sample(a, out); -} - -const -int16_t -libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, - (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, - (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, - (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, - (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, - (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, - (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, - (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, - (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, - (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, - (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, - (int16_t)1522, (int16_t)1628 - }; - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -) -{ - return self[0U]; -} - diff --git a/libcrux-ml-kem/c/libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_ml_kem.h deleted file mode 100644 index cd701d66b..000000000 --- a/libcrux-ml-kem/c/libcrux_ml_kem.h +++ /dev/null @@ -1,1649 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_ml_kem_H -#define __libcrux_ml_kem_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_intrinsics_avx2.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) - -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -); - -typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_avx2_portable_PortableVector; - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); - -void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -); - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; - -size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -); - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( - libcrux_ml_kem_vector_PortableVector *self -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( - void -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( - Eurydice_slice array -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t r -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -); - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); - -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_ml_kem_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1027.c b/libcrux-ml-kem/c/libcrux_mlkem1027.c deleted file mode 100644 index f19524ef4..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1027.c +++ /dev/null @@ -1,7430 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/libcrux_mlkem1027.h" - -#include "internal/core.h" -#include "libcrux_hacl_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( - void -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a -) -{ - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); - core_core_arch_x86___m256i - fm = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &fm); -} - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_shift_right___15int32_t(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -) -{ - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t(a); - libcrux_ml_kem_vector_PortableVector - fm = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &fm); -} - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if - (libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - state = - libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)4U, - uu____0, - libcrux_sha3_avx2_x4_incremental_KeccakState4); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -) -{ - uint8_t ret0[4U][504U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, - (size_t)4U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -) -{ - uint8_t ret0[4U][168U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, - (size_t)4U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice a -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] - )); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) -{ - uint8_t out[34U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) -{ - uint8_t out[33U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t ret0[4U][128U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)4U, input, ret0, void *); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [128U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - fer); -} - -inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, - zeta_r); - b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &t); - return - ( - (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer, - size_t _initial_coefficient_bound -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -) -{ - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - libcrux_sha3_portable_KeccakState1 state[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[4U]; - memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; - memcpy(lit.shake128_state, uu____1, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[4U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, - fer); -} - -inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, - zeta_r); - b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, - &t); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &t); - return - ( - (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[4U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -) -{ - return self->value; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - a_minus_b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &b)); - b = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, - zeta_r); - return - ( - (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), - (int16_t)1665); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - tmp = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - core_core_arch_x86___m256i - tmp0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &tmp); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficients = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, - &a); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &b)); - b = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, - zeta_r); - return - ( - (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(), - &v), - (int16_t)1665); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)10, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___10int32_t(v); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)11, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___11int32_t(v); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)4, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___4int32_t(v); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)5, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___5int32_t(v); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficients = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, - result); - return result; -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) -{ - uint8_t out[1600U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); - decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t(v); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); - decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t(v); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); - decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t(v); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); - decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t(v); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem1027.h b/libcrux-ml-kem/c/libcrux_mlkem1027.h deleted file mode 100644 index c7610d578..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1027.h +++ /dev/null @@ -1,1518 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem1027_H -#define __libcrux_mlkem1027_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_platform.h" -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_ctops.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_ml_kem.h" -#include "libcrux_intrinsics_avx2.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ core_core_arch_x86___m256i coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( - void -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[384U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s -{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], - uint8_t ret[1536U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemPublicKey____1568size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice a -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, - int16_t fer -); - -typedef struct -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; - -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self -); - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s -{ - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} -K___uint8_t_1536size_t__uint8_t_1568size_t_; - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -); - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s -{ libcrux_sha3_portable_KeccakState1 shake128_state[4U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -); - -typedef struct K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s -{ - libcrux_ml_kem_vector_PortableVector fst; - libcrux_ml_kem_vector_PortableVector snd; -} -K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; - -K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -); - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -); - -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -); - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemCiphertext____1568size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], - Eurydice_slice out -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - size_t _ -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - size_t _ -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1027_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c deleted file mode 100644 index e61287cb2..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ /dev/null @@ -1,4005 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_mlkem512.h" - -#include "internal/libcrux_mlkem1027.h" -#include "libcrux_hacl_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - state = - libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)2U, - uu____0, - libcrux_sha3_avx2_x4_incremental_KeccakState4); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -) -{ - uint8_t ret0[2U][504U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, - (size_t)2U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -) -{ - uint8_t ret0[2U][168U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, - (size_t)2U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t ret0[2U][192U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)192U, (size_t)2U, input, ret0, void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [192U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); - return uu____0; -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -) -{ - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - libcrux_sha3_portable_KeccakState1 state[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[2U]; - memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; - memcpy(lit.shake128_state, uu____1, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[2U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)192U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); - return uu____0; -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[2U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -) -{ - return self->value; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t ret0[2U][128U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)2U, input, ret0, void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) -{ - uint8_t out[800U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -) -{ - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h deleted file mode 100644 index 5e7cba29c..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ /dev/null @@ -1,805 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem512_H -#define __libcrux_mlkem512_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_platform.h" -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_ctops.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_mlkem768.h" -#include "libcrux_mlkem1027.h" -#include "libcrux_ml_kem.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], - uint8_t ret[768U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } -libcrux_ml_kem_types_MlKemPublicKey____800size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s -{ - uint8_t fst[768U]; - uint8_t snd[800U]; -} -K___uint8_t_768size_t__uint8_t_800size_t_; - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -); - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s -{ libcrux_sha3_portable_KeccakState1 shake128_state[2U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -); - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } -libcrux_ml_kem_types_MlKemCiphertext____768size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c deleted file mode 100644 index 46e008c13..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ /dev/null @@ -1,4265 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_mlkem768.h" - -#include "internal/libcrux_mlkem1027.h" -#include "libcrux_hacl_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if - (libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - state = - libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)3U, - uu____0, - libcrux_sha3_avx2_x4_incremental_KeccakState4); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -) -{ - uint8_t ret0[3U][504U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, - (size_t)3U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -) -{ - uint8_t ret0[3U][168U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, - (size_t)3U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t ret0[3U][128U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)3U, input, ret0, void *); - memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -) -{ - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - libcrux_sha3_portable_KeccakState1 state[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[3U]; - memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; - memcpy(lit.shake128_state, uu____1, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -) -{ - return self->value; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) -{ - uint8_t out[1120U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h deleted file mode 100644 index 7ca71a018..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ /dev/null @@ -1,860 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem768_H -#define __libcrux_mlkem768_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_platform.h" -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_ctops.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_mlkem1027.h" -#include "libcrux_ml_kem.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], - uint8_t ret[1152U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } -libcrux_ml_kem_types_MlKemPublicKey____1184size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s -{ - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -); - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s -{ libcrux_sha3_portable_KeccakState1 shake128_state[3U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -); - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } -libcrux_ml_kem_types_MlKemCiphertext____1088size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_constants.h b/libcrux-ml-kem/c/libcrux_mlkem_constants.h deleted file mode 100644 index 8ca89d66c..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_constants.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_constants_H -#define __libcrux_mlkem_constants_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_constants_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_ctops.c b/libcrux-ml-kem/c/libcrux_mlkem_ctops.c deleted file mode 100644 index 997f534fd..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_ctops.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_mlkem_ctops.h" - -#include "internal/core.h" - -uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) -{ - uint16_t value0 = (uint16_t)value; - uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; - return (uint8_t)result; -} - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -) -{ - uint8_t - mask = core_num__u8_6__wrapping_sub(libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); - uint8_t out[32U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) - { - size_t i0 = i; - uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); - out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); - } - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem_ctops.h b/libcrux-ml-kem/c/libcrux_mlkem_ctops.h deleted file mode 100644 index 309c331ad..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_ctops.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_ctops_H -#define __libcrux_mlkem_ctops_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_mlkem_constants.h" -#include "core.h" -#include "eurydice_glue.h" - -uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value); - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_ctops_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h deleted file mode 100644 index d4f207ec8..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_sha3_H -#define __libcrux_mlkem_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s -{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } -libcrux_ml_kem_hash_functions_neon_Simd128Hash; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h deleted file mode 100644 index c6e3cdb02..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3_avx2.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_sha3_avx2_H -#define __libcrux_mlkem_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_vector.c b/libcrux-ml-kem/c/libcrux_mlkem_vector.c deleted file mode 100644 index bd9851398..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_vector.c +++ /dev/null @@ -1,1365 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/libcrux_mlkem_vector.h" - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void) -{ - libcrux_ml_kem_vector_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -typedef struct Result__int16_t_16size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__int16_t_16size_t__core_array_TryFromSliceError; - -static void -unwrap__int16_t_16size_t__core_array_TryFromSliceError( - Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -) -{ - if (self.tag == core_result_Ok) - { - int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) -{ - libcrux_ml_kem_vector_PortableVector lit; - int16_t ret[16U]; - Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - int16_t [16U], - void *); - unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); - return lit; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) - { - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; - } - } - return v; -} - -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) -{ - int32_t - t = - (int32_t)value - * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER - + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); - int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) -{ - int32_t - k = - (int32_t)(int16_t)value - * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t - k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); - int16_t value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); - return value_high - c; -} - -inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) -{ - return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * (int32_t)fer); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); - v.elements[i0] = uu____0; - } - return v; -} - -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) -{ - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient((uint16_t)v.elements[i0]); - v.elements[i0] = (int16_t)uu____0; - } - return v; -} - -inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value) -{ - return value & ((1U << (uint32_t)n) - 1U); -} - -int16_t -libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) -{ - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return - (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits(coefficient_bits, - (uint32_t)compressed); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); - v.elements[2U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); - v.elements[3U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); - v.elements[6U] = v.elements[4U] - t1; - v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); - v.elements[7U] = v.elements[5U] - t2; - v.elements[5U] = v.elements[5U] + t2; - int16_t - t3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], - zeta2); - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], - zeta2); - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], - zeta3); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t - t6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], - zeta3); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); - v.elements[4U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); - v.elements[5U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); - v.elements[6U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); - v.elements[7U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t - t3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], - zeta1); - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], - zeta1); - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], - zeta1); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t - t6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], - zeta1); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); - v.elements[8U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); - v.elements[9U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[10U], zeta); - v.elements[10U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[11U], zeta); - v.elements[11U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[12U], zeta); - v.elements[12U] = v.elements[4U] - t3; - v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[13U], zeta); - v.elements[13U] = v.elements[5U] - t4; - v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[14U], zeta); - v.elements[14U] = v.elements[6U] - t5; - v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[15U], zeta); - v.elements[15U] = v.elements[7U] - t6; - v.elements[7U] = v.elements[7U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t - uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[0U] + v.elements[2U]); - v.elements[0U] = uu____0; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[2U] = uu____1; - int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t - uu____2 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[1U] + v.elements[3U]); - v.elements[1U] = uu____2; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[3U] = uu____3; - int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t - uu____4 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[4U] + v.elements[6U]); - v.elements[4U] = uu____4; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); - v.elements[6U] = uu____5; - int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t - uu____6 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[5U] + v.elements[7U]); - v.elements[5U] = uu____6; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); - v.elements[7U] = uu____7; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t - uu____8 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)2U]); - v.elements[(size_t)8U + (size_t)0U] = uu____8; - int16_t uu____9 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); - v.elements[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t - uu____10 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)3U]); - v.elements[(size_t)8U + (size_t)1U] = uu____10; - int16_t uu____11 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); - v.elements[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t - uu____12 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)4U] - + v.elements[(size_t)8U + (size_t)6U]); - v.elements[(size_t)8U + (size_t)4U] = uu____12; - int16_t uu____13 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); - v.elements[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t - uu____14 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)5U] - + v.elements[(size_t)8U + (size_t)7U]); - v.elements[(size_t)8U + (size_t)5U] = uu____14; - int16_t uu____15 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); - v.elements[(size_t)8U + (size_t)7U] = uu____15; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -) -{ - int16_t a_minus_b = v.elements[4U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[4U]; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[4U] = uu____0; - int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[5U]; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[5U] = uu____1; - int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[6U]; - int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); - v.elements[6U] = uu____2; - int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[7U]; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); - v.elements[7U] = uu____3; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; - v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); - v.elements[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; - v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); - v.elements[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; - v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U - + (size_t)2U] - + v.elements[(size_t)8U + (size_t)6U]; - int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); - v.elements[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; - v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U - + (size_t)3U] - + v.elements[(size_t)8U + (size_t)7U]; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); - v.elements[(size_t)8U + (size_t)7U] = uu____7; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta -) -{ - int16_t a_minus_b = v.elements[8U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[8U]; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); - v.elements[8U] = uu____0; - int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[9U]; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); - v.elements[9U] = uu____1; - int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[10U]; - int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); - v.elements[10U] = uu____2; - int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[11U]; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); - v.elements[11U] = uu____3; - int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; - v.elements[4U] = v.elements[4U] + v.elements[12U]; - int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); - v.elements[12U] = uu____4; - int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; - v.elements[5U] = v.elements[5U] + v.elements[13U]; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); - v.elements[13U] = uu____5; - int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; - v.elements[6U] = v.elements[6U] + v.elements[14U]; - int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); - v.elements[14U] = uu____6; - int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; - v.elements[7U] = v.elements[7U] + v.elements[15U]; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); - v.elements[15U] = uu____7; - return v; -} - -inline K___int16_t_int16_t -libcrux_ml_kem_vector_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -) -{ - int16_t a0 = _.fst; - int16_t a1 = _.snd; - int16_t b0 = _0.fst; - int16_t b1 = _0.snd; - int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t - uu____1 = - libcrux_ml_kem_vector_montgomery_reduce_element(uu____0 - + - (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a1 * (int32_t)b1) - * (int32_t)zeta); - return - ( - (K___int16_t_int16_t){ - .fst = uu____1, - .snd = libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a0 - * (int32_t)b1 - + (int32_t)a1 * (int32_t)b0) - } - ); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - libcrux_ml_kem_vector_PortableVector out = libcrux_ml_kem_vector_zero(); - K___int16_t_int16_t lit0; - lit0.fst = lhs->elements[0U]; - lit0.snd = lhs->elements[1U]; - K___int16_t_int16_t lit1; - lit1.fst = rhs->elements[0U]; - lit1.snd = rhs->elements[1U]; - K___int16_t_int16_t product = libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); - out.elements[0U] = product.fst; - out.elements[1U] = product.snd; - K___int16_t_int16_t lit2; - lit2.fst = lhs->elements[2U]; - lit2.snd = lhs->elements[3U]; - K___int16_t_int16_t lit3; - lit3.fst = rhs->elements[2U]; - lit3.snd = rhs->elements[3U]; - K___int16_t_int16_t - product0 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); - out.elements[2U] = product0.fst; - out.elements[3U] = product0.snd; - K___int16_t_int16_t lit4; - lit4.fst = lhs->elements[4U]; - lit4.snd = lhs->elements[5U]; - K___int16_t_int16_t lit5; - lit5.fst = rhs->elements[4U]; - lit5.snd = rhs->elements[5U]; - K___int16_t_int16_t product1 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); - out.elements[4U] = product1.fst; - out.elements[5U] = product1.snd; - K___int16_t_int16_t lit6; - lit6.fst = lhs->elements[6U]; - lit6.snd = lhs->elements[7U]; - K___int16_t_int16_t lit7; - lit7.fst = rhs->elements[6U]; - lit7.snd = rhs->elements[7U]; - K___int16_t_int16_t - product2 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); - out.elements[6U] = product2.fst; - out.elements[7U] = product2.snd; - K___int16_t_int16_t lit8; - lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; - lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; - K___int16_t_int16_t lit9; - lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; - lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; - K___int16_t_int16_t product3 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); - out.elements[(size_t)8U + (size_t)0U] = product3.fst; - out.elements[(size_t)8U + (size_t)1U] = product3.snd; - K___int16_t_int16_t lit10; - lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; - lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; - K___int16_t_int16_t lit11; - lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; - lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; - K___int16_t_int16_t - product4 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); - out.elements[(size_t)8U + (size_t)2U] = product4.fst; - out.elements[(size_t)8U + (size_t)3U] = product4.snd; - K___int16_t_int16_t lit12; - lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; - lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; - K___int16_t_int16_t lit13; - lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; - lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; - K___int16_t_int16_t - product5 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); - out.elements[(size_t)8U + (size_t)4U] = product5.fst; - out.elements[(size_t)8U + (size_t)5U] = product5.snd; - K___int16_t_int16_t lit14; - lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; - lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; - K___int16_t_int16_t lit; - lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; - lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; - K___int16_t_int16_t - product6 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); - out.elements[(size_t)8U + (size_t)6U] = product6.fst; - out.elements[(size_t)8U + (size_t)7U] = product6.snd; - return out; -} - -void libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) -{ - uint8_t result[2U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) - { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) -{ - libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); - } - for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); - } - return result; -} - -void libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) -{ - uint8_t result[8U] = { 0U }; - result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; - result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; - result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; - result[4U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[5U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; - result[6U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; - result[7U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); - return v; -} - -void -libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) -{ - uint8_t result[10U] = { 0U }; - result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); - result[1U] = - (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); - result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); - result[3U] = - (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); - result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); - result[5U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) - << 5U - | v.elements[(size_t)8U + (size_t)0U]); - result[6U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) - << 7U - | v.elements[(size_t)8U + (size_t)2U] << 2U) - | v.elements[(size_t)8U + (size_t)1U] >> 3U); - result[7U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | v.elements[(size_t)8U + (size_t)3U] >> 1U); - result[8U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) - << 6U - | v.elements[(size_t)8U + (size_t)5U] << 1U) - | v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)7U] - << 3U - | v.elements[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t - uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t - uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t - uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t - uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t - uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) - << 3U; - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t - uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) - << 1U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t - uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) - << 4U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t - uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) - << 2U; - uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); - return v; -} - -void -libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) -{ - uint8_t result[20U] = { 0U }; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); - result[3U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); - result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); - result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); - result[7U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); - result[8U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); - result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); - result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[11U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); - result[18U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); - result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t - uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t - uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t - uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t - uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); - result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)15) - << 6U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); - result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) - & (int16_t)63) - << 4U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); - result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t - uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) - << 2U; - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); - result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t - uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); - result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t - uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) - & (int16_t)15) - << 6U; - uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); - result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t - uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) - & (int16_t)63) - << 4U; - uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); - result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t - uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) - << 2U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); - result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; - return result; -} - -void -libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) - & (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) - & (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) - & (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -void -libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) -{ - uint8_t result[24U] = { 0U }; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); - result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); - result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); - result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); - result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); - result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); - result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); - result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); - result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); - result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); - result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[13U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)0U] - >> 8U - | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); - result[16U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)2U] - >> 8U - | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[19U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)4U] - >> 8U - | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); - result[22U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)6U] - >> 8U - | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector re = libcrux_ml_kem_vector_zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); - int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); - re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); - re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); - re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); - re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); - re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); - re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); - int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); - int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); - int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); - int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); - int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); - int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); - int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); - int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); - int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); - int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); - int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); - re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); - re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); - re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); - re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); - re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); - re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); - re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); - re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); - return re; -} - -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem_vector.h b/libcrux-ml-kem/c/libcrux_mlkem_vector.h deleted file mode 100644 index 6501762e8..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_vector.h +++ /dev/null @@ -1,198 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_vector_H -#define __libcrux_mlkem_vector_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) - -typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_PortableVector; - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v); - -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) - -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v); - -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) - -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); - -int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v); - -uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value); - -int16_t -libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta -); - -typedef struct K___int16_t_int16_t_s -{ - int16_t fst; - int16_t snd; -} -K___int16_t_int16_t; - -K___int16_t_int16_t -libcrux_ml_kem_vector_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]); - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); - -void -libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]); - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]); - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result); - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_vector_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h deleted file mode 100644 index d1481c77f..000000000 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_platform_H -#define __libcrux_platform_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern bool libcrux_platform_platform_simd256_support(void); - -extern bool libcrux_platform_platform_simd128_support(void); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_platform_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h deleted file mode 100644 index 25a35dcc5..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_sha3_H -#define __libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); - -extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); - -#define libcrux_sha3_portable_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_shake256_(x_0, x_1, x_2) - -extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); - -extern libcrux_sha3_portable_KeccakState1 -libcrux_sha3_portable_incremental_shake128_init(void); - -extern void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); - -extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); - -#define libcrux_sha3_neon_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_shake256_(x_0, x_1, x_2) - -extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); - -#define libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_(x_0, x_1, x_2) - -extern void -libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_( - size_t x0, - uint8_t (*x1)[34U], - libcrux_sha3_neon_x2_incremental_KeccakState2 x2[2U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_H_DEFINED -#endif From c7724dd320adfc171be7a201fb3874975ce91e56 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 14:18:21 +0200 Subject: [PATCH 39/94] check in a snapshot of the `c` folder in `c-snapshot` --- libcrux-ml-kem/c-snapshot/core.c | 34 + libcrux-ml-kem/c-snapshot/core.h | 38 + libcrux-ml-kem/c-snapshot/eurydice_glue.h | 220 + libcrux-ml-kem/c-snapshot/internal/core.h | 31 + .../c-snapshot/internal/libcrux_mlkem1027.h | 31 + .../internal/libcrux_mlkem_vector.h | 35 + .../c-snapshot/libcrux_intrinsics_avx2.h | 334 + libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c | 4223 ++++++++++ libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h | 1649 ++++ libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c | 7430 +++++++++++++++++ libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h | 1518 ++++ libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c | 4005 +++++++++ libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h | 805 ++ libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c | 4265 ++++++++++ libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h | 860 ++ .../c-snapshot/libcrux_mlkem_constants.h | 40 + .../c-snapshot/libcrux_mlkem_ctops.c | 44 + .../c-snapshot/libcrux_mlkem_ctops.h | 34 + .../c-snapshot/libcrux_mlkem_sha3.h | 30 + .../c-snapshot/libcrux_mlkem_sha3_avx2.h | 25 + .../c-snapshot/libcrux_mlkem_vector.c | 1365 +++ .../c-snapshot/libcrux_mlkem_vector.h | 198 + libcrux-ml-kem/c-snapshot/libcrux_platform.h | 26 + libcrux-ml-kem/c-snapshot/libcrux_sha3.h | 68 + 24 files changed, 27308 insertions(+) create mode 100644 libcrux-ml-kem/c-snapshot/core.c create mode 100644 libcrux-ml-kem/c-snapshot/core.h create mode 100644 libcrux-ml-kem/c-snapshot/eurydice_glue.h create mode 100644 libcrux-ml-kem/c-snapshot/internal/core.h create mode 100644 libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h create mode 100644 libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_platform.h create mode 100644 libcrux-ml-kem/c-snapshot/libcrux_sha3.h diff --git a/libcrux-ml-kem/c-snapshot/core.c b/libcrux-ml-kem/c-snapshot/core.c new file mode 100644 index 000000000..ef9f514c0 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/core.c @@ -0,0 +1,34 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/core.h" + +typedef size_t RangeTo__size_t; + +typedef size_t RangeFrom__size_t; + +typedef struct Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +Option__size_t; + +typedef struct Option__uint32_t_s +{ + core_option_Option__size_t_tags tag; + uint32_t f0; +} +Option__uint32_t; + +typedef struct Option__int32_t_s +{ + core_option_Option__size_t_tags tag; + int32_t f0; +} +Option__int32_t; + diff --git a/libcrux-ml-kem/c-snapshot/core.h b/libcrux-ml-kem/c-snapshot/core.h new file mode 100644 index 000000000..88909dbc1 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/core.h @@ -0,0 +1,38 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __core_H +#define __core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +#if defined(__cplusplus) +} +#endif + +#define __core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/eurydice_glue.h b/libcrux-ml-kem/c-snapshot/eurydice_glue.h new file mode 100644 index 000000000..c8b0825db --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/eurydice_glue.h @@ -0,0 +1,220 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. +// the number of elements in the slice (this is NOT the number of bytes). This design choice has two +// important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end +// index in x (excluded). The argument x must be suitably cast to something that can decay (see +// remark above about how pointer arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +#define EURYDICE_SLICE_LEN(s, _) s.len +#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) + +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + +// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. +typedef struct +{ + uint8_t tag; + uint8_t case_Ok[]; +} +result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) +{ + return x; +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ + ((iter_ptr)->start == (iter_ptr)->end) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ + ) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static +// inline function cannot receive a type as an argument. Instead, we receive the element size and +// use it to peform manual offset computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; + Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); + chunks->slice = ((Eurydice_slice) { + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size + }); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ + .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ + .chunk_size = sz_ }) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t)) })) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ + (((iter)->index == (iter)->s.len) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) + +// MISC + +#define core_fmt_Formatter void + + +// VECTORS + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size/sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX/2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t*)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) + +#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-ml-kem/c-snapshot/internal/core.h b/libcrux-ml-kem/c-snapshot/internal/core.h new file mode 100644 index 000000000..e6217d8fd --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/internal/core.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_core_H +#define __internal_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../core.h" +#include "eurydice_glue.h" + +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); + +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + +#define CORE_NUM__U32_8__BITS (32U) + +#if defined(__cplusplus) +} +#endif + +#define __internal_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h b/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h new file mode 100644 index 000000000..79804a82f --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_libcrux_mlkem1027_H +#define __internal_libcrux_mlkem1027_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/core.h" +#include "../libcrux_mlkem1027.h" +#include "eurydice_glue.h" + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem1027_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h b/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h new file mode 100644 index 000000000..bb57a1f88 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h @@ -0,0 +1,35 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_libcrux_mlkem_vector_H +#define __internal_libcrux_mlkem_vector_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_vector.h" +#include "eurydice_glue.h" + +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s +{ + core_option_Option__size_t_tags tag; + Eurydice_slice f0; +} +core_option_Option__Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_vector_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h new file mode 100644 index 000000000..d75aa05af --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h @@ -0,0 +1,334 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_intrinsics_avx2_H +#define __libcrux_intrinsics_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srai_epi16(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi16(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16( + int16_t x0, + int16_t x1, + int16_t x2, + int16_t x3, + int16_t x4, + int16_t x5, + int16_t x6, + int16_t x7, + int16_t x8, + int16_t x9, + int16_t x10, + int16_t x11, + int16_t x12, + int16_t x13, + int16_t x14, + int16_t x15 +); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_inserti128_si256( + int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m128i x2 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_blend_epi16( + int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m256i x2 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, + int8_t x1, + int8_t x2, + int8_t x3, + int8_t x4, + int8_t x5, + int8_t x6, + int8_t x7, + int8_t x8, + int8_t x9, + int8_t x10, + int8_t x11, + int8_t x12, + int8_t x13, + int8_t x14, + int8_t x15, + int8_t x16, + int8_t x17, + int8_t x18, + int8_t x19, + int8_t x20, + int8_t x21, + int8_t x22, + int8_t x23, + int8_t x24, + int8_t x25, + int8_t x26, + int8_t x27, + int8_t x28, + int8_t x29, + int8_t x30, + int8_t x31 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32( + int32_t x0, + int32_t x1, + int32_t x2, + int32_t x3, + int32_t x4, + int32_t x5, + int32_t x6, + int32_t x7 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi16(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern void +libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, + uint8_t x1, + uint8_t x2, + uint8_t x3, + uint8_t x4, + uint8_t x5, + uint8_t x6, + uint8_t x7, + uint8_t x8, + uint8_t x9, + uint8_t x10, + uint8_t x11, + uint8_t x12, + uint8_t x13, + uint8_t x14, + uint8_t x15 +); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8( + core_core_arch_x86___m128i x0, + core_core_arch_x86___m128i x1 +); + +extern void +libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern void +libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c b/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c new file mode 100644 index 000000000..1ab72ed56 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c @@ -0,0 +1,4223 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_ml_kem.h" + +#include "internal/libcrux_mlkem_vector.h" +#include "internal/core.h" + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +) +{ + return self[0U]; +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) +{ + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_avx2_zero(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) +{ + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i + sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + v_minus_field_modulus, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, + field_modulus); + return + libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + t = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i uu____1 = t; + core_core_arch_x86___m256i + t0 = + libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i + quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, + t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = quotient; + core_core_arch_x86___m256i + quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i + value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)2); + core_core_arch_x86___m256i + field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)4); + core_core_arch_x86___m256i + shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i + mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + shifted, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i + shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + shifted_to_positive_in_range, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + prod13 = + libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i + uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, + -zeta3, + zeta3, + zeta3, + -zeta2, + -zeta2, + zeta2, + zeta2, + -zeta1, + -zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, + -zeta1, + -zeta1, + -zeta1, + zeta1, + zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + -zeta0, + -zeta0, + zeta0, + zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +) +{ + core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i uu____0 = value_low; + core_core_arch_x86___m128i + k = + libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i uu____1 = k; + core_core_arch_x86___m128i + k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i uu____0 = rhs; + core_core_arch_x86___m128i + rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i + upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum0; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, + zeta3, + (int16_t)0, + (int16_t)0, + zeta2, + zeta2, + (int16_t)0, + (int16_t)0, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0)); + core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, + zeta1, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0)); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i uu____0 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients0, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) +{ + core_core_arch_x86___m256i uu____0 = v; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, + v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i + result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + result, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, + result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0, + (int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0); + core_core_arch_x86___m256i + lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i + lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + lhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i + lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i + lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i + rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i + rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + rhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i + rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i + rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + rhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i + left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i + right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i + right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i uu____0 = right0; + core_core_arch_x86___m256i + right1 = + libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, + (int32_t)zeta3, + -(int32_t)zeta2, + (int32_t)zeta2, + -(int32_t)zeta1, + (int32_t)zeta1, + -(int32_t)zeta0, + (int32_t)zeta0)); + core_core_arch_x86___m256i + products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i + products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); + core_core_arch_x86___m256i uu____1 = rhs; + core_core_arch_x86___m256i + rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2)); + core_core_arch_x86___m256i + products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i + products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); + core_core_arch_x86___m256i + products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + products_right0, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, + products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return + libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], + rhs[0U], + zeta0, + zeta1, + zeta2, + zeta3); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + core_core_arch_x86___m256i + lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i + high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lsb_to_msb, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = { 0U }; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) +{ + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U, + (int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i + coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_8size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t serialized[16U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0)); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)4, + (int32_t)0)); + core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, + serialized, + uint8_t, + Eurydice_slice), + combined0); + uint8_t ret0[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)16U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients_in_msb, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____15, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +typedef struct Result__uint8_t_10size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_10size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, + adjacent_4_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_8_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined1, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + Result__uint8_t_10size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [10U], + void *); + unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) +{ + uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + core_core_arch_x86___m128i + coefficients = + libcrux_intrinsics_avx2_mm_set_epi8(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i + coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients_loaded, + coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_loaded0; + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)15, + (int8_t)14, + (int8_t)13, + (int8_t)12, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)9, + (int8_t)8, + (int8_t)7, + (int8_t)6, + (int8_t)7, + (int8_t)6, + (int8_t)5, + (int8_t)4, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m256i uu____16 = coefficients0; + core_core_arch_x86___m256i + coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U, + (int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, + coefficients1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +typedef struct Result__uint8_t_20size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_20size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + Result__uint8_t_20size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [20U], + void *); + unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, + 8U, + 8U, + 7U, + 7U, + 6U, + 6U, + 5U, + 4U, + 3U, + 3U, + 2U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 13U, + 12U, + 12U, + 11U, + 10U, + 9U, + 9U, + 8U, + 8U, + 7U, + 7U, + 6U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) +{ + int16_t output[16U] = { 0U }; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, + output, + int16_t, + Eurydice_slice), + v); + memcpy(ret, output, (size_t)16U * sizeof (int16_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) +{ + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); + return lit; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + int16_t array[16U]; + libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector + input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + result = libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +) +{ + memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); + int16_t ret[16U]; + libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); + return + libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, + ret, + int16_t, + Eurydice_slice)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +typedef struct Result__uint8_t_24size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_24size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + Result__uint8_t_24size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [24U], + void *); + unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, + 10U, + 10U, + 9U, + 8U, + 7U, + 7U, + 6U, + 5U, + 4U, + 4U, + 3U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 12U, + 11U, + 11U, + 10U, + 9U, + 8U, + 8U, + 7U, + 6U, + 5U, + 5U, + 4U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U] = + { + 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U] = + { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U] = + { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U] = + { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U] = + { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U] = + { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U] = + { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U] = + { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U] = + { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U] = + { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U] = + { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U] = + { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U] = + { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U] = + { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U] = + { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U] = + { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U] = + { + 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U] = + { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U] = + { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U] = + { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U] = + { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U] = + { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U] = + { + 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U] = + { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U] = + { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U] = + { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U] = + { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U] = + { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U] = + { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U] = + { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U] = + { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U] = + { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U] = + { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U] = + { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U] = + { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U] = + { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U] = + { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U] = + { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U] = + { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U] = + { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U] = + { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U] = + { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U] = + { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U] = + { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U] = + { + 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U] = + { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U] = + { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U] = + { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U] = + { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U] = + { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U] = + { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U] = + { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U] = + { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U] = + { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U] = + { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U] = + { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U] = + { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U] = + { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U] = + { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U] = + { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U] = + { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U] = + { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U] = + { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U] = + { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U] = + { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U] = + { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U] = + { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U] = + { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U] = + { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U] = + { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U] = + { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U] = + { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U] = + { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U] = + { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U] = + { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U] = + { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U] = + { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U] = + { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U] = + { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U] = + { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U] = + { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U] = + { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U] = + { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U] = + { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U] = + { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U] = + { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U] = + { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U] = + { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = + { + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255 + }; + +inline size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i + compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + lower_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + upper_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + potential_coefficients, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, + ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( + libcrux_ml_kem_vector_PortableVector *self +) +{ + return self[0U]; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_zero(); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_from_i16_array(array); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return libcrux_ml_kem_vector_add(lhs, rhs); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return libcrux_ml_kem_vector_sub(lhs, rhs); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_multiply_by_constant(v, c); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_cond_subtract_3329(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_barrett_reduce(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t r +) +{ + return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress_1(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_1(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_4(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_5(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_10(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_11(a); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_12(a); +} + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_vector_rej_sample(a, out); +} + +const +int16_t +libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = + { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, + (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, + (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, + (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, + (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, + (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, + (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, + (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, + (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, + (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, + (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, + (int16_t)1522, (int16_t)1628 + }; + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +) +{ + return self[0U]; +} + diff --git a/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h b/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h new file mode 100644 index 000000000..cd701d66b --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h @@ -0,0 +1,1649 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_ml_kem_H +#define __libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_intrinsics_avx2.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) + +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +); + +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_avx2_portable_PortableVector; + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); + +void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +); + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U]; + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; + +size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +); + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( + libcrux_ml_kem_vector_PortableVector *self +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( + void +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( + Eurydice_slice array +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t r +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +); + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c new file mode 100644 index 000000000..f19524ef4 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c @@ -0,0 +1,7430 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/libcrux_mlkem1027.h" + +#include "internal/core.h" +#include "libcrux_hacl_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( + void +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a +) +{ + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); + core_core_arch_x86___m256i + fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &fm); +} + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_shift_right___15int32_t(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +) +{ + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t(a); + libcrux_ml_kem_vector_PortableVector + fm = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &fm); +} + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if + (libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + state = + libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)4U, + uu____0, + libcrux_sha3_avx2_x4_incremental_KeccakState4); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +) +{ + uint8_t ret0[4U][504U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, + (size_t)4U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +) +{ + uint8_t ret0[4U][168U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, + (size_t)4U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice a +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[4U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] + )); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +{ + uint8_t out[34U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +{ + uint8_t out[33U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t ret0[4U][128U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)4U, input, ret0, void *); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [128U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + fer); +} + +inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, + zeta_r); + b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &t); + return + ( + (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +) +{ + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_portable_KeccakState1 state[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_portable_KeccakState1 uu____1[4U]; + memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; + memcpy(lit.shake128_state, uu____1, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[4U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, + fer); +} + +inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, + zeta_r); + b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, + &t); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &t); + return + ( + (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[4U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1536U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +) +{ + return self->value; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &b)); + b = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, + zeta_r); + return + ( + (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), + (int16_t)1665); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + core_core_arch_x86___m256i + tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &tmp); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficients = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, + &a); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &b)); + b = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, + zeta_r); + return + ( + (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(), + &v), + (int16_t)1665); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)10, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___10int32_t(v); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)11, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___11int32_t(v); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)4, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___4int32_t(v); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)5, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress___5int32_t(v); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficients = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, + result); + return result; +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) +{ + uint8_t out[1600U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t(v); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); + decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t(v); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +inline void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); + decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t(v); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); + decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t(v); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h new file mode 100644 index 000000000..c7610d578 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h @@ -0,0 +1,1518 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem1027_H +#define __libcrux_mlkem1027_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_platform.h" +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_ctops.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_ml_kem.h" +#include "libcrux_intrinsics_avx2.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ core_core_arch_x86___m256i coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( + void +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[384U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s +{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], + uint8_t ret[1536U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemPublicKey____1568size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice a +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, + int16_t fer +); + +typedef struct +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; + +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[4U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s +{ + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} +K___uint8_t_1536size_t__uint8_t_1568size_t_; + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +); + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s +{ libcrux_sha3_portable_KeccakState1 shake128_state[4U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U][4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +); + +typedef struct K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s +{ + libcrux_ml_kem_vector_PortableVector fst; + libcrux_ml_kem_vector_PortableVector snd; +} +K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; + +K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +K___uint8_t_1536size_t__uint8_t_1568size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t _layer +); + +K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +); + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemCiphertext____1568size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], + Eurydice_slice out +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + size_t _ +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + size_t _ +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1027_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c new file mode 100644 index 000000000..e61287cb2 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c @@ -0,0 +1,4005 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_mlkem512.h" + +#include "internal/libcrux_mlkem1027.h" +#include "libcrux_hacl_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + state = + libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)2U, + uu____0, + libcrux_sha3_avx2_x4_incremental_KeccakState4); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +) +{ + uint8_t ret0[2U][504U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, + (size_t)2U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +) +{ + uint8_t ret0[2U][168U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, + (size_t)2U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[2U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t ret0[2U][192U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)192U, (size_t)2U, input, ret0, void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [192U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +) +{ + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_portable_KeccakState1 state[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_portable_KeccakState1 uu____1[2U]; + memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; + memcpy(lit.shake128_state, uu____1, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[2U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)192U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[2U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[768U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +) +{ + return self->value; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t ret0[2U][128U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)2U, input, ret0, void *); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) +{ + uint8_t out[800U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +) +{ + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h new file mode 100644 index 000000000..5e7cba29c --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h @@ -0,0 +1,805 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem512_H +#define __libcrux_mlkem512_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_platform.h" +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_ctops.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_mlkem768.h" +#include "libcrux_mlkem1027.h" +#include "libcrux_ml_kem.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], + uint8_t ret[768U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } +libcrux_ml_kem_types_MlKemPublicKey____800size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[2U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[800U]; +} +K___uint8_t_768size_t__uint8_t_800size_t_; + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +); + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s +{ libcrux_sha3_portable_KeccakState1 shake128_state[2U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U][2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice randomness +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +K___uint8_t_768size_t__uint8_t_800size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +); + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } +libcrux_ml_kem_types_MlKemCiphertext____768size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c new file mode 100644 index 000000000..46e008c13 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c @@ -0,0 +1,4265 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_mlkem768.h" + +#include "internal/libcrux_mlkem1027.h" +#include "libcrux_hacl_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if + (libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + state = + libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)3U, + uu____0, + libcrux_sha3_avx2_x4_incremental_KeccakState4); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +) +{ + uint8_t ret0[3U][504U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, + (size_t)3U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +) +{ + uint8_t ret0[3U][168U]; + libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, + (size_t)3U, + self, + ret0, + void *); + memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t ret0[3U][128U]; + libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)3U, input, ret0, void *); + memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +) +{ + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _j +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_portable_KeccakState1 state[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_portable_KeccakState1 uu____1[3U]; + memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; + memcpy(lit.shake128_state, uu____1, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +inline bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +inline void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*uu____4)(int16_t x0[272U]) = + libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) + { + uu____5[i_array_map] = uu____4(uu____3[i_array_map]); + } + memcpy(ret, + uu____5, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, + A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = out[i0]; + libcrux_sha3_portable_shake256((size_t)128U, + uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), + void *); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +inline void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[3U]; + memcpy(error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +) +{ + return self->value; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, + out); +} + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____3 = + libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; + libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +{ + uint8_t out[1120U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return libcrux_ml_kem_constant_time_ops_is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _ +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + } + else + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h new file mode 100644 index 000000000..7ca71a018 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h @@ -0,0 +1,860 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem768_H +#define __libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_platform.h" +#include "libcrux_mlkem_vector.h" +#include "libcrux_mlkem_ctops.h" +#include "libcrux_mlkem_constants.h" +#include "libcrux_mlkem1027.h" +#include "libcrux_ml_kem.h" +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], + uint8_t ret[1152U] +); + +void +libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } +libcrux_ml_kem_types_MlKemPublicKey____1184size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[3U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s +{ + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} +K___uint8_t_1152size_t__uint8_t_1184size_t_; + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +); + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +); + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _j +); + +void +libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + size_t _i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s +{ libcrux_sha3_portable_KeccakState1 shake128_state[3U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +); + +bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + int16_t s[272U] +); + +void +libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +void +libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + size_t _i +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +K___uint8_t_1152size_t__uint8_t_1184size_t_ +libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +); + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } +libcrux_ml_kem_types_MlKemCiphertext____1088size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + size_t _i +); + +void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + size_t _i +); + +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _i +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + size_t _ +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( + size_t _ +); + +void +libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +); + +void +libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h new file mode 100644 index 000000000..8ca89d66c --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_constants_H +#define __libcrux_mlkem_constants_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_constants_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c new file mode 100644 index 000000000..997f534fd --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c @@ -0,0 +1,44 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "libcrux_mlkem_ctops.h" + +#include "internal/core.h" + +uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) +{ + uint16_t value0 = (uint16_t)value; + uint16_t uu____0 = value0; + uint16_t + result = + (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) + >> 8U + & 1U; + return (uint8_t)result; +} + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +) +{ + uint8_t + mask = core_num__u8_6__wrapping_sub(libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); + uint8_t out[32U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) + { + size_t i0 = i; + uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); + out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); + } + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h new file mode 100644 index 000000000..309c331ad --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h @@ -0,0 +1,34 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_ctops_H +#define __libcrux_mlkem_ctops_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem_constants.h" +#include "core.h" +#include "eurydice_glue.h" + +uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value); + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_ctops_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h new file mode 100644 index 000000000..d4f207ec8 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h @@ -0,0 +1,30 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_sha3_H +#define __libcrux_mlkem_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) + +typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s +{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } +libcrux_ml_kem_hash_functions_neon_Simd128Hash; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h new file mode 100644 index 000000000..c6e3cdb02 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h @@ -0,0 +1,25 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_sha3_avx2_H +#define __libcrux_mlkem_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2_Simd256Hash; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c new file mode 100644 index 000000000..bd9851398 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c @@ -0,0 +1,1365 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/libcrux_mlkem_vector.h" + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void) +{ + libcrux_ml_kem_vector_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +typedef struct Result__int16_t_16size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + int16_t case_Ok[16U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__int16_t_16size_t__core_array_TryFromSliceError; + +static void +unwrap__int16_t_16size_t__core_array_TryFromSliceError( + Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +) +{ + if (self.tag == core_result_Ok) + { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) +{ + libcrux_ml_kem_vector_PortableVector lit; + int16_t ret[16U]; + Result__int16_t_16size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + int16_t [16U], + void *); + unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + return lit; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) + { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + } + } + return v; +} + +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) +{ + int32_t + t = + (int32_t)value + * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); + int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) +{ + int32_t + k = + (int32_t)(int16_t)value + * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t + k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + return value_high - c; +} + +inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) +{ + return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * (int32_t)fer); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + v.elements[i0] = uu____0; + } + return v; +} + +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) +{ + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient((uint16_t)v.elements[i0]); + v.elements[i0] = (int16_t)uu____0; + } + return v; +} + +inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value) +{ + return value & ((1U << (uint32_t)n) - 1U); +} + +int16_t +libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) +{ + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return + (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits(coefficient_bits, + (uint32_t)compressed); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); + v.elements[2U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); + v.elements[3U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); + v.elements[6U] = v.elements[4U] - t1; + v.elements[4U] = v.elements[4U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); + v.elements[7U] = v.elements[5U] - t2; + v.elements[5U] = v.elements[5U] + t2; + int16_t + t3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], + zeta2); + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], + zeta2); + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], + zeta3); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t + t6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], + zeta3); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); + v.elements[4U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); + v.elements[5U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); + v.elements[6U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); + v.elements[7U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t + t3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], + zeta1); + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], + zeta1); + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], + zeta1); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t + t6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], + zeta1); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + v.elements[8U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + v.elements[9U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[10U], zeta); + v.elements[10U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[11U], zeta); + v.elements[11U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[12U], zeta); + v.elements[12U] = v.elements[4U] - t3; + v.elements[4U] = v.elements[4U] + t3; + int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[13U], zeta); + v.elements[13U] = v.elements[5U] - t4; + v.elements[5U] = v.elements[5U] + t4; + int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[14U], zeta); + v.elements[14U] = v.elements[6U] - t5; + v.elements[6U] = v.elements[6U] + t5; + int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[15U], zeta); + v.elements[15U] = v.elements[7U] - t6; + v.elements[7U] = v.elements[7U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t a_minus_b = v.elements[2U] - v.elements[0U]; + int16_t + uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[0U] + v.elements[2U]); + v.elements[0U] = uu____0; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[2U] = uu____1; + int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; + int16_t + uu____2 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[1U] + v.elements[3U]); + v.elements[1U] = uu____2; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[3U] = uu____3; + int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; + int16_t + uu____4 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[4U] + v.elements[6U]); + v.elements[4U] = uu____4; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + v.elements[6U] = uu____5; + int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; + int16_t + uu____6 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[5U] + v.elements[7U]); + v.elements[5U] = uu____6; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + v.elements[7U] = uu____7; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t + uu____8 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); + v.elements[(size_t)8U + (size_t)0U] = uu____8; + int16_t uu____9 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + v.elements[(size_t)8U + (size_t)2U] = uu____9; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t + uu____10 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); + v.elements[(size_t)8U + (size_t)1U] = uu____10; + int16_t uu____11 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + v.elements[(size_t)8U + (size_t)3U] = uu____11; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t + uu____12 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); + v.elements[(size_t)8U + (size_t)4U] = uu____12; + int16_t uu____13 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + v.elements[(size_t)8U + (size_t)6U] = uu____13; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t + uu____14 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); + v.elements[(size_t)8U + (size_t)5U] = uu____14; + int16_t uu____15 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + v.elements[(size_t)8U + (size_t)7U] = uu____15; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +) +{ + int16_t a_minus_b = v.elements[4U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[4U]; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[4U] = uu____0; + int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[5U]; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[5U] = uu____1; + int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[6U]; + int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + v.elements[6U] = uu____2; + int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[7U]; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + v.elements[7U] = uu____3; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v.elements[(size_t)8U + (size_t)4U] = uu____4; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v.elements[(size_t)8U + (size_t)5U] = uu____5; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + + (size_t)2U] + + v.elements[(size_t)8U + (size_t)6U]; + int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v.elements[(size_t)8U + (size_t)6U] = uu____6; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + + (size_t)3U] + + v.elements[(size_t)8U + (size_t)7U]; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v.elements[(size_t)8U + (size_t)7U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta +) +{ + int16_t a_minus_b = v.elements[8U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[8U]; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + v.elements[8U] = uu____0; + int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[9U]; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + v.elements[9U] = uu____1; + int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[10U]; + int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + v.elements[10U] = uu____2; + int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[11U]; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + v.elements[11U] = uu____3; + int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; + v.elements[4U] = v.elements[4U] + v.elements[12U]; + int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + v.elements[12U] = uu____4; + int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; + v.elements[5U] = v.elements[5U] + v.elements[13U]; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + v.elements[13U] = uu____5; + int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; + v.elements[6U] = v.elements[6U] + v.elements[14U]; + int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + v.elements[14U] = uu____6; + int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; + v.elements[7U] = v.elements[7U] + v.elements[15U]; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + v.elements[15U] = uu____7; + return v; +} + +inline K___int16_t_int16_t +libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +) +{ + int16_t a0 = _.fst; + int16_t a1 = _.snd; + int16_t b0 = _0.fst; + int16_t b1 = _0.snd; + int32_t uu____0 = (int32_t)a0 * (int32_t)b0; + int16_t + uu____1 = + libcrux_ml_kem_vector_montgomery_reduce_element(uu____0 + + + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a1 * (int32_t)b1) + * (int32_t)zeta); + return + ( + (K___int16_t_int16_t){ + .fst = uu____1, + .snd = libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a0 + * (int32_t)b1 + + (int32_t)a1 * (int32_t)b0) + } + ); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + libcrux_ml_kem_vector_PortableVector out = libcrux_ml_kem_vector_zero(); + K___int16_t_int16_t lit0; + lit0.fst = lhs->elements[0U]; + lit0.snd = lhs->elements[1U]; + K___int16_t_int16_t lit1; + lit1.fst = rhs->elements[0U]; + lit1.snd = rhs->elements[1U]; + K___int16_t_int16_t product = libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + out.elements[0U] = product.fst; + out.elements[1U] = product.snd; + K___int16_t_int16_t lit2; + lit2.fst = lhs->elements[2U]; + lit2.snd = lhs->elements[3U]; + K___int16_t_int16_t lit3; + lit3.fst = rhs->elements[2U]; + lit3.snd = rhs->elements[3U]; + K___int16_t_int16_t + product0 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + out.elements[2U] = product0.fst; + out.elements[3U] = product0.snd; + K___int16_t_int16_t lit4; + lit4.fst = lhs->elements[4U]; + lit4.snd = lhs->elements[5U]; + K___int16_t_int16_t lit5; + lit5.fst = rhs->elements[4U]; + lit5.snd = rhs->elements[5U]; + K___int16_t_int16_t product1 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + out.elements[4U] = product1.fst; + out.elements[5U] = product1.snd; + K___int16_t_int16_t lit6; + lit6.fst = lhs->elements[6U]; + lit6.snd = lhs->elements[7U]; + K___int16_t_int16_t lit7; + lit7.fst = rhs->elements[6U]; + lit7.snd = rhs->elements[7U]; + K___int16_t_int16_t + product2 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + out.elements[6U] = product2.fst; + out.elements[7U] = product2.snd; + K___int16_t_int16_t lit8; + lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; + lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; + K___int16_t_int16_t lit9; + lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; + lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; + K___int16_t_int16_t product3 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + out.elements[(size_t)8U + (size_t)0U] = product3.fst; + out.elements[(size_t)8U + (size_t)1U] = product3.snd; + K___int16_t_int16_t lit10; + lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; + lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; + K___int16_t_int16_t lit11; + lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; + lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; + K___int16_t_int16_t + product4 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + out.elements[(size_t)8U + (size_t)2U] = product4.fst; + out.elements[(size_t)8U + (size_t)3U] = product4.snd; + K___int16_t_int16_t lit12; + lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; + lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; + K___int16_t_int16_t lit13; + lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; + lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; + K___int16_t_int16_t + product5 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + out.elements[(size_t)8U + (size_t)4U] = product5.fst; + out.elements[(size_t)8U + (size_t)5U] = product5.snd; + K___int16_t_int16_t lit14; + lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; + lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; + K___int16_t_int16_t lit; + lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; + lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; + K___int16_t_int16_t + product6 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + out.elements[(size_t)8U + (size_t)6U] = product6.fst; + out.elements[(size_t)8U + (size_t)7U] = product6.snd; + return out; +} + +void libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) +{ + uint8_t result[2U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) + { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] + | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) +{ + libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); + } + for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + } + return result; +} + +void libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) +{ + uint8_t result[8U] = { 0U }; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); + return v; +} + +void +libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) +{ + uint8_t result[10U] = { 0U }; + result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); + result[1U] = + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); + result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + result[3U] = + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); + result[5U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) + << 5U + | v.elements[(size_t)8U + (size_t)0U]); + result[6U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) + << 7U + | v.elements[(size_t)8U + (size_t)2U] << 2U) + | v.elements[(size_t)8U + (size_t)1U] >> 3U); + result[7U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | v.elements[(size_t)8U + (size_t)3U] >> 1U); + result[8U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) + << 6U + | v.elements[(size_t)8U + (size_t)5U] << 1U) + | v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)7U] + << 3U + | v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); + uint8_t + uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); + uint8_t + uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); + uint8_t + uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); + uint8_t + uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); + uint8_t + uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) + << 3U; + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); + uint8_t + uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) + << 1U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t + uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) + << 4U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); + uint8_t + uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) + << 2U; + uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); + return v; +} + +void +libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) +{ + uint8_t result[20U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); + result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); + result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[11U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + result[18U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); + result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; + int16_t + uu____8 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); + int16_t + uu____10 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; + int16_t + uu____12 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; + int16_t + uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; + int16_t + uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); + result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; + int16_t + uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); + int16_t + uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; + int16_t + uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); + result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; + int16_t + uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); + result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; + return result; +} + +void +libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +void +libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) +{ + uint8_t result[24U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); + result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); + result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); + result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); + result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); + result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); + result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[13U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)0U] + >> 8U + | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); + result[16U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)2U] + >> 8U + | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)4U] + >> 8U + | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); + result[22U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)6U] + >> 8U + | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector re = libcrux_ml_kem_vector_zero(); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); + int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); + re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); + re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); + re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); + re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); + re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); + re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); + int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); + int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); + int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); + int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); + int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); + int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); + int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); + int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); + int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); + int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); + int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); + int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); + re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); + re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); + re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); + re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); + re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); + re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); + re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); + re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); + return re; +} + +size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h new file mode 100644 index 000000000..6501762e8 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h @@ -0,0 +1,198 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_mlkem_vector_H +#define __libcrux_mlkem_vector_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_PortableVector; + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v); + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) + +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v); + +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) + +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); + +int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v); + +uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value); + +int16_t +libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta +); + +typedef struct K___int16_t_int16_t_s +{ + int16_t fst; + int16_t snd; +} +K___int16_t_int16_t; + +K___int16_t_int16_t +libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]); + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); + +void +libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]); + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]); + +libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result); + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_vector_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_platform.h b/libcrux-ml-kem/c-snapshot/libcrux_platform.h new file mode 100644 index 000000000..d1481c77f --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_platform.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_platform_H +#define __libcrux_platform_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_platform_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_sha3.h b/libcrux-ml-kem/c-snapshot/libcrux_sha3.h new file mode 100644 index 000000000..25a35dcc5 --- /dev/null +++ b/libcrux-ml-kem/c-snapshot/libcrux_sha3.h @@ -0,0 +1,68 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_sha3_H +#define __libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); + +extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); + +#define libcrux_sha3_portable_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_shake256_(x_0, x_1, x_2) + +extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); + +extern libcrux_sha3_portable_KeccakState1 +libcrux_sha3_portable_incremental_shake128_init(void); + +extern void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_portable_KeccakState1 *x0, + Eurydice_slice x1 +); + +extern void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_portable_KeccakState1 *x0, + Eurydice_slice x1 +); + +extern void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_portable_KeccakState1 *x0, + Eurydice_slice x1 +); + +extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); + +extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); + +#define libcrux_sha3_neon_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_shake256_(x_0, x_1, x_2) + +extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); + +#define libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_(x_0, x_1, x_2) + +extern void +libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_( + size_t x0, + uint8_t (*x1)[34U], + libcrux_sha3_neon_x2_incremental_KeccakState2 x2[2U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_H_DEFINED +#endif From 3015d42983942cc2fccc813534d9c6e73c352cbe Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 28 May 2024 18:00:09 +0200 Subject: [PATCH 40/94] made sha3 safe --- libcrux-intrinsics/src/arm64.rs | 61 +++++++++++++++++++++++++++++++++ libcrux-sha3/src/lib.rs | 26 +++++++------- libcrux-sha3/src/simd.rs | 4 +-- libcrux-sha3/src/simd/arm64.rs | 58 ++++++++++++++++--------------- 4 files changed, 106 insertions(+), 43 deletions(-) diff --git a/libcrux-intrinsics/src/arm64.rs b/libcrux-intrinsics/src/arm64.rs index 2753789fe..57532d173 100644 --- a/libcrux-intrinsics/src/arm64.rs +++ b/libcrux-intrinsics/src/arm64.rs @@ -3,12 +3,18 @@ use core::arch::aarch64::*; pub type _int16x8_t = int16x8_t; pub type _uint32x4_t = uint32x4_t; +pub type _uint64x2_t = uint64x2_t; #[inline(always)] pub fn _vdupq_n_s16(i: i16) -> int16x8_t { unsafe { vdupq_n_s16(i) } } +#[inline(always)] +pub fn _vdupq_n_u64(i: u64) -> uint64x2_t { + unsafe { vdupq_n_u64(i) } +} + #[inline(always)] pub fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { unsafe { vst1q_s16(out.as_mut_ptr(), v) } @@ -19,6 +25,26 @@ pub fn _vld1q_s16(array: &[i16]) -> int16x8_t { unsafe { vld1q_s16(array.as_ptr()) } } +#[inline(always)] +pub fn _vld1q_bytes_u64(array: &[u8]) -> uint64x2_t { + unsafe { vld1q_u64(array.as_ptr() as *const u64) } +} + +#[inline(always)] +pub fn _vld1q_u64(array: &[u64]) -> uint64x2_t { + unsafe { vld1q_u64(array.as_ptr()) } +} + +#[inline(always)] +pub fn _vst1q_u64(out: &mut [u64], v: uint64x2_t) { + unsafe { vst1q_u64(out.as_mut_ptr(), v) } +} + +#[inline(always)] +pub fn _vst1q_bytes_u64(out: &mut [u8], v: uint64x2_t) { + unsafe { vst1q_u64(out.as_mut_ptr() as *mut u64, v) } +} + #[inline(always)] pub fn _vaddq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { unsafe { vaddq_s16(lhs, rhs) } @@ -49,6 +75,16 @@ pub fn _vshrq_n_u16(v: uint16x8_t) -> uint16x8_t { unsafe { vshrq_n_u16::(v) } } +#[inline(always)] +pub fn _vshrq_n_u64(v: uint64x2_t) -> uint64x2_t { + unsafe { vshrq_n_u64::(v) } +} + +#[inline(always)] +pub fn _vshlq_n_u64(v: uint64x2_t) -> uint64x2_t { + unsafe { vshlq_n_u64::(v) } +} + #[inline(always)] pub fn _vshlq_n_s16(v: int16x8_t) -> int16x8_t { unsafe { vshlq_n_s16::(v) } @@ -74,6 +110,12 @@ pub fn _vcgeq_s16(v: int16x8_t, c: int16x8_t) -> uint16x8_t { pub fn _vandq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { unsafe { vandq_s16(a, b) } } + +#[inline(always)] +pub fn _vbicq_u64(a: uint64x2_t, b: uint64x2_t) -> uint64x2_t { + unsafe { vbicq_u64(a, b) } +} + #[inline(always)] pub fn _vreinterpretq_s16_u16(m0: uint16x8_t) -> int16x8_t { unsafe { vreinterpretq_s16_u16(m0) } @@ -86,10 +128,17 @@ pub fn _vreinterpretq_u16_s16(m0: int16x8_t) -> uint16x8_t { pub fn _vmulq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { unsafe { vmulq_s16(v, c) } } + #[inline(always)] pub fn _veorq_s16(mask: int16x8_t, shifted: int16x8_t) -> int16x8_t { unsafe { veorq_s16(mask, shifted) } } + +#[inline(always)] +pub fn _veorq_u64(mask: uint64x2_t, shifted: uint64x2_t) -> uint64x2_t { + unsafe { veorq_u64(mask, shifted) } +} + #[inline(always)] pub fn _vdupq_n_u32(value: u32) -> uint32x4_t { unsafe { vdupq_n_u32(value) } @@ -162,6 +211,12 @@ pub fn _vtrn2q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { pub fn _vtrn1q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { unsafe { vtrn1q_s64(a, b) } } + +#[inline(always)] +pub fn _vtrn1q_u64(a: uint64x2_t, b: uint64x2_t) -> uint64x2_t { + unsafe { vtrn1q_u64(a, b) } +} + #[inline(always)] pub fn _vreinterpretq_s16_s64(a: int64x2_t) -> int16x8_t { unsafe { vreinterpretq_s16_s64(a) } @@ -174,6 +229,12 @@ pub fn _vreinterpretq_s64_s16(a: int16x8_t) -> int64x2_t { pub fn _vtrn2q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { unsafe { vtrn2q_s64(a, b) } } + +#[inline(always)] +pub fn _vtrn2q_u64(a: uint64x2_t, b: uint64x2_t) -> uint64x2_t { + unsafe { vtrn2q_u64(a, b) } +} + #[inline(always)] pub fn _vmull_s16(a: int16x4_t, b: int16x4_t) -> int32x4_t { unsafe { vmull_s16(a, b) } diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index fda408d86..2ddb70e96 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -3,7 +3,7 @@ //! A SHA3 implementation with optional simd optimisations. #![no_std] - +#![forbid(unsafe_code)] pub mod simd; mod generic_keccak; @@ -272,7 +272,7 @@ pub mod neon { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] #[inline(always)] fn keccakx2(data: [&[u8]; 2], out: [&mut [u8]; 2]) { - keccak::<2, core::arch::aarch64::uint64x2_t, RATE, DELIM>(data, out) + keccak::<2, crate::simd::arm64::uint64x2_t, RATE, DELIM>(data, out) } /// A portable SHA3 224 implementation. @@ -415,10 +415,10 @@ pub mod neon { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] pub struct KeccakState2 { - state: KeccakState<2, core::arch::aarch64::uint64x2_t>, + state: KeccakState<2, crate::simd::arm64::uint64x2_t>, } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - type KeccakState2Internal = KeccakState<2, core::arch::aarch64::uint64x2_t>; + type KeccakState2Internal = KeccakState<2, crate::simd::arm64::uint64x2_t>; #[allow(dead_code)] #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] pub struct KeccakState2 { @@ -456,7 +456,7 @@ pub mod neon { // shake128_absorb_final(&mut s1, data1); // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - absorb_final::<2, core::arch::aarch64::uint64x2_t, 168, 0x1fu8>( + absorb_final::<2, crate::simd::arm64::uint64x2_t, 168, 0x1fu8>( &mut s.state, [data0, data1], ); @@ -509,7 +509,7 @@ pub mod neon { // shake128_squeeze_first_three_blocks(&mut s1, out1); // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - squeeze_first_three_blocks::<2, core::arch::aarch64::uint64x2_t, 168>( + squeeze_first_three_blocks::<2, crate::simd::arm64::uint64x2_t, 168>( &mut s.state, [out0, out1], ) @@ -584,7 +584,7 @@ pub mod neon { // shake128_squeeze_next_block(&mut s1, out1); // } #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - squeeze_next_block::<2, core::arch::aarch64::uint64x2_t, 168>( + squeeze_next_block::<2, crate::simd::arm64::uint64x2_t, 168>( &mut s.state, [out0, out1], ) @@ -817,11 +817,11 @@ pub mod avx2 { // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] // { // let [mut s0, mut s1] = s; - // absorb_final::<2, core::arch::aarch64::uint64x2_t, 168, 0x1fu8>( + // absorb_final::<2, crate::simd::arm64::uint64x2_t, 168, 0x1fu8>( // &mut s0, // [data0, data1], // ); - // absorb_final::<2, core::arch::aarch64::uint64x2_t, 168, 0x1fu8>( + // absorb_final::<2, crate::simd::arm64::uint64x2_t, 168, 0x1fu8>( // &mut s1, // [data2, data3], // ); @@ -889,11 +889,11 @@ pub mod avx2 { // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] // { // let [mut s0, mut s1] = s; - // squeeze_first_three_blocks::<2, core::arch::aarch64::uint64x2_t, 168>( + // squeeze_first_three_blocks::<2, crate::simd::arm64::uint64x2_t, 168>( // &mut s0, // [out0, out1], // ); - // squeeze_first_three_blocks::<2, core::arch::aarch64::uint64x2_t, 168>( + // squeeze_first_three_blocks::<2, crate::simd::arm64::uint64x2_t, 168>( // &mut s1, // [out2, out3], // ); @@ -983,11 +983,11 @@ pub mod avx2 { // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] // { // let [mut s0, mut s1] = s; - // squeeze_next_block::<2, core::arch::aarch64::uint64x2_t, 168>( + // squeeze_next_block::<2, crate::simd::arm64::uint64x2_t, 168>( // &mut s0, // [out0, out1], // ); - // squeeze_next_block::<2, core::arch::aarch64::uint64x2_t, 168>( + // squeeze_next_block::<2, crate::simd::arm64::uint64x2_t, 168>( // &mut s1, // [out2, out3], // ); diff --git a/libcrux-sha3/src/simd.rs b/libcrux-sha3/src/simd.rs index 7dc25011a..d7ea2350d 100644 --- a/libcrux-sha3/src/simd.rs +++ b/libcrux-sha3/src/simd.rs @@ -6,6 +6,6 @@ //! must be used. #[cfg(feature = "simd128")] -mod arm64; +pub(crate) mod arm64; #[cfg(feature = "simd256")] -mod avx2; +pub(crate) mod avx2; diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index 5d847ca7c..9f0ca212d 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -1,7 +1,9 @@ -use core::arch::aarch64::*; +use libcrux_intrinsics::arm64::*; use crate::traits::KeccakItem; +pub type uint64x2_t = _uint64x2_t; + // This file optimizes for the stable Rust Neon Intrinsics // If we want to use the unstable neon-sha3 instructions, we could use: // veor3q_u64, vrax1q_u64, vxarq_u64, and vbcaxq_u64 @@ -12,7 +14,7 @@ fn rotate_left(x: uint64x2_t) -> uint64x2_t { debug_assert!(LEFT + RIGHT == 64); // The following looks faster but is actually significantly slower //unsafe { vsriq_n_u64::(vshlq_n_u64::(x), x) } - unsafe { veorq_u64(vshlq_n_u64::(x), vshrq_n_u64::(x)) } + _veorq_u64(_vshlq_n_u64::(x), _vshrq_n_u64::(x)) } #[inline(always)] @@ -23,24 +25,24 @@ fn _veor5q_u64( d: uint64x2_t, e: uint64x2_t, ) -> uint64x2_t { - let ab = unsafe { veorq_u64(a, b) }; - let cd = unsafe { veorq_u64(c, d) }; - let abcd = unsafe { veorq_u64(ab, cd) }; - unsafe { veorq_u64(abcd, e) } + let ab = _veorq_u64(a, b); + let cd = _veorq_u64(c, d); + let abcd = _veorq_u64(ab, cd); + _veorq_u64(abcd, e) // Needs nightly+neon-sha3 //unsafe {veor3q_u64(veor3q_u64(a,b,c),d,e)} } #[inline(always)] fn _vrax1q_u64(a: uint64x2_t, b: uint64x2_t) -> uint64x2_t { - unsafe { veorq_u64(a, rotate_left::<1, 63>(b)) } + _veorq_u64(a, rotate_left::<1, 63>(b)) // Needs nightly+neon-sha3 //unsafe { vrax1q_u64(a, b) } } #[inline(always)] fn _vxarq_u64(a: uint64x2_t, b: uint64x2_t) -> uint64x2_t { - let ab = unsafe { veorq_u64(a, b) }; + let ab = _veorq_u64(a, b); rotate_left::(ab) // Needs nightly+neon-sha3 // unsafe { vxarq_u64::(a,b) } @@ -48,27 +50,27 @@ fn _vxarq_u64(a: uint64x2_t, b: uint64x2_t) - #[inline(always)] fn _vbcaxq_u64(a: uint64x2_t, b: uint64x2_t, c: uint64x2_t) -> uint64x2_t { - unsafe { veorq_u64(a, vbicq_u64(b, c)) } + _veorq_u64(a, _vbicq_u64(b, c)) // Needs nightly+neon-sha3 // unsafe{ vbcaxq_u64(a, b, c) } } #[inline(always)] fn _veorq_n_u64(a: uint64x2_t, c: u64) -> uint64x2_t { - let c = unsafe { vdupq_n_u64(c) }; - unsafe { veorq_u64(a, c) } + let c = _vdupq_n_u64(c); + _veorq_u64(a, c) } #[inline(always)] pub(crate) fn load_block(s: &mut [[uint64x2_t; 5]; 5], blocks: [&[u8]; 2]) { debug_assert!(RATE <= blocks[0].len() && RATE % 8 == 0); for i in 0..RATE / 16 { - let v0 = unsafe { vld1q_u64(blocks[0][16 * i..16 * (i + 1)].as_ptr() as *const u64) }; - let v1 = unsafe { vld1q_u64(blocks[1][16 * i..16 * (i + 1)].as_ptr() as *const u64) }; + let v0 = _vld1q_bytes_u64(&blocks[0][16 * i..16 * (i + 1)]); + let v1 = _vld1q_bytes_u64(&blocks[1][16 * i..16 * (i + 1)]); s[(2 * i) / 5][(2 * i) % 5] = - unsafe { veorq_u64(s[(2 * i) / 5][(2 * i) % 5], vtrn1q_u64(v0, v1)) }; + _veorq_u64(s[(2 * i) / 5][(2 * i) % 5], _vtrn1q_u64(v0, v1)); s[(2 * i + 1) / 5][(2 * i + 1) % 5] = - unsafe { veorq_u64(s[(2 * i + 1) / 5][(2 * i + 1) % 5], vtrn2q_u64(v0, v1)) }; + _veorq_u64(s[(2 * i + 1) / 5][(2 * i + 1) % 5], _vtrn2q_u64(v0, v1)); } if RATE % 16 != 0 { let i = (RATE / 8 - 1) / 5; @@ -76,8 +78,8 @@ pub(crate) fn load_block(s: &mut [[uint64x2_t; 5]; 5], blocks let mut u = [0u64; 2]; u[0] = u64::from_le_bytes(blocks[0][RATE - 8..RATE].try_into().unwrap()); u[1] = u64::from_le_bytes(blocks[1][RATE - 8..RATE].try_into().unwrap()); - let uvec = unsafe { vld1q_u64(u.as_ptr() as *const u64) }; - s[i][j] = unsafe { veorq_u64(s[i][j], uvec) }; + let uvec = _vld1q_u64(&u); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -93,27 +95,27 @@ pub(crate) fn load_block_full( #[inline(always)] pub(crate) fn store_block(s: &[[uint64x2_t; 5]; 5], out: [&mut [u8]; 2]) { for i in 0..RATE / 16 { - let v0 = unsafe { - vtrn1q_u64( + let v0 = + _vtrn1q_u64( s[(2 * i) / 5][(2 * i) % 5], s[(2 * i + 1) / 5][(2 * i + 1) % 5], ) - }; - let v1 = unsafe { - vtrn2q_u64( + ; + let v1 = + _vtrn2q_u64( s[(2 * i) / 5][(2 * i) % 5], s[(2 * i + 1) / 5][(2 * i + 1) % 5], ) - }; - unsafe { vst1q_u64(out[0][16 * i..16 * (i + 1)].as_mut_ptr() as *mut u64, v0) }; - unsafe { vst1q_u64(out[1][16 * i..16 * (i + 1)].as_mut_ptr() as *mut u64, v1) }; + ; + _vst1q_bytes_u64(&mut out[0][16 * i..16 * (i + 1)], v0); + _vst1q_bytes_u64(&mut out[1][16 * i..16 * (i + 1)], v1); } if RATE % 16 != 0 { debug_assert!(RATE % 8 == 0); let i = (RATE / 8 - 1) / 5; let j = (RATE / 8 - 1) % 5; let mut u = [0u8; 16]; - unsafe { vst1q_u64(u.as_mut_ptr() as *mut u64, s[i][j]) }; + _vst1q_bytes_u64(&mut u, s[i][j]); out[0][RATE - 8..RATE].copy_from_slice(&u[0..8]); out[1][RATE - 8..RATE].copy_from_slice(&u[8..16]); } @@ -143,7 +145,7 @@ fn split_at_mut_2(out: [&mut [u8]; 2], mid: usize) -> ([&mut [u8]; 2], [&mut [u8 impl KeccakItem<2> for uint64x2_t { #[inline(always)] fn zero() -> Self { - unsafe { vdupq_n_u64(0) } + _vdupq_n_u64(0) } #[inline(always)] fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self { @@ -167,7 +169,7 @@ impl KeccakItem<2> for uint64x2_t { } #[inline(always)] fn xor(a: Self, b: Self) -> Self { - unsafe { veorq_u64(a, b) } + _veorq_u64(a, b) } #[inline(always)] fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; 2]) { From 99909f5468f4553a8d3b1ee35e382ae0f639ea30 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 28 May 2024 18:54:55 +0200 Subject: [PATCH 41/94] add a script for extracting c --- libcrux-sha3/c.sh | 60 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100755 libcrux-sha3/c.sh diff --git a/libcrux-sha3/c.sh b/libcrux-sha3/c.sh new file mode 100755 index 000000000..78ebfa20a --- /dev/null +++ b/libcrux-sha3/c.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +rm -rf c + +if [[ -z "$CHARON_HOME" ]]; then + echo "Please set CHARON_HOME to the Charon directory" 1>&2 + exit 1 +fi +if [[ -z "$EURYDICE_HOME" ]]; then + echo "Please set EURYDICE_HOME to the Eurydice directory" 1>&2 + exit 1 +fi + +portable_only=0 +no_hacl=0 +no_charon=0 + +# Parse command line arguments. +all_args=("$@") +while [ $# -gt 0 ]; do + case "$1" in + -p | --portable) portable_only=1 ;; + --no-hacl) no_hacl=1 ;; + --no-charon) no_charon=1 ;; + esac + shift +done + +if [[ "$portable_only" = 1 ]]; then + export LIBCRUX_DISABLE_SIMD256=1 + export LIBCRUX_DISABLE_SIMD128=1 +fi + +if [[ "$no_charon" = 0 ]]; then + echo "Running charon ..." + RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings +else + echo "Skipping charon" +fi + +mkdir -p c +cd c + +echo "Running eurydice ..." +$EURYDICE_HOME/eurydice --log '*' ../../libcrux_sha3.llbc +cp $EURYDICE_HOME/include/eurydice_glue.h . + +if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then + # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h + cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ + cp *.h $HACL_PACKAGES_HOME/libcrux/include + cp *.c $HACL_PACKAGES_HOME/libcrux/src +elif [[ "$no_hacl" = 0 ]]; then + echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 +else + echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 +fi From 49ca8f74e2fab7cbf6da7ec0b4bfcf4681ef340d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 28 May 2024 19:19:57 +0200 Subject: [PATCH 42/94] work around eurydice issues in sha3 --- libcrux-sha3/c.yaml | 15 +++++++++++++++ libcrux-sha3/src/generic_keccak.rs | 19 ++++++++++++++----- libcrux-sha3/src/lib.rs | 2 +- libcrux-sha3/src/portable_keccak.rs | 3 +-- libcrux-sha3/src/simd/avx2.rs | 11 +++++++++-- 5 files changed, 40 insertions(+), 10 deletions(-) create mode 100644 libcrux-sha3/c.yaml diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml new file mode 100644 index 000000000..9d5c26df6 --- /dev/null +++ b/libcrux-sha3/c.yaml @@ -0,0 +1,15 @@ +files: + # # TODO: neon and avx2 + # - name: libcrux_sha3_neon + # api: + # - [libcrux_sha3, simd, neon] + + # - name: libcrux_sha3_avx2 + # api: + # - [libcrux_sha3, simd, avx2] + + - name: core + private: + - [core, "*"] + api: + - [Eurydice, "*"] diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 5964859c2..a823b8f21 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -37,11 +37,20 @@ const _ROTC: [usize; 24] = [ #[inline(always)] pub(crate) fn theta_rho>(s: &mut KeccakState) { - let c: [T; 5] = core::array::from_fn(|j| { - T::xor5(s.st[0][j], s.st[1][j], s.st[2][j], s.st[3][j], s.st[4][j]) - }); - let t: [T; 5] = - core::array::from_fn(|j| T::rotate_left1_and_xor(c[(j + 4) % 5], c[(j + 1) % 5])); + let c: [T; 5] = [ + T::xor5(s.st[0][0], s.st[1][0], s.st[2][0], s.st[3][0], s.st[4][1]), + T::xor5(s.st[0][1], s.st[1][1], s.st[2][1], s.st[3][1], s.st[4][2]), + T::xor5(s.st[0][2], s.st[1][2], s.st[2][2], s.st[3][2], s.st[4][2]), + T::xor5(s.st[0][3], s.st[1][3], s.st[2][3], s.st[3][3], s.st[4][3]), + T::xor5(s.st[0][4], s.st[1][4], s.st[2][4], s.st[3][4], s.st[4][4]), + ]; + let t: [T; 5] = [ + T::rotate_left1_and_xor(c[(0 + 4) % 5], c[(0 + 1) % 5]), + T::rotate_left1_and_xor(c[(1 + 4) % 5], c[(1 + 1) % 5]), + T::rotate_left1_and_xor(c[(2 + 4) % 5], c[(2 + 1) % 5]), + T::rotate_left1_and_xor(c[(3 + 4) % 5], c[(3 + 1) % 5]), + T::rotate_left1_and_xor(c[(4 + 4) % 5], c[(4 + 1) % 5]), + ]; s.st[0][0] = T::xor(s.st[0][0], t[0]); s.st[1][0] = T::xor_and_rotate::<36, 28>(s.st[1][0], t[0]); diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 2ddb70e96..5b5243d05 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -23,7 +23,7 @@ pub type Sha3_384Digest = [u8; 48]; pub type Sha3_512Digest = [u8; 64]; /// The Digest Algorithm. -#[derive(Copy, Clone, Debug, PartialEq)] +#[cfg_attr(not(eurydice), derive(Copy, Clone, Debug, PartialEq))] #[repr(u32)] pub enum Algorithm { Sha224 = 1, diff --git a/libcrux-sha3/src/portable_keccak.rs b/libcrux-sha3/src/portable_keccak.rs index 341399985..fd0015804 100644 --- a/libcrux-sha3/src/portable_keccak.rs +++ b/libcrux-sha3/src/portable_keccak.rs @@ -71,8 +71,7 @@ fn slice_1(a: [&[u8]; 1], start: usize, len: usize) -> [&[u8]; 1] { #[inline(always)] fn split_at_mut_1(out: [&mut [u8]; 1], mid: usize) -> ([&mut [u8]; 1], [&mut [u8]; 1]) { - let [out0] = out; - let (out00, out01) = out0.split_at_mut(mid); + let (out00, out01) = out[0].split_at_mut(mid); ([out00], [out01]) } diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index ea51e9a1b..a22d2ac2d 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -98,8 +98,15 @@ pub(crate) fn load_block_full( s: &mut [[__m256i; 5]; 5], blocks: [[u8; 200]; 4], ) { - let [b0, b1, b2, b3] = blocks; - load_block::(s, [&b0 as &[u8], &b1 as &[u8], &b2 as &[u8], &b3 as &[u8]]); + load_block::( + s, + [ + &blocks[0] as &[u8], + &blocks[1] as &[u8], + &blocks[2] as &[u8], + &blocks[3] as &[u8], + ], + ); } #[inline(always)] From c8a38e290e97b63fe487169afe1d6bae11afc9b7 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 28 May 2024 19:20:35 +0200 Subject: [PATCH 43/94] use config to extract --- libcrux-sha3/c.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-sha3/c.sh b/libcrux-sha3/c.sh index 78ebfa20a..04cba03a4 100755 --- a/libcrux-sha3/c.sh +++ b/libcrux-sha3/c.sh @@ -45,7 +45,7 @@ mkdir -p c cd c echo "Running eurydice ..." -$EURYDICE_HOME/eurydice --log '*' ../../libcrux_sha3.llbc +$EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then From 12fb7ffd2b583b79363b27503452ff90f7d810db Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 28 May 2024 19:56:55 +0200 Subject: [PATCH 44/94] fixup sha3 --- libcrux-sha3/src/generic_keccak.rs | 4 ++-- libcrux-sha3/src/simd/arm64.rs | 28 ++++++++++++---------------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index a823b8f21..1d18b654f 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -38,8 +38,8 @@ const _ROTC: [usize; 24] = [ #[inline(always)] pub(crate) fn theta_rho>(s: &mut KeccakState) { let c: [T; 5] = [ - T::xor5(s.st[0][0], s.st[1][0], s.st[2][0], s.st[3][0], s.st[4][1]), - T::xor5(s.st[0][1], s.st[1][1], s.st[2][1], s.st[3][1], s.st[4][2]), + T::xor5(s.st[0][0], s.st[1][0], s.st[2][0], s.st[3][0], s.st[4][0]), + T::xor5(s.st[0][1], s.st[1][1], s.st[2][1], s.st[3][1], s.st[4][1]), T::xor5(s.st[0][2], s.st[1][2], s.st[2][2], s.st[3][2], s.st[4][2]), T::xor5(s.st[0][3], s.st[1][3], s.st[2][3], s.st[3][3], s.st[4][3]), T::xor5(s.st[0][4], s.st[1][4], s.st[2][4], s.st[3][4], s.st[4][4]), diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index 9f0ca212d..17aff749d 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -2,6 +2,7 @@ use libcrux_intrinsics::arm64::*; use crate::traits::KeccakItem; +#[allow(non_camel_case_types)] pub type uint64x2_t = _uint64x2_t; // This file optimizes for the stable Rust Neon Intrinsics @@ -14,7 +15,7 @@ fn rotate_left(x: uint64x2_t) -> uint64x2_t { debug_assert!(LEFT + RIGHT == 64); // The following looks faster but is actually significantly slower //unsafe { vsriq_n_u64::(vshlq_n_u64::(x), x) } - _veorq_u64(_vshlq_n_u64::(x), _vshrq_n_u64::(x)) + _veorq_u64(_vshlq_n_u64::(x), _vshrq_n_u64::(x)) } #[inline(always)] @@ -35,7 +36,7 @@ fn _veor5q_u64( #[inline(always)] fn _vrax1q_u64(a: uint64x2_t, b: uint64x2_t) -> uint64x2_t { - _veorq_u64(a, rotate_left::<1, 63>(b)) + _veorq_u64(a, rotate_left::<1, 63>(b)) // Needs nightly+neon-sha3 //unsafe { vrax1q_u64(a, b) } } @@ -67,8 +68,7 @@ pub(crate) fn load_block(s: &mut [[uint64x2_t; 5]; 5], blocks for i in 0..RATE / 16 { let v0 = _vld1q_bytes_u64(&blocks[0][16 * i..16 * (i + 1)]); let v1 = _vld1q_bytes_u64(&blocks[1][16 * i..16 * (i + 1)]); - s[(2 * i) / 5][(2 * i) % 5] = - _veorq_u64(s[(2 * i) / 5][(2 * i) % 5], _vtrn1q_u64(v0, v1)); + s[(2 * i) / 5][(2 * i) % 5] = _veorq_u64(s[(2 * i) / 5][(2 * i) % 5], _vtrn1q_u64(v0, v1)); s[(2 * i + 1) / 5][(2 * i + 1) % 5] = _veorq_u64(s[(2 * i + 1) / 5][(2 * i + 1) % 5], _vtrn2q_u64(v0, v1)); } @@ -95,18 +95,14 @@ pub(crate) fn load_block_full( #[inline(always)] pub(crate) fn store_block(s: &[[uint64x2_t; 5]; 5], out: [&mut [u8]; 2]) { for i in 0..RATE / 16 { - let v0 = - _vtrn1q_u64( - s[(2 * i) / 5][(2 * i) % 5], - s[(2 * i + 1) / 5][(2 * i + 1) % 5], - ) - ; - let v1 = - _vtrn2q_u64( - s[(2 * i) / 5][(2 * i) % 5], - s[(2 * i + 1) / 5][(2 * i + 1) % 5], - ) - ; + let v0 = _vtrn1q_u64( + s[(2 * i) / 5][(2 * i) % 5], + s[(2 * i + 1) / 5][(2 * i + 1) % 5], + ); + let v1 = _vtrn2q_u64( + s[(2 * i) / 5][(2 * i) % 5], + s[(2 * i + 1) / 5][(2 * i + 1) % 5], + ); _vst1q_bytes_u64(&mut out[0][16 * i..16 * (i + 1)], v0); _vst1q_bytes_u64(&mut out[1][16 * i..16 * (i + 1)], v1); } From e12075e04036fbd77c97e68e21a1dc32bf1941e2 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 28 May 2024 19:57:50 +0200 Subject: [PATCH 45/94] eurydice workaround --- libcrux-sha3/src/simd/arm64.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index 17aff749d..bc32dea34 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -88,8 +88,7 @@ pub(crate) fn load_block_full( s: &mut [[uint64x2_t; 5]; 5], blocks: [[u8; 200]; 2], ) { - let [b0, b1] = blocks; - load_block::(s, [&b0 as &[u8], &b1 as &[u8]]); + load_block::(s, [&blocks[0] as &[u8], &blocks[1] as &[u8]]); } #[inline(always)] From ed8938081f97147611cae9baf9480b5f4f82f6db Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 28 May 2024 11:28:32 -0700 Subject: [PATCH 46/94] A config to do separate bundling --- libcrux-ml-kem/c.yaml | 103 +++++++++++++++++++++++++----------------- 1 file changed, 61 insertions(+), 42 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 04062337f..5e8173a6b 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -20,8 +20,61 @@ files: # api: # - [libcrux_ml_kem, hash_functions, neon, "*"] + - name: libcrux_mlkem_neon + api: + - [libcrux_ml_kem, vector, neon, "*"] + - [libcrux_ml_kem, hash_functions, neon, "*"] + - [libcrux_sha3, neon, "*"] + monomorphizations_using: + - [libcrux_ml_kem, vector, neon, "*"] + - [libcrux_ml_kem, hash_functions, neon, "*"] + - [libcrux_sha3, neon, "*"] + monomorphizations_of: + - [libcrux_ml_kem, vector, neon, "*"] + - [libcrux_ml_kem, hash_functions, neon, "*"] + - [libcrux_sha3, neon, "*"] + include_in_c: + - '"libcrux_hacl_glue.h"' + + - name: libcrux_core + monomorphizations_of: + - [ core, "*"] + - [ libcrux_ml_kem, types, "*"] + - [ libcrux_ml_kem, constant_time_ops, "*"] + monomorphizations_using: + - [ Eurydice, "*" ] + - [ libcrux_ml_kem, types, "*"] + monomorphizations_exact: + - [ K, "__uint8_t[1536size_t]_uint8_t[1568size_t]" ] + - [ K, "__uint8_t[1152size_t]_uint8_t[1184size_t]" ] + - [ K, "__uint8_t[768size_t]_uint8_t[800size_t]" ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___33size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___34size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___64size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___800size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___1120size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___1600size_t ] + private: + - [ core, "*"] + - [ libcrux_ml_kem, types ] + - [ libcrux_ml_kem, constants ] + - [ libcrux_ml_kem, constant_time_ops, "*"] + api: + - [Eurydice, "*"] + + - name: libcrux_polynomial + private: + - [ libcrux_ml_kem, polynomial, "*" ] + - [ libcrux_ml_kem, vector, "*" ] + monomorphizations_of: + - [ libcrux_ml_kem, polynomial, "*" ] + - [ libcrux_ml_kem, vector, "*" ] + monomorphizations_using: + - [ libcrux_ml_kem, polynomial, "*" ] + - [ libcrux_ml_kem, vector, traits, "*" ] + - name: libcrux_mlkem_sha3_avx2 - specialized_over_trait_impl: + monomorphizations_using: - [libcrux_ml_kem, hash_functions, avx2, "*"] api: - [libcrux_ml_kem, hash_functions, avx2, "*"] @@ -34,40 +87,11 @@ files: api: - [libcrux_platform, "*"] - - name: libcrux_neon_intrinsics - library: true - # inline_static: true - api: - - [libcrux_ml_kem, vector, neon, intrinsics] - - - name: libcrux_mlkem_vector - api: - - [libcrux_ml_kem, vector, traits] - - [libcrux_ml_kem, vector] - - - name: libcrux_mlkem_constants - api: - - [libcrux_ml_kem, constants] - - - name: libcrux_mlkem_ctops - api: - - [libcrux_ml_kem, constant_time_ops] - # Extras needed for the C code from eurydice - name: libcrux_mlkem_eurydice api: - [libcrux_ml_kem, eurydice_types, "*"] - - name: libcrux_mlkem_neon - api: - - [libcrux_ml_kem, vector, neon, "*"] - - [libcrux_ml_kem, hash_functions, neon, "*"] - specialized_over_trait_impl: - - [libcrux_ml_kem, hash_functions, neon, "*"] - - [libcrux_ml_kem, vector, neon, "*"] - include_in_c: - - '"libcrux_hacl_glue.h"' - # - name: libcrux_mlkem_avx2 # api: # - [libcrux_ml_kem, vector, avx2, "*"] @@ -76,13 +100,13 @@ files: # include_in_c: # - '"libcrux_hacl_glue.h"' - - name: libcrux_mlkem_sha3 - api: - - [libcrux_ml_kem, hash_functions, "*"] - specialized_over_trait_impl: - - [libcrux_ml_kem, hash_functions, "*"] - include_in_c: - - '"libcrux_hacl_glue.h"' +# - name: libcrux_mlkem_sha3 +# api: +# - [libcrux_ml_kem, hash_functions, "*"] +# specialized_over_trait_impl: +# - [libcrux_ml_kem, hash_functions, "*"] +# include_in_c: +# - '"libcrux_hacl_glue.h"' - name: libcrux_mlkem512 api: @@ -109,8 +133,3 @@ files: - '"libcrux_hacl_glue.h"' inline_static: true - - name: core - private: - - [core, "*"] - api: - - [Eurydice, "*"] From fe313984b2dd724e4a511172e03f941e9d1840da Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 29 May 2024 15:32:57 +0200 Subject: [PATCH 47/94] testing one wrapper before going deeper --- libcrux-ml-kem/src/hash_functions.rs | 286 ++++++++++++++++++++++++++- libcrux-sha3/src/lib.rs | 32 +-- 2 files changed, 292 insertions(+), 26 deletions(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 883db728a..f45a9f108 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -36,6 +36,7 @@ pub(crate) trait Hash { /// Squeeze 1 block out of the SHAKE128 state. fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K]; + } /// A portable implementation of [`Hash`] @@ -86,7 +87,7 @@ pub(crate) mod portable { let mut out = [[0u8; LEN]; K]; for i in 0..K { - portable::shake256::(&mut out[i], &input[i]); + portable::shake256(&mut out[i], &input[i]); } out } @@ -169,13 +170,83 @@ pub(crate) mod avx2 { #[inline(always)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x4::shake256xN(input) + let mut out = [[0u8; LEN]; K]; + + match K { + 2 => { + let mut dummy_out0 = [0u8; LEN]; + let mut dummy_out1 = [0u8; LEN]; + let (out0, out1) = out.split_at_mut(1); + x4::shake256( + &input[0], + &input[1], + &input[0], + &input[0], + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::shake256( + &input[0], + &input[1], + &input[2], + &input[0], + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::shake256( + &input[0], + &input[1], + &input[2], + &input[3], + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + out } #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); - let state = x4::incremental::shake128_absorb_finalxN(input); + let mut state = x4::incremental::shake128_init(); + + match K { + 2 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[0], &input[0], + ); + } + 3 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[0], + ); + } + 4 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[3], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + Self { shake128_state: state, } @@ -184,13 +255,93 @@ pub(crate) mod avx2 { #[inline(always)] fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x4::incremental::shake128_squeeze3xN(&mut self.shake128_state) + let mut out = [[0u8; THREE_BLOCKS]; K]; + match K { + 2 => { + let mut dummy_out0 = [0u8; THREE_BLOCKS]; + let mut dummy_out1 = [0u8; THREE_BLOCKS]; + let (out0, out1) = out.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; THREE_BLOCKS]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + out } #[inline(always)] fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x4::incremental::shake128_squeezexN(&mut self.shake128_state) + let mut out = [[0u8; BLOCK_SIZE]; K]; + match K { + 2 => { + let mut dummy_out0 = [0u8; BLOCK_SIZE]; + let mut dummy_out1 = [0u8; BLOCK_SIZE]; + let (out0, out1) = out.split_at_mut(1); + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; BLOCK_SIZE]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function is only called with 2, 3, 4"), + } + out } } } @@ -226,20 +377,57 @@ pub(crate) mod neon { #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; - libcrux_sha3::neon::shake256(&mut digest, input); + let mut dummy = [0u8; LEN]; + x2::shake256(input, input, &mut digest, &mut dummy); digest } #[inline(always)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x2::shake256xN(input) + let mut out = [[0u8; LEN]; K]; + match K { + 2 => { + let (out0, out1) = out.split_at_mut(1); + x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + } + 3 => { + let mut extra = [0u8; LEN]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + x2::shake256(&input[2], &input[2], &mut out2[0], &mut extra); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + x2::shake256(&input[2], &input[3], &mut out2[0], &mut out3[0]); + } + _ => unreachable!("Only 2, 3, or 4 are supported for N"), + } + out } #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); - let state = x2::incremental::shake128_absorb_finalxN(input); + let mut state = [x2::incremental::shake128_init(), x2::incremental::shake128_init()]; + match K { + 2 => { + x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); + } + 3 => { + x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); + x2::incremental::shake128_absorb_final(&mut state[1], &input[2], &input[2]); + } + 4 => { + x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); + x2::incremental::shake128_absorb_final(&mut state[1], &input[2], &input[3]); + } + _ => unreachable!("This function can only called be called with N = 2, 3, 4"), + } Self { shake128_state: state, @@ -249,13 +437,91 @@ pub(crate) mod neon { #[inline(always)] fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x2::incremental::shake128_squeeze3xN(&mut self.shake128_state) + + let mut out = [[0u8; THREE_BLOCKS]; K]; + match K { + 2 => { + let (out0, out1) = out.split_at_mut(1); + x2::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state[0], + &mut out0[0], + &mut out1[0], + ); + } + 3 => { + let mut extra = [0u8; THREE_BLOCKS]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x2::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state[0], + &mut out0[0], + &mut out1[0], + ); + x2::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state[1], + &mut out2[0], + &mut extra, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x2::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state[0], + &mut out0[0], + &mut out1[0], + ); + x2::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state[1], + &mut out2[0], + &mut out3[0], + ); + } + _ => unreachable!("This function can only called be called with N = 2, 3, 4"), + } + out } #[inline(always)] fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); - x2::incremental::shake128_squeezexN(&mut self.shake128_state) + + let mut out = [[0u8; BLOCK_SIZE]; K]; + match K { + 2 => { + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[0], &mut out0, &mut out1); + out[0] = out0; + out[1] = out1; + } + 3 => { + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + let mut out2 = [0u8; BLOCK_SIZE]; + let mut out3 = [0u8; BLOCK_SIZE]; + x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[0], &mut out0, &mut out1); + x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[1], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; + } + 4 => { + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + let mut out2 = [0u8; BLOCK_SIZE]; + let mut out3 = [0u8; BLOCK_SIZE]; + x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[0], &mut out0, &mut out1); + x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[1], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; + } + _ => unreachable!("This function is only called with N = 2, 3, 4"), + } + out } } } diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 5b5243d05..60340574a 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -214,13 +214,13 @@ pub mod portable { /// A portable SHAKE128 implementation. #[inline(always)] - pub fn shake128(digest: &mut [u8; LEN], data: &[u8]) { + pub fn shake128(digest: &mut [u8], data: &[u8]) { keccakx1::<168, 0x1fu8>([data], [digest]); } /// A portable SHAKE256 implementation. #[inline(always)] - pub fn shake256(digest: &mut [u8; LEN], data: &[u8]) { + pub fn shake256(digest: &mut [u8], data: &[u8]) { keccakx1::<136, 0x1fu8>([data], [digest]); } @@ -376,7 +376,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(non_snake_case)] #[inline(always)] - pub fn shake256xN( + fn shake256xN( input: &[[u8; 33]; N], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -445,7 +445,7 @@ pub mod neon { #[inline(always)] #[allow(unused_variables)] - fn shake128_absorb_final(s: &mut KeccakState2, data0: &[u8], data1: &[u8]) { + pub fn shake128_absorb_final(s: &mut KeccakState2, data0: &[u8], data1: &[u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with @@ -468,7 +468,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - pub fn shake128_absorb_finalxN( + fn shake128_absorb_finalxN( input: [[u8; 34]; N], ) -> [KeccakState2; 2] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -494,7 +494,7 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] - fn shake128_squeeze_first_three_blocks( + pub fn shake128_squeeze_first_three_blocks( s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8], @@ -521,7 +521,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - pub fn shake128_squeeze3xN( + fn shake128_squeeze3xN( state: &mut [KeccakState2; 2], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -573,7 +573,7 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] - fn shake128_squeeze_next_block(s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8]) { + pub fn shake128_squeeze_next_block(s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8]) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with @@ -596,7 +596,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - pub fn shake128_squeezexN( + fn shake128_squeezexN( state: &mut [KeccakState2; 2], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -695,7 +695,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - pub fn shake256xN( + fn shake256xN( input: &[[u8; 33]; N], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -803,7 +803,7 @@ pub mod avx2 { #[inline(always)] #[allow(unused_variables)] // TODO: decide if we want to fall back here - fn shake128_absorb_final( + pub fn shake128_absorb_final( s: &mut KeccakState4, data0: &[u8], data1: &[u8], @@ -847,7 +847,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[inline(always)] #[allow(unused_variables, non_snake_case)] - pub fn shake128_absorb_finalxN(input: [[u8; 34]; N]) -> KeccakState4 { + fn shake128_absorb_finalxN(input: [[u8; 34]; N]) -> KeccakState4 { debug_assert!(N == 2 || N == 3 || N == 4); let mut state = shake128_init(); @@ -875,7 +875,7 @@ pub mod avx2 { #[inline(always)] #[allow(unused_variables)] // TODO: decide if we want to fall back here - fn shake128_squeeze_first_three_blocks( + pub fn shake128_squeeze_first_three_blocks( s: &mut KeccakState4, out0: &mut [u8], out1: &mut [u8], @@ -919,7 +919,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[inline(always)] #[allow(unused_variables, non_snake_case)] - pub fn shake128_squeeze3xN( + fn shake128_squeeze3xN( state: &mut KeccakState4, ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -969,7 +969,7 @@ pub mod avx2 { #[inline(always)] #[allow(unused_variables)] // TODO: decide if we want to fall back here - fn shake128_squeeze_next_block( + pub fn shake128_squeeze_next_block( s: &mut KeccakState4, out0: &mut [u8], out1: &mut [u8], @@ -1013,7 +1013,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - pub fn shake128_squeezexN( + fn shake128_squeezexN( state: &mut KeccakState4, ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); From 39e5d0d495c08ba77394e54b37ce1387a63bbd75 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 29 May 2024 15:44:37 +0200 Subject: [PATCH 48/94] testing one wrapper before going deeper --- libcrux-sha3/src/lib.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 60340574a..0cd524e8d 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -376,7 +376,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(non_snake_case)] #[inline(always)] - fn shake256xN( + fn _shake256xN( input: &[[u8; 33]; N], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -468,7 +468,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn shake128_absorb_finalxN( + fn _shake128_absorb_finalxN( input: [[u8; 34]; N], ) -> [KeccakState2; 2] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -521,7 +521,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn shake128_squeeze3xN( + fn _shake128_squeeze3xN( state: &mut [KeccakState2; 2], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -596,7 +596,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn shake128_squeezexN( + fn _shake128_squeezexN( state: &mut [KeccakState2; 2], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -695,7 +695,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn shake256xN( + fn _shake256xN( input: &[[u8; 33]; N], ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -847,7 +847,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[inline(always)] #[allow(unused_variables, non_snake_case)] - fn shake128_absorb_finalxN(input: [[u8; 34]; N]) -> KeccakState4 { + fn _shake128_absorb_finalxN(input: [[u8; 34]; N]) -> KeccakState4 { debug_assert!(N == 2 || N == 3 || N == 4); let mut state = shake128_init(); @@ -919,7 +919,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[inline(always)] #[allow(unused_variables, non_snake_case)] - fn shake128_squeeze3xN( + fn _shake128_squeeze3xN( state: &mut KeccakState4, ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); @@ -1013,7 +1013,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn shake128_squeezexN( + fn _shake128_squeezexN( state: &mut KeccakState4, ) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); From 04843f2764f617e98ddb9d0e23ad98377ab77f36 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 29 May 2024 15:58:01 +0200 Subject: [PATCH 49/94] re-extract into `c-snapshot/` --- libcrux-sha3/c-snapshot/core.c | 21 + libcrux-sha3/c-snapshot/core.h | 33 + libcrux-sha3/c-snapshot/internal/core.h | 49 + .../c-snapshot/internal/libcrux_sha3.h | 31 + libcrux-sha3/c-snapshot/libcrux_sha3.c | 6224 +++++++++++++++++ libcrux-sha3/c-snapshot/libcrux_sha3.h | 1717 +++++ 6 files changed, 8075 insertions(+) create mode 100644 libcrux-sha3/c-snapshot/core.c create mode 100644 libcrux-sha3/c-snapshot/core.h create mode 100644 libcrux-sha3/c-snapshot/internal/core.h create mode 100644 libcrux-sha3/c-snapshot/internal/libcrux_sha3.h create mode 100644 libcrux-sha3/c-snapshot/libcrux_sha3.c create mode 100644 libcrux-sha3/c-snapshot/libcrux_sha3.h diff --git a/libcrux-sha3/c-snapshot/core.c b/libcrux-sha3/c-snapshot/core.c new file mode 100644 index 000000000..629e77c65 --- /dev/null +++ b/libcrux-sha3/c-snapshot/core.c @@ -0,0 +1,21 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/core.h" + +typedef struct Error_s { } Error; + +typedef struct Result_____core_fmt_Error_s +{ + core_result_Result_____core_fmt_Error_tags tag; + void *f0; +} +Result_____core_fmt_Error; + +extern Result_____core_fmt_Error +core_fmt_num_imp___core__fmt__Display_for_u32__5__fmt(uint32_t *x0, core_fmt_Formatter *x1); + diff --git a/libcrux-sha3/c-snapshot/core.h b/libcrux-sha3/c-snapshot/core.h new file mode 100644 index 000000000..05fec27b0 --- /dev/null +++ b/libcrux-sha3/c-snapshot/core.h @@ -0,0 +1,33 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __core_H +#define __core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#if defined(__cplusplus) +} +#endif + +#define __core_H_DEFINED +#endif diff --git a/libcrux-sha3/c-snapshot/internal/core.h b/libcrux-sha3/c-snapshot/internal/core.h new file mode 100644 index 000000000..d27fb5d12 --- /dev/null +++ b/libcrux-sha3/c-snapshot/internal/core.h @@ -0,0 +1,49 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_core_H +#define __internal_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../core.h" +#include "eurydice_glue.h" + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +typedef struct core_option_Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +core_option_Option__size_t; + +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_____core_fmt_Error_tags; + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +extern core_fmt_Arguments +core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); + +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_core_H_DEFINED +#endif diff --git a/libcrux-sha3/c-snapshot/internal/libcrux_sha3.h b/libcrux-sha3/c-snapshot/internal/libcrux_sha3.h new file mode 100644 index 000000000..7089a1900 --- /dev/null +++ b/libcrux-sha3/c-snapshot/internal/libcrux_sha3.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __internal_libcrux_sha3_H +#define __internal_libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/core.h" +#include "../libcrux_sha3.h" +#include "eurydice_glue.h" + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_H_DEFINED +#endif diff --git a/libcrux-sha3/c-snapshot/libcrux_sha3.c b/libcrux-sha3/c-snapshot/libcrux_sha3.c new file mode 100644 index 000000000..187eab45e --- /dev/null +++ b/libcrux-sha3/c-snapshot/libcrux_sha3.c @@ -0,0 +1,6224 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: + */ + +#include "internal/libcrux_sha3.h" + +#include "internal/core.h" + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veor5q_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i uu____0 = a; + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(b)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vbcaxq_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i uu____0 = a; + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) +{ + core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +inline void +libcrux_sha3_simd_avx2_slice_4( + Eurydice_slice a[4U], + size_t start, + size_t len, + Eurydice_slice ret[4U] +) +{ + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(a[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(a[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = + Eurydice_slice_subslice(a[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero( + void +) +{ + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant( + core_core_arch_x86___m256i a, + uint64_t c +) +{ + return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n( + Eurydice_slice a[4U], + size_t start, + size_t len, + Eurydice_slice ret[4U] +) +{ + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[4U]; + libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); +} + +inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n( + Eurydice_slice a[4U], + size_t mid +) +{ + return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); +} + +const +size_t +libcrux_sha3_generic_keccak__ROTC[24U] = + { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, + (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, + (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, + (size_t)61U, (size_t)56U, (size_t)14U + }; + +const +size_t +libcrux_sha3_generic_keccak__PI[24U] = + { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, + (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, + (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, + (size_t)14U, (size_t)15U, (size_t)21U + }; + +const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; + +inline uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) +{ + uint64_t uu____0 = a; + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) +{ + return a ^ (b & ~c); +} + +inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) +{ + return a ^ c; +} + +inline void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + ret[0U] = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out[0U], + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) +{ + return 0ULL; +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +) +{ + return a ^ b; +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); +} + +inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +) +{ + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) +{ + libcrux_sha3_Algorithm uu____0; + switch (v) + { + case 1U: + { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: + { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: + { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: + { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: + { + Prims_string buf0[1U] = { "Unknown Digest mode " }; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1U, buf0, Prims_string, Eurydice_slice); + core_fmt_rt_Argument + buf[1U] = + { + core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(core_fmt_num_imp___core__fmt__Display_for_u32__5__fmt, + &v, + uint32_t, + core_fmt_rt_Argument) + }; + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____1, + Eurydice_array_to_slice((size_t)1U, buf, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } + } + return uu____0; +} + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +) +{ + uint32_t uu____0; + switch (v) + { + case libcrux_sha3_Sha224: + { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = 4U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) +{ + size_t uu____0; + switch (mode) + { + case libcrux_sha3_Sha224: + { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = (size_t)64U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result_____core_fmt_Error_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_8size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + uint64_t + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + uint64_t + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + uint64_t + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + uint64_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + uint64_t + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + uint64_t + uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + uint64_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)72U, + (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)144U, + (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)104U, + (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); +} + +inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha224(digest, payload); +} + +inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) +{ + uint8_t out[28U] = { 0U }; + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha256(digest, payload); +} + +inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) +{ + uint8_t out[32U] = { 0U }; + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha384(digest, payload); +} + +inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) +{ + uint8_t out[48U] = { 0U }; + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha512(digest, payload); +} + +inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)168U, + (size_t)168U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +) +{ + return self[0U]; +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} + +inline void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); +} + +inline void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +inline void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} + +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice data0, + Eurydice_slice data1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; + lit.st[0U][0U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[0U][1U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[0U][2U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[0U][3U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[0U][4U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[1U][0U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[1U][1U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[1U][2U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[1U][3U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[1U][4U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[2U][0U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[2U][1U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[2U][2U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[2U][3U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[2U][4U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[3U][0U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[3U][1U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[3U][2U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[3U][3U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[3U][4U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[4U][0U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[4U][1U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[4U][2U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[4U][3U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + lit.st[4U][4U] = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); + return lit; +} + +inline void +libcrux_sha3_simd_avx2_load_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, uu____1); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i + uu____0 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_x86___m256i + uu____1 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_x86___m256i + uu____2 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_x86___m256i + uu____3 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_x86___m256i + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + core_core_arch_x86___m256i + uu____4 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____5 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____6 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____7 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + core_core_arch_x86___m256i + uu____8 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i + uu____9 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i + uu____10 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i + uu____11 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i + uu____12 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i + uu____13 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i + uu____14 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i + uu____15 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i + uu____16 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i + uu____17 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i + uu____18 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i + uu____19 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i + uu____20 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i + uu____21 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i + uu____22 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i + uu____23 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i + uu____24 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i + uu____25 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i + uu____26 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i + uu____27 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i + uu____28 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i + uu____29 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i + uu____30 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i + uu____31 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i + uu____32 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +inline void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + core_core_arch_x86___m256i [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +) +{ + core_core_arch_x86___m256i + uu____0 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +inline void +libcrux_sha3_simd_avx2_load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, buf); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2_load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +inline void +libcrux_sha3_simd_avx2_store_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_simd_avx2_store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t ret[4U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + uint8_t out2[200U] = { 0U }; + uint8_t out3[200U] = { 0U }; + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + out3, + uint8_t, + Eurydice_slice) + }; + libcrux_sha3_simd_avx2_store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t ret[4U][200U] +) +{ + uint8_t ret0[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +) +{ + libcrux_sha3_simd_avx2_store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o); + memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, + buf); +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); +} + +inline void +libcrux_sha3_simd_avx2_load_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +inline void +libcrux_sha3_simd_avx2_load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + libcrux_sha3_simd_avx2_load_block___168size_t(uu____0, buf); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2_load_block_full___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +) +{ + Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, + buf); +} + +inline void +libcrux_sha3_simd_avx2_store_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +) +{ + libcrux_sha3_simd_avx2_store_block___168size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____0 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____1 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o1); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o2); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + diff --git a/libcrux-sha3/c-snapshot/libcrux_sha3.h b/libcrux-sha3/c-snapshot/libcrux_sha3.h new file mode 100644 index 000000000..8646695bb --- /dev/null +++ b/libcrux-sha3/c-snapshot/libcrux_sha3.h @@ -0,0 +1,1717 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_sha3_H +#define __libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "core.h" +#include "eurydice_glue.h" + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi64(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veor5q_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_andnot_si256( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vbcaxq_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t x0); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice x0); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi64( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i x0, + core_core_arch_x86___m256i x1 +); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permute2x128_si256( + int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m256i x2 +); + +extern void +libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice x0, core_core_arch_x86___m256i x1); + +void +libcrux_sha3_simd_avx2_slice_4( + Eurydice_slice a[4U], + size_t start, + size_t len, + Eurydice_slice ret[4U] +); + +typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s +{ + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} +K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + +extern K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice x0[4U], size_t x1); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero( + void +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant( + core_core_arch_x86___m256i a, + uint64_t c +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n( + Eurydice_slice a[4U], + size_t start, + size_t len, + Eurydice_slice ret[4U] +); + +K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n( + Eurydice_slice a[4U], + size_t mid +); + +extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; + +extern const size_t libcrux_sha3_generic_keccak__PI[24U]; + +extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; + +uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); + +uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c); + +uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c); + +void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +); + +typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s +{ + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +); + +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +); + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +); + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); + +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s +{ uint64_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +); + +void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); + +void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); + +void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); + +void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); + +void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_KeccakState1; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +); + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void); + +void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +); + +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } +libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void); + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice data0, + Eurydice_slice data1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s +{ core_core_arch_x86___m256i st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +); + +void +libcrux_sha3_simd_avx2_load_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_simd_avx2_load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_simd_avx2_store_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +); + +void +libcrux_sha3_simd_avx2_store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t ret[4U][200U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t ret[4U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +); + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void); + +void +libcrux_sha3_simd_avx2_load_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_simd_avx2_load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +); + +void +libcrux_sha3_simd_avx2_store_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_H_DEFINED +#endif From 540556fd289f6fc32f99463209a7c92f493f75c5 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 29 May 2024 16:48:56 +0200 Subject: [PATCH 50/94] c.yaml: replicate neon options for avx2 --- libcrux-ml-kem/c.yaml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 5e8173a6b..68b4b4e38 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -36,6 +36,22 @@ files: include_in_c: - '"libcrux_hacl_glue.h"' + - name: libcrux_mlkem_avx2 + api: + - [libcrux_ml_kem, vector, avx2, "*"] + - [libcrux_ml_kem, hash_functions, avx2, "*"] + - [libcrux_sha3, avx2, "*"] + monomorphizations_using: + - [libcrux_ml_kem, vector, avx2, "*"] + - [libcrux_ml_kem, hash_functions, avx2, "*"] + - [libcrux_sha3, avx2, "*"] + monomorphizations_of: + - [libcrux_ml_kem, vector, avx2, "*"] + - [libcrux_ml_kem, hash_functions, avx2, "*"] + - [libcrux_sha3, avx2, "*"] + include_in_c: + - '"libcrux_hacl_glue.h"' + - name: libcrux_core monomorphizations_of: - [ core, "*"] @@ -120,7 +136,7 @@ files: include_in_c: - '"libcrux_hacl_glue.h"' - - name: libcrux_mlkem1027 + - name: libcrux_mlkem1024 api: - [libcrux_ml_kem, mlkem1024] include_in_c: From 75363220d5d559d2a0083c43620aae6501d2cb86 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 29 May 2024 19:46:28 +0200 Subject: [PATCH 51/94] sha3 c.yaml --- libcrux-sha3/c.yaml | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml index 9d5c26df6..96abc4c0e 100644 --- a/libcrux-sha3/c.yaml +++ b/libcrux-sha3/c.yaml @@ -1,12 +1,38 @@ files: - # # TODO: neon and avx2 - # - name: libcrux_sha3_neon - # api: - # - [libcrux_sha3, simd, neon] - - # - name: libcrux_sha3_avx2 - # api: - # - [libcrux_sha3, simd, avx2] + # Different crate + - name: libcrux_intrinsics_neon + inline_static: true + api: + - [libcrux_intrinsics, arm64] + + # Different crate + - name: libcrux_intrinsics_avx2 + api: + - [libcrux_intrinsics, avx2] + + - name: libcrux_platform + api: + - [libcrux_platform, "*"] + + - name: libcrux_sha3_neon + api: + - [libcrux_sha3, neon, "*"] + - [libcrux_sha3, simd, neon, "*"] + include_in_c: + - '"intrinsics/libcrux_intrinsics_arm64.h"' + + - name: libcrux_sha3_avx2 + api: + - [libcrux_sha3, avx2, "*"] + - [libcrux_sha3, simd, avx2, "*"] + include_in_c: + - '"intrinsics/libcrux_intrinsics_avx2.h"' + + - name: libcrux_sha3 + api: + - [libcrux_sha3] + include_in_c: + - '"libcrux_core.h"' - name: core private: From 88b6c428bd0aa2ddd15231eddeabdd94013360dd Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 11:03:18 -0700 Subject: [PATCH 52/94] Fix bundling --- libcrux-sha3/c.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml index 96abc4c0e..d74f59dbb 100644 --- a/libcrux-sha3/c.yaml +++ b/libcrux-sha3/c.yaml @@ -17,13 +17,23 @@ files: - name: libcrux_sha3_neon api: - [libcrux_sha3, neon, "*"] - - [libcrux_sha3, simd, neon, "*"] + private: + - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_of: + - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_using: + - [libcrux_sha3, simd, arm64, "*"] include_in_c: - '"intrinsics/libcrux_intrinsics_arm64.h"' - name: libcrux_sha3_avx2 api: - [libcrux_sha3, avx2, "*"] + private: + - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_of: + - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_using: - [libcrux_sha3, simd, avx2, "*"] include_in_c: - '"intrinsics/libcrux_intrinsics_avx2.h"' From c243e018a42c7cd1739c9c973cd4c8c653403f32 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 29 May 2024 20:45:41 +0200 Subject: [PATCH 53/94] c code sha3 with build --- libcrux-sha3/c-snapshot/libcrux_sha3.c | 6224 ----------------- libcrux-sha3/c.sh | 19 +- libcrux-sha3/c.yaml | 2 - libcrux-sha3/c/CMakeLists.txt | 40 + libcrux-sha3/{c-snapshot => c}/core.c | 4 +- libcrux-sha3/{c-snapshot => c}/core.h | 4 +- libcrux-sha3/c/eurydice_glue.h | 231 + .../{c-snapshot => c}/internal/core.h | 9 +- .../{c-snapshot => c}/internal/libcrux_sha3.h | 4 +- libcrux-sha3/c/internal/libcrux_sha3_avx2.h | 463 ++ .../c/intrinsics/libcrux_intrinsics_arm64.h | 552 ++ .../c/intrinsics/libcrux_intrinsics_avx2.h | 476 ++ .../c/karamel/include/krml/c_endianness.h | 13 + .../c/karamel/include/krml/fstar_int.h | 81 + .../c/karamel/include/krml/internal/builtin.h | 18 + .../karamel/include/krml/internal/callconv.h | 27 + .../c/karamel/include/krml/internal/compat.h | 32 + .../c/karamel/include/krml/internal/debug.h | 57 + .../c/karamel/include/krml/internal/target.h | 384 + .../c/karamel/include/krml/internal/types.h | 105 + .../include/krml/internal/wasmsupport.h | 5 + .../karamel/include/krml/lowstar_endianness.h | 231 + libcrux-sha3/c/karamel/include/krmllib.h | 28 + .../krmllib/dist/minimal/FStar_UInt128.h | 78 + .../dist/minimal/FStar_UInt128_Verified.h | 346 + .../dist/minimal/FStar_UInt_8_16_32_64.h | 213 + .../krmllib/dist/minimal/LowStar_Endianness.h | 27 + .../krmllib/dist/minimal/Makefile.basic | 56 + .../krmllib/dist/minimal/Makefile.include | 5 + .../dist/minimal/fstar_uint128_gcc64.h | 165 + .../krmllib/dist/minimal/fstar_uint128_msvc.h | 510 ++ .../minimal/fstar_uint128_struct_endianness.h | 68 + .../krmllib/dist/minimal/libkrmllib.def | 11 + libcrux-sha3/c/libcrux_intrinsics_avx2.h | 20 + libcrux-sha3/c/libcrux_sha3.c | 3293 +++++++++ libcrux-sha3/{c-snapshot => c}/libcrux_sha3.h | 798 +-- libcrux-sha3/c/libcrux_sha3_avx2.c | 2720 +++++++ libcrux-sha3/c/libcrux_sha3_avx2.h | 172 + libcrux-sha3/c/libcrux_sha3_neon.c | 178 + libcrux-sha3/c/libcrux_sha3_neon.h | 68 + libcrux-sha3/c/log.yxy | 1652 +++++ 41 files changed, 12355 insertions(+), 7034 deletions(-) delete mode 100644 libcrux-sha3/c-snapshot/libcrux_sha3.c create mode 100644 libcrux-sha3/c/CMakeLists.txt rename libcrux-sha3/{c-snapshot => c}/core.c (71%) rename libcrux-sha3/{c-snapshot => c}/core.h (74%) create mode 100644 libcrux-sha3/c/eurydice_glue.h rename libcrux-sha3/{c-snapshot => c}/internal/core.h (68%) rename libcrux-sha3/{c-snapshot => c}/internal/libcrux_sha3.h (75%) create mode 100644 libcrux-sha3/c/internal/libcrux_sha3_avx2.h create mode 100644 libcrux-sha3/c/intrinsics/libcrux_intrinsics_arm64.h create mode 100644 libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h create mode 100644 libcrux-sha3/c/karamel/include/krml/c_endianness.h create mode 100644 libcrux-sha3/c/karamel/include/krml/fstar_int.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/builtin.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/callconv.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/compat.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/debug.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/target.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/types.h create mode 100644 libcrux-sha3/c/karamel/include/krml/internal/wasmsupport.h create mode 100644 libcrux-sha3/c/karamel/include/krml/lowstar_endianness.h create mode 100644 libcrux-sha3/c/karamel/include/krmllib.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.basic create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.include create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h create mode 100644 libcrux-sha3/c/karamel/krmllib/dist/minimal/libkrmllib.def create mode 100644 libcrux-sha3/c/libcrux_intrinsics_avx2.h create mode 100644 libcrux-sha3/c/libcrux_sha3.c rename libcrux-sha3/{c-snapshot => c}/libcrux_sha3.h (52%) create mode 100644 libcrux-sha3/c/libcrux_sha3_avx2.c create mode 100644 libcrux-sha3/c/libcrux_sha3_avx2.h create mode 100644 libcrux-sha3/c/libcrux_sha3_neon.c create mode 100644 libcrux-sha3/c/libcrux_sha3_neon.h create mode 100644 libcrux-sha3/c/log.yxy diff --git a/libcrux-sha3/c-snapshot/libcrux_sha3.c b/libcrux-sha3/c-snapshot/libcrux_sha3.c deleted file mode 100644 index 187eab45e..000000000 --- a/libcrux-sha3/c-snapshot/libcrux_sha3.c +++ /dev/null @@ -1,6224 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/libcrux_sha3.h" - -#include "internal/core.h" - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i uu____0 = a; - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(b)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i uu____0 = a; - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) -{ - core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -inline void -libcrux_sha3_simd_avx2_slice_4( - Eurydice_slice a[4U], - size_t start, - size_t len, - Eurydice_slice ret[4U] -) -{ - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(a[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(a[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = - Eurydice_slice_subslice(a[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero( - void -) -{ - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ - return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ - return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant( - core_core_arch_x86___m256i a, - uint64_t c -) -{ - return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n( - Eurydice_slice a[4U], - size_t start, - size_t len, - Eurydice_slice ret[4U] -) -{ - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); -} - -inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n( - Eurydice_slice a[4U], - size_t mid -) -{ - return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); -} - -const -size_t -libcrux_sha3_generic_keccak__ROTC[24U] = - { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, - (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, - (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, - (size_t)61U, (size_t)56U, (size_t)14U - }; - -const -size_t -libcrux_sha3_generic_keccak__PI[24U] = - { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, - (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, - (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, - (size_t)14U, (size_t)15U, (size_t)21U - }; - -const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - -inline uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; -} - -inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) -{ - uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); -} - -inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) -{ - return a ^ (b & ~c); -} - -inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) -{ - return a ^ c; -} - -inline void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - ret[0U] = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out[0U], - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) -{ - return 0ULL; -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -) -{ - return a ^ b; -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); -} - -inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -) -{ - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) -{ - libcrux_sha3_Algorithm uu____0; - switch (v) - { - case 1U: - { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: - { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: - { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: - { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: - { - Prims_string buf0[1U] = { "Unknown Digest mode " }; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1U, buf0, Prims_string, Eurydice_slice); - core_fmt_rt_Argument - buf[1U] = - { - core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(core_fmt_num_imp___core__fmt__Display_for_u32__5__fmt, - &v, - uint32_t, - core_fmt_rt_Argument) - }; - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____1, - Eurydice_array_to_slice((size_t)1U, buf, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } - } - return uu____0; -} - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -) -{ - uint32_t uu____0; - switch (v) - { - case libcrux_sha3_Sha224: - { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = 4U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) -{ - size_t uu____0; - switch (mode) - { - case libcrux_sha3_Sha224: - { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = (size_t)64U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; - lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - return lit; -} - -typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result_____core_fmt_Error_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_8size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - uint64_t - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - uint64_t - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - uint64_t - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - uint64_t - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - uint64_t - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - uint64_t - uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], - t[0U]); - s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); - s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); - s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); - s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); - s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); - s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); - s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); - s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); - s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); - s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); - s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); - s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); - s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); - s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); - s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); - s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); - s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); - s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); - s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); - s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); - s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); - s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); - s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); - s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); - s->st[4U][4U] = uu____32; -} - -inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - uint64_t [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { - size_t j = i; - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } -} - -inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)72U, - (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)144U, - (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)104U, - (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); -} - -inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha224(digest, payload); -} - -inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) -{ - uint8_t out[28U] = { 0U }; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); -} - -inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha256(digest, payload); -} - -inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) -{ - uint8_t out[32U] = { 0U }; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - -inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha384(digest, payload); -} - -inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) -{ - uint8_t out[48U] = { 0U }; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); -} - -inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha512(digest, payload); -} - -inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)168U, - (size_t)168U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -) -{ - return self[0U]; -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); -} - -inline void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); -} - -inline void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); -} - -inline void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); -} - -inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; - lit.st[0U][0U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[0U][1U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[0U][2U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[0U][3U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[0U][4U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[1U][0U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[1U][1U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[1U][2U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[1U][3U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[1U][4U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[2U][0U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[2U][1U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[2U][2U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[2U][3U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[2U][4U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[3U][0U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[3U][1U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[3U][2U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[3U][3U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[3U][4U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[4U][0U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[4U][1U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[4U][2U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[4U][3U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - lit.st[4U][4U] = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero(); - return lit; -} - -inline void -libcrux_sha3_simd_avx2_load_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, uu____1); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i - uu____0 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_x86___m256i - uu____1 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_x86___m256i - uu____2 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_x86___m256i - uu____3 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_x86___m256i - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - core_core_arch_x86___m256i - uu____4 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____5 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____6 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____7 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - core_core_arch_x86___m256i - uu____8 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor(s->st[0U][0U], - t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i - uu____9 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i - uu____10 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i - uu____11 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i - uu____12 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i - uu____13 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i - uu____14 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i - uu____15 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i - uu____16 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i - uu____17 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i - uu____18 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i - uu____19 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i - uu____20 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i - uu____21 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i - uu____22 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i - uu____23 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i - uu____24 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i - uu____25 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i - uu____26 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i - uu____27 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i - uu____28 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i - uu____29 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i - uu____30 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i - uu____31 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i - uu____32 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); - s->st[4U][4U] = uu____32; -} - -inline void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - core_core_arch_x86___m256i [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -inline void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { - size_t j = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } -} - -inline void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -) -{ - core_core_arch_x86___m256i - uu____0 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -inline void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -inline void -libcrux_sha3_simd_avx2_load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; - libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, buf); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2_load_block_full___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -inline void -libcrux_sha3_simd_avx2_store_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_simd_avx2_store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t ret[4U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - uint8_t out2[200U] = { 0U }; - uint8_t out3[200U] = { 0U }; - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - out3, - uint8_t, - Eurydice_slice) - }; - libcrux_sha3_simd_avx2_store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t ret[4U][200U] -) -{ - uint8_t ret0[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -) -{ - libcrux_sha3_simd_avx2_store_block___136size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o); - memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, - buf); -} - -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); -} - -inline void -libcrux_sha3_simd_avx2_load_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -inline void -libcrux_sha3_simd_avx2_load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; - libcrux_sha3_simd_avx2_load_block___168size_t(uu____0, buf); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2_load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; - } - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -inline void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -) -{ - Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, - buf); -} - -inline void -libcrux_sha3_simd_avx2_store_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -) -{ - libcrux_sha3_simd_avx2_store_block___168size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____0 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____1 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n(o10, - (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o1); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o2); -} - -inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); -} - -inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); -} - diff --git a/libcrux-sha3/c.sh b/libcrux-sha3/c.sh index 04cba03a4..a022e56a0 100755 --- a/libcrux-sha3/c.sh +++ b/libcrux-sha3/c.sh @@ -3,7 +3,9 @@ set -e set -o pipefail -rm -rf c +cdir=c + +# rm -rf $cdir if [[ -z "$CHARON_HOME" ]]; then echo "Please set CHARON_HOME to the Charon directory" 1>&2 @@ -41,20 +43,11 @@ else echo "Skipping charon" fi -mkdir -p c -cd c +mkdir -p $cdir +cd $cdir echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . -if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then - # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h - cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ - cp *.h $HACL_PACKAGES_HOME/libcrux/include - cp *.c $HACL_PACKAGES_HOME/libcrux/src -elif [[ "$no_hacl" = 0 ]]; then - echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 -else - echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 -fi +# TODO: copy karamel diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml index d74f59dbb..b1e2a2578 100644 --- a/libcrux-sha3/c.yaml +++ b/libcrux-sha3/c.yaml @@ -41,8 +41,6 @@ files: - name: libcrux_sha3 api: - [libcrux_sha3] - include_in_c: - - '"libcrux_core.h"' - name: core private: diff --git a/libcrux-sha3/c/CMakeLists.txt b/libcrux-sha3/c/CMakeLists.txt new file mode 100644 index 000000000..0322020e6 --- /dev/null +++ b/libcrux-sha3/c/CMakeLists.txt @@ -0,0 +1,40 @@ +# cmake -B build -G "Ninja Multi-Config" +# cmake --build build + +cmake_minimum_required(VERSION 3.10) + +project(libcrux-sha3 + VERSION 0.1.0 + LANGUAGES C +) + +set(CMAKE_C_FLAGS " -Wall ") +include_directories( + ${PROJECT_SOURCE_DIR} + ${PROJECT_SOURCE_DIR}/internal + ${PROJECT_SOURCE_DIR}/karamel/include +) +file(GLOB SOURCES + core.c + libcrux_sha3.c +) +# file(GLOB VEC128_SOURCES +# libcrux_sha3_neon.c +# ) +file(GLOB SOURCES_vec256 + libcrux_sha3_avx2.c +) + +add_library(sha3_vec256 OBJECT ${SOURCES_vec256}) +add_library(sha3 SHARED ${SOURCES}) +add_library(sha3_static STATIC ${SOURCES}) + +target_compile_options(sha3_vec256 PRIVATE + -mavx + -mavx2 +) + +# if(LIBCRUX_VEC256) +target_sources(sha3_static PRIVATE $) +target_sources(sha3 PRIVATE $) +# endif() diff --git a/libcrux-sha3/c-snapshot/core.c b/libcrux-sha3/c/core.c similarity index 71% rename from libcrux-sha3/c-snapshot/core.c rename to libcrux-sha3/c/core.c index 629e77c65..7cf08bf02 100644 --- a/libcrux-sha3/c-snapshot/core.c +++ b/libcrux-sha3/c/core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc F* version: - KaRaMeL version: + KaRaMeL version: e8e461ce */ #include "internal/core.h" diff --git a/libcrux-sha3/c-snapshot/core.h b/libcrux-sha3/c/core.h similarity index 74% rename from libcrux-sha3/c-snapshot/core.h rename to libcrux-sha3/c/core.h index 05fec27b0..2d3371af3 100644 --- a/libcrux-sha3/c-snapshot/core.h +++ b/libcrux-sha3/c/core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc F* version: - KaRaMeL version: + KaRaMeL version: e8e461ce */ #ifndef __core_H diff --git a/libcrux-sha3/c/eurydice_glue.h b/libcrux-sha3/c/eurydice_glue.h new file mode 100644 index 000000000..4b8062a53 --- /dev/null +++ b/libcrux-sha3/c/eurydice_glue.h @@ -0,0 +1,231 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. +// the number of elements in the slice (this is NOT the number of bytes). This design choice has two +// important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end +// index in x (excluded). The argument x must be suitably cast to something that can decay (see +// remark above about how pointer arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +#define EURYDICE_SLICE_LEN(s, _) s.len +#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) +#define Eurydice_slice_index_outparam(s, i, dst, t, _ret_t) (memcpy(dst, ((t*) s.ptr)[i], sizeof(t))) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) + +#define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ + (memcpy(dst, src, len * sizeof(elem_type))) +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + + +// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. +typedef struct +{ + uint8_t tag; + uint8_t case_Ok[]; +} +result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) +{ + return x; +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ + ((iter_ptr)->start == (iter_ptr)->end) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ + ) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static +// inline function cannot receive a type as an argument. Instead, we receive the element size and +// use it to peform manual offset computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; + Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); + chunks->slice = ((Eurydice_slice) { + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size + }); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ + .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ + .chunk_size = sz_ }) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t)) })) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ + (((iter)->index == (iter)->s.len) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) + +// STRINGS + +typedef const char *Prims_string; + +// MISC (UNTESTED) + +#define core_fmt_Formatter void + +// VECTORS (ANCIENT, POSSIBLY UNTESTED) + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size/sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX/2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t*)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) + +#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-sha3/c-snapshot/internal/core.h b/libcrux-sha3/c/internal/core.h similarity index 68% rename from libcrux-sha3/c-snapshot/internal/core.h rename to libcrux-sha3/c/internal/core.h index d27fb5d12..032a2e4cd 100644 --- a/libcrux-sha3/c-snapshot/internal/core.h +++ b/libcrux-sha3/c/internal/core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc F* version: - KaRaMeL version: + KaRaMeL version: e8e461ce */ #ifndef __internal_core_H @@ -36,11 +36,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -extern core_fmt_Arguments -core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); - -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); - #if defined(__cplusplus) } #endif diff --git a/libcrux-sha3/c-snapshot/internal/libcrux_sha3.h b/libcrux-sha3/c/internal/libcrux_sha3.h similarity index 75% rename from libcrux-sha3/c-snapshot/internal/libcrux_sha3.h rename to libcrux-sha3/c/internal/libcrux_sha3.h index 7089a1900..0f94db616 100644 --- a/libcrux-sha3/c-snapshot/internal/libcrux_sha3.h +++ b/libcrux-sha3/c/internal/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc F* version: - KaRaMeL version: + KaRaMeL version: e8e461ce */ #ifndef __internal_libcrux_sha3_H diff --git a/libcrux-sha3/c/internal/libcrux_sha3_avx2.h b/libcrux-sha3/c/internal/libcrux_sha3_avx2.h new file mode 100644 index 000000000..2dc7d63d2 --- /dev/null +++ b/libcrux-sha3/c/internal/libcrux_sha3_avx2.h @@ -0,0 +1,463 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#ifndef __internal_libcrux_sha3_avx2_H +#define __internal_libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_sha3.h" +#include "internal/core.h" +#include "../libcrux_sha3_avx2.h" +#include "eurydice_glue.h" + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +); + +void +libcrux_sha3_simd_avx2_store_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +); + +void +libcrux_sha3_simd_avx2_load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +); + +void +libcrux_sha3_simd_avx2_load_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t ret[4U][200U] +); + +void +libcrux_sha3_simd_avx2_store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t ret[4U][200U] +); + +void +libcrux_sha3_simd_avx2_store_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +); + +void +libcrux_sha3_simd_avx2_load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x); + +void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +); + +void +libcrux_sha3_simd_avx2_load_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +); + +core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_arm64.h new file mode 100644 index 000000000..b14f283be --- /dev/null +++ b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_arm64.h @@ -0,0 +1,552 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c2.yml ../../libcrux_ml_kem.llbc F* version: a32b316e KaRaMeL version: + 020de30f + */ + +#ifndef __libcrux_intrinsics_arm64_H +#define __libcrux_intrinsics_arm64_H + +#if defined(__cplusplus) +extern "C" +{ +#endif + +#include "eurydice_glue.h" +#include + + // NEON Vector Types + typedef int16x4_t core_core_arch_arm_shared_neon_int16x4_t; + typedef uint16x4_t core_core_arch_arm_shared_neon_uint16x4_t; + typedef int8x16_t core_core_arch_arm_shared_neon_int8x16_t; + typedef uint8x16_t core_core_arch_arm_shared_neon_uint8x16_t; + typedef int16x8_t core_core_arch_arm_shared_neon_int16x8_t; + typedef uint16x8_t core_core_arch_arm_shared_neon_uint16x8_t; + typedef int32x4_t core_core_arch_arm_shared_neon_int32x4_t; + typedef uint32x4_t core_core_arch_arm_shared_neon_uint32x4_t; + typedef int64x2_t core_core_arch_arm_shared_neon_int64x2_t; + typedef uint64x2_t core_core_arch_arm_shared_neon_uint64x2_t; + + // Casting Between Vector Types + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vreinterpretq_s16_u16(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_u16_s16(a); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vreinterpretq_u32_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_u32_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vreinterpretq_s32_u32( + core_core_arch_arm_shared_neon_uint32x4_t a) + { + return vreinterpretq_s32_u32(a); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + core_core_arch_arm_shared_neon_int32x4_t a) + { + return vreinterpretq_u32_s32(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_u32( + core_core_arch_arm_shared_neon_uint32x4_t a) + { + return vreinterpretq_s16_u32(a); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_s32_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + core_core_arch_arm_shared_neon_int32x4_t a) + { + return vreinterpretq_s16_s32(a); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vreinterpretq_s64_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_s64_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + core_core_arch_arm_shared_neon_int64x2_t a) + { + return vreinterpretq_s16_s64(a); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vreinterpretq_u8_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_u8_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + core_core_arch_arm_shared_neon_uint8x16_t a) + { + return vreinterpretq_s16_u8(a); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + core_core_arch_arm_shared_neon_int32x4_t a) + { + return vreinterpretq_s64_s32(a); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vreinterpretq_u8_s64( + core_core_arch_arm_shared_neon_int64x2_t a) + { + return vreinterpretq_u8_s64(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + core_core_arch_arm_shared_neon_uint8x16_t a) + { + return vreinterpretq_u16_u8(a); + } + + // Initialize, Load, Store + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vdupq_n_s16(int16_t c) + { + return vdupq_n_s16(c); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t a) + { + return vdupq_n_u32(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value); + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice slice) + { + return vld1q_s16((int16_t*)slice.ptr); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice slice) + { + return vld1q_u8((uint8_t*)slice.ptr); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vld1q_u16(Eurydice_slice slice) + { + return vld1q_u16((uint16_t*)slice.ptr); + } + + static inline void libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_slice out, + core_core_arch_arm_shared_neon_int16x8_t a) + { + vst1q_s16((int16_t*)out.ptr, a); + } + + static inline void libcrux_intrinsics_arm64__vst1q_u8( + Eurydice_slice out, + core_core_arch_arm_shared_neon_uint8x16_t a) + { + vst1q_u8((uint8_t*)out.ptr, a); + } + + // Arithmetic: Add, Sub + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vaddq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vaddq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vaddq_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, + core_core_arch_arm_shared_neon_uint32x4_t b) + { + return vaddq_u32(a, b); + } + + static inline int16_t libcrux_intrinsics_arm64__vaddvq_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vaddvq_s16(a); + } + + static inline uint16_t libcrux_intrinsics_arm64__vaddv_u16( + core_core_arch_arm_shared_neon_uint16x4_t a) + { + return vaddv_s16(a); + } + + static inline uint16_t libcrux_intrinsics_arm64__vaddvq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vaddvq_u16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vsubq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vsubq_s16(a, b); + } + + // Arithmetic: Mul, Mul-High, Mul-Add + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vmulq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + int16_t c) + { + return vmulq_n_s16(a, c); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + int16_t c) + { + return vqdmulhq_n_s16(a, c); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vmulq_n_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, + uint16_t c) + { + return vmulq_n_s16(a, c); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + core_core_arch_arm_shared_neon_int32x4_t a, + int32_t c) + { + return vqdmulhq_n_s32(a, c); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vmulq_n_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, + uint32_t c) + { + return vmulq_n_u32(a, c); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vmulq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vmulq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vqdmulhq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vqdmulhq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmull_s16( + core_core_arch_arm_shared_neon_int16x4_t a, + core_core_arch_arm_shared_neon_int16x4_t b); + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmull_high_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vmull_high_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmlal_s16( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int16x4_t b, + core_core_arch_arm_shared_neon_int16x4_t c) + { + return vmlal_s16(a, b, c); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmlal_high_s16( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int16x8_t b, + core_core_arch_arm_shared_neon_int16x8_t c) + { + return vmlal_high_s16(a, b, c); + } + + // Comparisons + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vcgeq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vcgeq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vcleq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vcleq_s16(a, b); + } + + // Bitwise Operations + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vandq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vandq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__veorq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return veorq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vandq_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, + core_core_arch_arm_shared_neon_uint32x4_t b) + { + return vandq_u32(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vandq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, + core_core_arch_arm_shared_neon_uint16x8_t b) + { + return vandq_u16(a, b); + } + + // Shift Operations + +#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a) \ + (vshrq_n_s16(a, SHIFT_BY)) + +#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a) \ + (vshrq_n_u16(a, SHIFT_BY)) + +#define libcrux_intrinsics_arm64__vshrq_n_u32(N, a) (vshrq_n_u32(a, N)) + +#define libcrux_intrinsics_arm64__vshlq_n_u32(N, a) (vshlq_n_u32(a, N)) + +#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a) \ + (vshlq_n_s16(a, SHIFT_BY)) + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vshlq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vshlq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vshlq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vshlq_u16(a, b); + } + +#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b) (vsliq_n_s16(a, b, N)) + +#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b) (vsliq_n_s64(a, b, N)) + + // Transpose and Vector Manipulations + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vtrn1q_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vtrn1q_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vtrn2q_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vtrn2q_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vtrn1q_s32( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int32x4_t b) + { + return vtrn1q_s32(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vtrn2q_s32( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int32x4_t b) + { + return vtrn2q_s32(a, b); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vtrn1q_s64( + core_core_arch_arm_shared_neon_int64x2_t a, + core_core_arch_arm_shared_neon_int64x2_t b) + { + return vtrn1q_s64(a, b); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vtrn2q_s64( + core_core_arch_arm_shared_neon_int64x2_t a, + core_core_arch_arm_shared_neon_int64x2_t b) + { + return vtrn2q_s64(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x4_t + libcrux_intrinsics_arm64__vget_low_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vget_low_s16(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x4_t + libcrux_intrinsics_arm64__vget_low_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vget_low_u16(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x4_t + libcrux_intrinsics_arm64__vget_high_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vget_high_u16(a); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vqtbl1q_u8( + core_core_arch_arm_shared_neon_uint8x16_t a, + core_core_arch_arm_shared_neon_uint8x16_t b) + { + return vqtbl1q_u8(a, b); + } + +#define libcrux_intrinsics_arm64__vshlq_n_u64(SHIFT_BY, x, _ret_t) \ + (vshlq_n_u64(x, SHIFT_BY)) + +#define libcrux_intrinsics_arm64__vshrq_n_u64(SHIFT_BY, x, _ret_t) \ + (vshrq_n_u64(x, SHIFT_BY)) + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__veorq_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return veorq_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vbicq_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return vbicq_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0) + { + return vdupq_n_u64(x0); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0) + { + return vld1q_u64((uint64_t*)x0.ptr); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vtrn1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return vtrn1q_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vtrn2q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return vtrn2q_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0) + { + return vld1q_u64((uint64_t*)x0.ptr); + } + + static inline void libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + vst1q_u64((uint64_t*)x0.ptr, x1); + } + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_arm64_H_DEFINED +#endif diff --git a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h new file mode 100644 index 000000000..28ce62ccd --- /dev/null +++ b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h @@ -0,0 +1,476 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_intrinsics_avx2_H +#define __libcrux_intrinsics_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "immintrin.h" + +typedef __m128i core_core_arch_x86___m128i; +typedef __m256i core_core_arch_x86___m256i; + +// Cast and Convert + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a){ + return _mm256_castsi256_si128(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a){ + return _mm256_cvtepi16_epi32(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a){ + return _mm256_castsi128_si256(a); +} + +// Initialize, Load, Store + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void){ + return _mm256_setzero_si256(); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a){ + return _mm256_set1_epi16(a); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a){ + return _mm256_set1_epi32(a); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ + return _mm_set1_epi16(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16( + int16_t x0, + int16_t x1, + int16_t x2, + int16_t x3, + int16_t x4, + int16_t x5, + int16_t x6, + int16_t x7, + int16_t x8, + int16_t x9, + int16_t x10, + int16_t x11, + int16_t x12, + int16_t x13, + int16_t x14, + int16_t x15 +){ + return _mm256_set_epi16(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, + int8_t x1, + int8_t x2, + int8_t x3, + int8_t x4, + int8_t x5, + int8_t x6, + int8_t x7, + int8_t x8, + int8_t x9, + int8_t x10, + int8_t x11, + int8_t x12, + int8_t x13, + int8_t x14, + int8_t x15, + int8_t x16, + int8_t x17, + int8_t x18, + int8_t x19, + int8_t x20, + int8_t x21, + int8_t x22, + int8_t x23, + int8_t x24, + int8_t x25, + int8_t x26, + int8_t x27, + int8_t x28, + int8_t x29, + int8_t x30, + int8_t x31 +){ + return _mm256_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15, + x16,x17,x18,x19,x20,x21,x22,x23, + x24,x25,x26,x27,x28,x29,x30,x31); + +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, + uint8_t x1, + uint8_t x2, + uint8_t x3, + uint8_t x4, + uint8_t x5, + uint8_t x6, + uint8_t x7, + uint8_t x8, + uint8_t x9, + uint8_t x10, + uint8_t x11, + uint8_t x12, + uint8_t x13, + uint8_t x14, + uint8_t x15 +){ + return _mm_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15); +} + + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32( + int32_t x0, + int32_t x1, + int32_t x2, + int32_t x3, + int32_t x4, + int32_t x5, + int32_t x6, + int32_t x7 +){ + return _mm256_set_epi32(x0,x1,x2,x3,x4,x5,x6,x7); +} + + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ + return _mm256_loadu_si256(a.ptr); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ + return _mm_loadu_si128(a.ptr); +} + + +static inline void +libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ + return _mm_storeu_si128(a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice a, + core_core_arch_x86___m256i b +){ + return _mm256_storeu_si256(a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ + return _mm_storeu_si128(a.ptr,b); +} + +// Arithmetic: Add, Sub + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b + ){ + return _mm256_add_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_add_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_add_epi16(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_sub_epi16(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_sub_epi16(a,b); +} + +// Arithmetic: Mul low and high, Mul-Add combinations + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mullo_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mulhi_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mul_epu32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mullo_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_mullo_epi16(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_mulhi_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_madd_epi16(a,b); +} + +// Comparison + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_cmpgt_epi16(a,b); +} + +// Bitwise operations + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_and_si256(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_xor_si256(a,b); +} + +static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ + return _mm_movemask_epi8(a); +} + +// Shift operations +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srai_epi16(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srai_epi16(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi16(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srli_epi16(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi16(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_slli_epi16(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_slli_epi32(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srai_epi32(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi32(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srli_epi32(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_sllv_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srli_epi64(b,a); +} + +// Shuffle and Vector Interleaving + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpacklo_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpackhi_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpackhi_epi64(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_packs_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_packs_epi16(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi32(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_shuffle_epi32(b,a); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_extracti128_si256(b,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_permute4x64_epi64(b,a); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_inserti128_si256( + int32_t a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m128i c +){ + return _mm256_inserti128_si256(b,c,a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_blend_epi16( + int32_t a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +){ + return _mm256_blend_epi16(b,c,a); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_shuffle_epi8(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_permutevar8x32_epi32(a,b); +} + + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_shuffle_epi8(a,b); +} + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_avx2_H_DEFINED +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/c_endianness.h b/libcrux-sha3/c/karamel/include/krml/c_endianness.h new file mode 100644 index 000000000..21d7e1b4f --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/c_endianness.h @@ -0,0 +1,13 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_ENDIAN_H +#define __KRML_ENDIAN_H + +#ifdef __GNUC__ +#warning "c_endianness.h is deprecated, include lowstar_endianness.h instead" +#endif + +#include "lowstar_endianness.h" + +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/fstar_int.h b/libcrux-sha3/c/karamel/include/krml/fstar_int.h new file mode 100644 index 000000000..174ae59e3 --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/fstar_int.h @@ -0,0 +1,81 @@ +#ifndef __FSTAR_INT_H +#define __FSTAR_INT_H + +#include "internal/types.h" + +/* + * Arithmetic Shift Right operator + * + * In all C standards, a >> b is implementation-defined when a has a signed + * type and a negative value. See e.g. 6.5.7 in + * http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2310.pdf + * + * GCC, MSVC, and Clang implement a >> b as an arithmetic shift. + * + * GCC: https://gcc.gnu.org/onlinedocs/gcc-9.1.0/gcc/Integers-implementation.html#Integers-implementation + * MSVC: https://docs.microsoft.com/en-us/cpp/cpp/left-shift-and-right-shift-operators-input-and-output?view=vs-2019#right-shifts + * Clang: tested that Clang 7, 8 and 9 compile this to an arithmetic shift + * + * We implement arithmetic shift right simply as >> in these compilers + * and bail out in others. + */ + +#if !(defined(_MSC_VER) || defined(__GNUC__) || (defined(__clang__) && (__clang_major__ >= 7))) + +static inline +int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +static inline +int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +static inline +int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +static inline +int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +#else + +static inline +int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { + return (a >> b); +} + +static inline +int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { + return (a >> b); +} + +static inline +int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { + return (a >> b); +} + +static inline +int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { + return (a >> b); +} + +#endif /* !(defined(_MSC_VER) ... ) */ + +#endif /* __FSTAR_INT_H */ diff --git a/libcrux-sha3/c/karamel/include/krml/internal/builtin.h b/libcrux-sha3/c/karamel/include/krml/internal/builtin.h new file mode 100644 index 000000000..6098f30be --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/builtin.h @@ -0,0 +1,18 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_BUILTIN_H +#define __KRML_BUILTIN_H + +/* For alloca, when using KaRaMeL's -falloca */ +#if (defined(_WIN32) || defined(_WIN64)) +# include +#elif (defined(sun)) +# include +#endif + +/* If some globals need to be initialized before the main, then karamel will + * generate and try to link last a function with this type: */ +void krmlinit_globals(void); + +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/internal/callconv.h b/libcrux-sha3/c/karamel/include/krml/internal/callconv.h new file mode 100644 index 000000000..aeca0ba71 --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/callconv.h @@ -0,0 +1,27 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_CALLCONV_H +#define __KRML_CALLCONV_H + +/******************************************************************************/ +/* Some macros to ease compatibility (TODO: move to miTLS) */ +/******************************************************************************/ + +/* We want to generate __cdecl safely without worrying about it being undefined. + * When using MSVC, these are always defined. When using MinGW, these are + * defined too. They have no meaning for other platforms, so we define them to + * be empty macros in other situations. */ +#ifndef _MSC_VER +#ifndef __cdecl +#define __cdecl +#endif +#ifndef __stdcall +#define __stdcall +#endif +#ifndef __fastcall +#define __fastcall +#endif +#endif + +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/internal/compat.h b/libcrux-sha3/c/karamel/include/krml/internal/compat.h new file mode 100644 index 000000000..b557bbc1b --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/compat.h @@ -0,0 +1,32 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef KRML_COMPAT_H +#define KRML_COMPAT_H + +#include + +/* A series of macros that define C implementations of types that are not Low*, + * to facilitate porting programs to Low*. */ + +typedef struct { + uint32_t length; + const char *data; +} FStar_Bytes_bytes; + +typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int, + krml_checked_int_t; + +#define RETURN_OR(x) \ + do { \ + int64_t __ret = x; \ + if (__ret < INT32_MIN || INT32_MAX < __ret) { \ + KRML_HOST_PRINTF( \ + "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \ + __LINE__); \ + KRML_HOST_EXIT(252); \ + } \ + return (int32_t)__ret; \ + } while (0) + +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/internal/debug.h b/libcrux-sha3/c/karamel/include/krml/internal/debug.h new file mode 100644 index 000000000..786db147e --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/debug.h @@ -0,0 +1,57 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_DEBUG_H +#define __KRML_DEBUG_H + +#include + +#include "krml/internal/target.h" + +/******************************************************************************/ +/* Debugging helpers - intended only for KaRaMeL developers */ +/******************************************************************************/ + +/* In support of "-wasm -d force-c": we might need this function to be + * forward-declared, because the dependency on WasmSupport appears very late, + * after SimplifyWasm, and sadly, after the topological order has been done. */ +void WasmSupport_check_buffer_size(uint32_t s); + +/* A series of GCC atrocities to trace function calls (karamel's [-d c-calls] + * option). Useful when trying to debug, say, Wasm, to compare traces. */ +/* clang-format off */ +#ifdef __GNUC__ +#define KRML_FORMAT(X) _Generic((X), \ + uint8_t : "0x%08" PRIx8, \ + uint16_t: "0x%08" PRIx16, \ + uint32_t: "0x%08" PRIx32, \ + uint64_t: "0x%08" PRIx64, \ + int8_t : "0x%08" PRIx8, \ + int16_t : "0x%08" PRIx16, \ + int32_t : "0x%08" PRIx32, \ + int64_t : "0x%08" PRIx64, \ + default : "%s") + +#define KRML_FORMAT_ARG(X) _Generic((X), \ + uint8_t : X, \ + uint16_t: X, \ + uint32_t: X, \ + uint64_t: X, \ + int8_t : X, \ + int16_t : X, \ + int32_t : X, \ + int64_t : X, \ + default : "unknown") +/* clang-format on */ + +# define KRML_DEBUG_RETURN(X) \ + ({ \ + __auto_type _ret = (X); \ + KRML_HOST_PRINTF("returning: "); \ + KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \ + KRML_HOST_PRINTF(" \n"); \ + _ret; \ + }) +#endif + +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/internal/target.h b/libcrux-sha3/c/karamel/include/krml/internal/target.h new file mode 100644 index 000000000..d4252a108 --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/target.h @@ -0,0 +1,384 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_TARGET_H +#define __KRML_TARGET_H + +#include +#include +#include +#include +#include +#include +#include + +/* Since KaRaMeL emits the inline keyword unconditionally, we follow the + * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this + * __inline__ to ensure the code compiles with -std=c90 and earlier. */ +#ifdef __GNUC__ +# define inline __inline__ +#endif + +/******************************************************************************/ +/* Macros that KaRaMeL will generate. */ +/******************************************************************************/ + +/* For "bare" targets that do not have a C stdlib, the user might want to use + * [-add-early-include '"mydefinitions.h"'] and override these. */ +#ifndef KRML_HOST_PRINTF +# define KRML_HOST_PRINTF printf +#endif + +#if ( \ + (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + (!(defined KRML_HOST_EPRINTF))) +# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER) +# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#endif + +#ifndef KRML_HOST_EXIT +# define KRML_HOST_EXIT exit +#endif + +#ifndef KRML_HOST_MALLOC +# define KRML_HOST_MALLOC malloc +#endif + +#ifndef KRML_HOST_CALLOC +# define KRML_HOST_CALLOC calloc +#endif + +#ifndef KRML_HOST_FREE +# define KRML_HOST_FREE free +#endif + +#ifndef KRML_HOST_IGNORE +# define KRML_HOST_IGNORE(x) (void)(x) +#endif + +#ifndef KRML_MAYBE_UNUSED_VAR +# define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x) +#endif + +#ifndef KRML_MAYBE_UNUSED +# if defined(__GNUC__) +# define KRML_MAYBE_UNUSED __attribute__((unused)) +# else +# define KRML_MAYBE_UNUSED +# endif +#endif + +#ifndef KRML_NOINLINE +# if defined(_MSC_VER) +# define KRML_NOINLINE __declspec(noinline) +# elif defined (__GNUC__) +# define KRML_NOINLINE __attribute__((noinline,unused)) +# else +# define KRML_NOINLINE +# warning "The KRML_NOINLINE macro is not defined for this toolchain!" +# warning "The compiler may defeat side-channel resistance with optimizations." +# warning "Please locate target.h and try to fill it out with a suitable definition for this compiler." +# endif +#endif + +#ifndef KRML_PRE_ALIGN +# ifdef _MSC_VER +# define KRML_PRE_ALIGN(X) __declspec(align(X)) +# else +# define KRML_PRE_ALIGN(X) +# endif +#endif + +#ifndef KRML_POST_ALIGN +# ifdef _MSC_VER +# define KRML_POST_ALIGN(X) +# else +# define KRML_POST_ALIGN(X) __attribute__((aligned(X))) +# endif +#endif + +/* MinGW-W64 does not support C11 aligned_alloc, but it supports + * MSVC's _aligned_malloc. + */ +#ifndef KRML_ALIGNED_MALLOC +# ifdef __MINGW32__ +# include <_mingw.h> +# endif +# if ( \ + defined(_MSC_VER) || \ + (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) +# define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X) +# else +# define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y) +# endif +#endif + +/* Since aligned allocations with MinGW-W64 are done with + * _aligned_malloc (see above), such pointers must be freed with + * _aligned_free. + */ +#ifndef KRML_ALIGNED_FREE +# ifdef __MINGW32__ +# include <_mingw.h> +# endif +# if ( \ + defined(_MSC_VER) || \ + (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) +# define KRML_ALIGNED_FREE(X) _aligned_free(X) +# else +# define KRML_ALIGNED_FREE(X) free(X) +# endif +#endif + +#ifndef KRML_HOST_TIME + +# include + +/* Prims_nat not yet in scope */ +inline static int32_t krml_time(void) { + return (int32_t)time(NULL); +} + +# define KRML_HOST_TIME krml_time +#endif + +/* In statement position, exiting is easy. */ +#define KRML_EXIT \ + do { \ + KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \ + KRML_HOST_EXIT(254); \ + } while (0) + +/* In expression position, use the comma-operator and a malloc to return an + * expression of the right size. KaRaMeL passes t as the parameter to the macro. + */ +#define KRML_EABORT(t, msg) \ + (KRML_HOST_PRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \ + KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t)))) + +/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of + * *elements*. Do an ugly, run-time check (some of which KaRaMeL can eliminate). + */ +#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) +# define _KRML_CHECK_SIZE_PRAGMA \ + _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") +#else +# define _KRML_CHECK_SIZE_PRAGMA +#endif + +#define KRML_CHECK_SIZE(size_elt, sz) \ + do { \ + _KRML_CHECK_SIZE_PRAGMA \ + if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ + KRML_HOST_PRINTF( \ + "Maximum allocatable size exceeded, aborting before overflow at " \ + "%s:%d\n", \ + __FILE__, __LINE__); \ + KRML_HOST_EXIT(253); \ + } \ + } while (0) + +#if defined(_MSC_VER) && _MSC_VER < 1900 +# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) \ + _snprintf_s(buf, sz, _TRUNCATE, fmt, arg) +#else +# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg) +#endif + +#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) +# define KRML_DEPRECATED(x) __attribute__((deprecated(x))) +#elif defined(__GNUC__) +/* deprecated attribute is not defined in GCC < 4.5. */ +# define KRML_DEPRECATED(x) +#elif defined(_MSC_VER) +# define KRML_DEPRECATED(x) __declspec(deprecated(x)) +#endif + +/* Macros for prettier unrolling of loops */ +#define KRML_LOOP1(i, n, x) { \ + x \ + i += n; \ + (void) i; \ +} + +#define KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP3(i, n, x) \ + KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP5(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP6(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP7(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP3(i, n, x) + +#define KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP4(i, n, x) + +#define KRML_LOOP9(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP10(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP11(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP3(i, n, x) + +#define KRML_LOOP12(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) + +#define KRML_LOOP13(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP5(i, n, x) + +#define KRML_LOOP14(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP6(i, n, x) + +#define KRML_LOOP15(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP7(i, n, x) + +#define KRML_LOOP16(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP8(i, n, x) + +#define KRML_UNROLL_FOR(i, z, n, k, x) \ + do { \ + uint32_t i = z; \ + KRML_LOOP##n(i, k, x) \ + } while (0) + +#define KRML_ACTUAL_FOR(i, z, n, k, x) \ + do { \ + for (uint32_t i = z; i < n; i += k) { \ + x \ + } \ + } while (0) + +#ifndef KRML_UNROLL_MAX +# define KRML_UNROLL_MAX 16 +#endif + +/* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */ +#if 0 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR0(i, z, n, k, x) +#else +# define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 1 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x) +#else +# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 2 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x) +#else +# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 3 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x) +#else +# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 4 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x) +#else +# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 5 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x) +#else +# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 6 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x) +#else +# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 7 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x) +#else +# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 8 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x) +#else +# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 9 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x) +#else +# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 10 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x) +#else +# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 11 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x) +#else +# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 12 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x) +#else +# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 13 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x) +#else +# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 14 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x) +#else +# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 15 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x) +#else +# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 16 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x) +#else +# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/internal/types.h b/libcrux-sha3/c/karamel/include/krml/internal/types.h new file mode 100644 index 000000000..e41b39be9 --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/types.h @@ -0,0 +1,105 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef KRML_TYPES_H +#define KRML_TYPES_H + +#include +#include +#include +#include + +/* Types which are either abstract, meaning that have to be implemented in C, or + * which are models, meaning that they are swapped out at compile-time for + * hand-written C types (in which case they're marked as noextract). */ + +typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_; +typedef int64_t FStar_Int64_t, FStar_Int64_t_; +typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_; +typedef int32_t FStar_Int32_t, FStar_Int32_t_; +typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_; +typedef int16_t FStar_Int16_t, FStar_Int16_t_; +typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_; +typedef int8_t FStar_Int8_t, FStar_Int8_t_; + +/* Only useful when building krmllib, because it's in the dependency graph of + * FStar.Int.Cast. */ +typedef uint64_t FStar_UInt63_t, FStar_UInt63_t_; +typedef int64_t FStar_Int63_t, FStar_Int63_t_; + +typedef double FStar_Float_float; +typedef uint32_t FStar_Char_char; +typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write; + +typedef void *FStar_Dyn_dyn; + +typedef const char *C_String_t, *C_String_t_, *C_Compat_String_t, *C_Compat_String_t_; + +typedef int exit_code; +typedef FILE *channel; + +typedef unsigned long long TestLib_cycles; + +typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan; + +/* Now Prims.string is no longer illegal with the new model in LowStar.Printf; + * it's operations that produce Prims_string which are illegal. Bring the + * definition into scope by default. */ +typedef const char *Prims_string; + +#if (defined(_MSC_VER) && defined(_M_X64) && !defined(__clang__)) +#define IS_MSVC64 1 +#endif + +/* This code makes a number of assumptions and should be refined. In particular, + * it assumes that: any non-MSVC amd64 compiler supports int128. Maybe it would + * be easier to just test for defined(__SIZEOF_INT128__) only? */ +#if (defined(__x86_64__) || \ + defined(__x86_64) || \ + defined(__aarch64__) || \ + (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \ + defined(__s390x__) || \ + (defined(_MSC_VER) && defined(_M_X64) && defined(__clang__)) || \ + (defined(__mips__) && defined(__LP64__)) || \ + (defined(__riscv) && __riscv_xlen == 64) || \ + defined(__SIZEOF_INT128__)) +#define HAS_INT128 1 +#endif + +/* The uint128 type is a special case since we offer several implementations of + * it, depending on the compiler and whether the user wants the verified + * implementation or not. */ +#if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) +# include +typedef __m128i FStar_UInt128_uint128; +#elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) +typedef unsigned __int128 FStar_UInt128_uint128; +#else +typedef struct FStar_UInt128_uint128_s { + uint64_t low; + uint64_t high; +} FStar_UInt128_uint128; +#endif + +/* The former is defined once, here (otherwise, conflicts for test-c89. The + * latter is for internal use. */ +typedef FStar_UInt128_uint128 FStar_UInt128_t, uint128_t; + +#include "krml/lowstar_endianness.h" + +#endif + +/* Avoid a circular loop: if this header is included via FStar_UInt8_16_32_64, + * then don't bring the uint128 definitions into scope. */ +#ifndef __FStar_UInt_8_16_32_64_H + +#if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) +#include "fstar_uint128_msvc.h" +#elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) +#include "fstar_uint128_gcc64.h" +#else +#include "FStar_UInt128_Verified.h" +#include "fstar_uint128_struct_endianness.h" +#endif + +#endif diff --git a/libcrux-sha3/c/karamel/include/krml/internal/wasmsupport.h b/libcrux-sha3/c/karamel/include/krml/internal/wasmsupport.h new file mode 100644 index 000000000..b44fa3f75 --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/internal/wasmsupport.h @@ -0,0 +1,5 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file is automatically included when compiling with -wasm -d force-c */ +#define WasmSupport_check_buffer_size(X) diff --git a/libcrux-sha3/c/karamel/include/krml/lowstar_endianness.h b/libcrux-sha3/c/karamel/include/krml/lowstar_endianness.h new file mode 100644 index 000000000..1aa2ccd64 --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krml/lowstar_endianness.h @@ -0,0 +1,231 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __LOWSTAR_ENDIANNESS_H +#define __LOWSTAR_ENDIANNESS_H + +#include +#include + +/******************************************************************************/ +/* Implementing C.fst (part 2: endian-ness macros) */ +/******************************************************************************/ + +/* ... for Linux */ +#if defined(__linux__) || defined(__CYGWIN__) || defined (__USE_SYSTEM_ENDIAN_H__) || defined(__GLIBC__) +# include + +/* ... for OSX */ +#elif defined(__APPLE__) +# include +# define htole64(x) OSSwapHostToLittleInt64(x) +# define le64toh(x) OSSwapLittleToHostInt64(x) +# define htobe64(x) OSSwapHostToBigInt64(x) +# define be64toh(x) OSSwapBigToHostInt64(x) + +# define htole16(x) OSSwapHostToLittleInt16(x) +# define le16toh(x) OSSwapLittleToHostInt16(x) +# define htobe16(x) OSSwapHostToBigInt16(x) +# define be16toh(x) OSSwapBigToHostInt16(x) + +# define htole32(x) OSSwapHostToLittleInt32(x) +# define le32toh(x) OSSwapLittleToHostInt32(x) +# define htobe32(x) OSSwapHostToBigInt32(x) +# define be32toh(x) OSSwapBigToHostInt32(x) + +/* ... for Solaris */ +#elif defined(__sun__) +# include +# define htole64(x) LE_64(x) +# define le64toh(x) LE_64(x) +# define htobe64(x) BE_64(x) +# define be64toh(x) BE_64(x) + +# define htole16(x) LE_16(x) +# define le16toh(x) LE_16(x) +# define htobe16(x) BE_16(x) +# define be16toh(x) BE_16(x) + +# define htole32(x) LE_32(x) +# define le32toh(x) LE_32(x) +# define htobe32(x) BE_32(x) +# define be32toh(x) BE_32(x) + +/* ... for the BSDs */ +#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +# include +#elif defined(__OpenBSD__) +# include + +/* ... for Windows (MSVC)... not targeting XBOX 360! */ +#elif defined(_MSC_VER) + +# include +# define htobe16(x) _byteswap_ushort(x) +# define htole16(x) (x) +# define be16toh(x) _byteswap_ushort(x) +# define le16toh(x) (x) + +# define htobe32(x) _byteswap_ulong(x) +# define htole32(x) (x) +# define be32toh(x) _byteswap_ulong(x) +# define le32toh(x) (x) + +# define htobe64(x) _byteswap_uint64(x) +# define htole64(x) (x) +# define be64toh(x) _byteswap_uint64(x) +# define le64toh(x) (x) + +/* ... for Windows (GCC-like, e.g. mingw or clang) */ +#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) && \ + (defined(__GNUC__) || defined(__clang__)) + +# define htobe16(x) __builtin_bswap16(x) +# define htole16(x) (x) +# define be16toh(x) __builtin_bswap16(x) +# define le16toh(x) (x) + +# define htobe32(x) __builtin_bswap32(x) +# define htole32(x) (x) +# define be32toh(x) __builtin_bswap32(x) +# define le32toh(x) (x) + +# define htobe64(x) __builtin_bswap64(x) +# define htole64(x) (x) +# define be64toh(x) __builtin_bswap64(x) +# define le64toh(x) (x) + +/* ... generic big-endian fallback code */ +/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always big-endian */ +#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || defined(_AIX) + +/* byte swapping code inspired by: + * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h + * */ + +# define htobe32(x) (x) +# define be32toh(x) (x) +# define htole32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +# define le32toh(x) (htole32((x))) + +# define htobe64(x) (x) +# define be64toh(x) (x) +# define htole64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +# define le64toh(x) (htole64((x))) + +/* ... generic little-endian fallback code */ +#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + +# define htole32(x) (x) +# define le32toh(x) (x) +# define htobe32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +# define be32toh(x) (htobe32((x))) + +# define htole64(x) (x) +# define le64toh(x) (x) +# define htobe64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +# define be64toh(x) (htobe64((x))) + +/* ... couldn't determine endian-ness of the target platform */ +#else +# error "Please define __BYTE_ORDER__!" + +#endif /* defined(__linux__) || ... */ + +/* Loads and stores. These avoid undefined behavior due to unaligned memory + * accesses, via memcpy. */ + +inline static uint16_t load16(uint8_t *b) { + uint16_t x; + memcpy(&x, b, 2); + return x; +} + +inline static uint32_t load32(uint8_t *b) { + uint32_t x; + memcpy(&x, b, 4); + return x; +} + +inline static uint64_t load64(uint8_t *b) { + uint64_t x; + memcpy(&x, b, 8); + return x; +} + +inline static void store16(uint8_t *b, uint16_t i) { + memcpy(b, &i, 2); +} + +inline static void store32(uint8_t *b, uint32_t i) { + memcpy(b, &i, 4); +} + +inline static void store64(uint8_t *b, uint64_t i) { + memcpy(b, &i, 8); +} + +/* Legacy accessors so that this header can serve as an implementation of + * C.Endianness */ +#define load16_le(b) (le16toh(load16(b))) +#define store16_le(b, i) (store16(b, htole16(i))) +#define load16_be(b) (be16toh(load16(b))) +#define store16_be(b, i) (store16(b, htobe16(i))) + +#define load32_le(b) (le32toh(load32(b))) +#define store32_le(b, i) (store32(b, htole32(i))) +#define load32_be(b) (be32toh(load32(b))) +#define store32_be(b, i) (store32(b, htobe32(i))) + +#define load64_le(b) (le64toh(load64(b))) +#define store64_le(b, i) (store64(b, htole64(i))) +#define load64_be(b) (be64toh(load64(b))) +#define store64_be(b, i) (store64(b, htobe64(i))) + +/* Co-existence of LowStar.Endianness and FStar.Endianness generates name + * conflicts, because of course both insist on having no prefixes. Until a + * prefix is added, or until we truly retire FStar.Endianness, solve this issue + * in an elegant way. */ +#define load16_le0 load16_le +#define store16_le0 store16_le +#define load16_be0 load16_be +#define store16_be0 store16_be + +#define load32_le0 load32_le +#define store32_le0 store32_le +#define load32_be0 load32_be +#define store32_be0 store32_be + +#define load64_le0 load64_le +#define store64_le0 store64_le +#define load64_be0 load64_be +#define store64_be0 store64_be + +#define load128_le0 load128_le +#define store128_le0 store128_le +#define load128_be0 load128_be +#define store128_be0 store128_be + +#endif diff --git a/libcrux-sha3/c/karamel/include/krmllib.h b/libcrux-sha3/c/karamel/include/krmllib.h new file mode 100644 index 000000000..ae11e4a8d --- /dev/null +++ b/libcrux-sha3/c/karamel/include/krmllib.h @@ -0,0 +1,28 @@ +#ifndef __KRMLLIB_H +#define __KRMLLIB_H + +/******************************************************************************/ +/* The all-in-one krmllib.h header */ +/******************************************************************************/ + +/* This is a meta-header that is included by default in KaRaMeL generated + * programs. If you wish to have a more lightweight set of headers, or are + * targeting an environment where controlling these macros yourself is + * important, consider using: + * + * krml -minimal + * + * to disable the inclusion of this file (note: this also disables the default + * argument "-bundle FStar.*"). You can then include the headers of your choice + * one by one, using -add-early-include. */ + +#include "krml/internal/target.h" +#include "krml/internal/callconv.h" +#include "krml/internal/builtin.h" +#include "krml/internal/debug.h" +#include "krml/internal/types.h" + +#include "krml/lowstar_endianness.h" +#include "krml/fstar_int.h" + +#endif /* __KRMLLIB_H */ diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128.h new file mode 100644 index 000000000..ecc90213c --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128.h @@ -0,0 +1,78 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __FStar_UInt128_H +#define __FStar_UInt128_H + +#include +#include +#include "krml/internal/compat.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +static inline FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a); + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s); + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s); + +static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a); + +static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a); + +static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y); + +static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y); + + +#define __FStar_UInt128_H_DEFINED +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h new file mode 100644 index 000000000..9e4e2290b --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h @@ -0,0 +1,346 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __FStar_UInt128_Verified_H +#define __FStar_UInt128_Verified_H + +#include "FStar_UInt_8_16_32_64.h" +#include +#include +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) +{ + return (a ^ ((a ^ b) | ((a - b) ^ b))) >> 63U; +} + +static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) +{ + return FStar_UInt128_constant_time_carry(a, b); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return FStar_UInt128_sub_mod_impl(a, b); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low & b.low; + lit.high = a.high & b.high; + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low ^ b.low; + lit.high = a.high ^ b.high; + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low | b.low; + lit.high = a.high | b.high; + return lit; +} + +static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) +{ + FStar_UInt128_uint128 lit; + lit.low = ~a.low; + lit.high = ~a.high; + return lit; +} + +static uint32_t FStar_UInt128_u32_64 = 64U; + +static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) +{ + return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); +} + +static inline uint64_t +FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) +{ + return FStar_UInt128_add_u64_shift_left(hi, lo, s); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s == 0U) + { + return a; + } + else + { + FStar_UInt128_uint128 lit; + lit.low = a.low << s; + lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); + return lit; + } +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) +{ + FStar_UInt128_uint128 lit; + lit.low = 0ULL; + lit.high = a.low << (s - FStar_UInt128_u32_64); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s < FStar_UInt128_u32_64) + { + return FStar_UInt128_shift_left_small(a, s); + } + else + { + return FStar_UInt128_shift_left_large(a, s); + } +} + +static inline uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) +{ + return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); +} + +static inline uint64_t +FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) +{ + return FStar_UInt128_add_u64_shift_right(hi, lo, s); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s == 0U) + { + return a; + } + else + { + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); + lit.high = a.high >> s; + return lit; + } +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) +{ + FStar_UInt128_uint128 lit; + lit.low = a.high >> (s - FStar_UInt128_u32_64); + lit.high = 0ULL; + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s < FStar_UInt128_u32_64) + { + return FStar_UInt128_shift_right_small(a, s); + } + else + { + return FStar_UInt128_shift_right_large(a, s); + } +} + +static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.low == b.low && a.high == b.high; +} + +static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high > b.high || (a.high == b.high && a.low > b.low); +} + +static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high < b.high || (a.high == b.high && a.low < b.low); +} + +static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high > b.high || (a.high == b.high && a.low >= b.low); +} + +static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high < b.high || (a.high == b.high && a.low <= b.low); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = + (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) + | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + lit.high = + (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) + | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + return lit; +} + +static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) +{ + FStar_UInt128_uint128 lit; + lit.low = a; + lit.high = 0ULL; + return lit; +} + +static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) +{ + return a.low; +} + +static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a) +{ + return a & 0xffffffffULL; +} + +static uint32_t FStar_UInt128_u32_32 = 32U; + +static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) +{ + return lo + (hi << FStar_UInt128_u32_32); +} + +static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) +{ + FStar_UInt128_uint128 lit; + lit.low = + FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) + * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); + lit.high = + ((x >> FStar_UInt128_u32_32) + * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) + >> FStar_UInt128_u32_32; + return lit; +} + +static inline uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) +{ + return lo + (hi << FStar_UInt128_u32_32); +} + +static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) +{ + FStar_UInt128_uint128 lit; + lit.low = + FStar_UInt128_u32_combine_(FStar_UInt128_u64_mod_32(x) + * (y >> FStar_UInt128_u32_32) + + + FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y))); + lit.high = + (x >> FStar_UInt128_u32_32) + * (y >> FStar_UInt128_u32_32) + + + (((x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)) + >> FStar_UInt128_u32_32) + + + ((FStar_UInt128_u64_mod_32(x) + * (y >> FStar_UInt128_u32_32) + + + FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32))) + >> FStar_UInt128_u32_32); + return lit; +} + + +#define __FStar_UInt128_Verified_H_DEFINED +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h new file mode 100644 index 000000000..56a2454fc --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h @@ -0,0 +1,213 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __FStar_UInt_8_16_32_64_H +#define __FStar_UInt_8_16_32_64_H + +#include +#include +#include "krml/internal/compat.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +extern krml_checked_int_t FStar_UInt64_n; + +extern bool FStar_UInt64_uu___is_Mk(uint64_t projectee); + +extern krml_checked_int_t FStar_UInt64___proj__Mk__item__v(uint64_t projectee); + +extern krml_checked_int_t FStar_UInt64_v(uint64_t x); + +extern uint64_t FStar_UInt64_uint_to_t(krml_checked_int_t x); + +extern uint64_t FStar_UInt64_zero; + +extern uint64_t FStar_UInt64_one; + +extern uint64_t FStar_UInt64_minus(uint64_t a); + +extern uint32_t FStar_UInt64_n_minus_one; + +static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) +{ + uint64_t x = a ^ b; + uint64_t minus_x = ~x + 1ULL; + uint64_t x_or_minus_x = x | minus_x; + uint64_t xnx = x_or_minus_x >> 63U; + return xnx - 1ULL; +} + +static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) +{ + uint64_t x = a; + uint64_t y = b; + uint64_t x_xor_y = x ^ y; + uint64_t x_sub_y = x - y; + uint64_t x_sub_y_xor_y = x_sub_y ^ y; + uint64_t q = x_xor_y | x_sub_y_xor_y; + uint64_t x_xor_q = x ^ q; + uint64_t x_xor_q_ = x_xor_q >> 63U; + return x_xor_q_ - 1ULL; +} + +extern Prims_string FStar_UInt64_to_string(uint64_t uu___); + +extern Prims_string FStar_UInt64_to_string_hex(uint64_t uu___); + +extern Prims_string FStar_UInt64_to_string_hex_pad(uint64_t uu___); + +extern uint64_t FStar_UInt64_of_string(Prims_string uu___); + +extern krml_checked_int_t FStar_UInt32_n; + +extern bool FStar_UInt32_uu___is_Mk(uint32_t projectee); + +extern krml_checked_int_t FStar_UInt32___proj__Mk__item__v(uint32_t projectee); + +extern krml_checked_int_t FStar_UInt32_v(uint32_t x); + +extern uint32_t FStar_UInt32_uint_to_t(krml_checked_int_t x); + +extern uint32_t FStar_UInt32_zero; + +extern uint32_t FStar_UInt32_one; + +extern uint32_t FStar_UInt32_minus(uint32_t a); + +extern uint32_t FStar_UInt32_n_minus_one; + +static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) +{ + uint32_t x = a ^ b; + uint32_t minus_x = ~x + 1U; + uint32_t x_or_minus_x = x | minus_x; + uint32_t xnx = x_or_minus_x >> 31U; + return xnx - 1U; +} + +static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) +{ + uint32_t x = a; + uint32_t y = b; + uint32_t x_xor_y = x ^ y; + uint32_t x_sub_y = x - y; + uint32_t x_sub_y_xor_y = x_sub_y ^ y; + uint32_t q = x_xor_y | x_sub_y_xor_y; + uint32_t x_xor_q = x ^ q; + uint32_t x_xor_q_ = x_xor_q >> 31U; + return x_xor_q_ - 1U; +} + +extern Prims_string FStar_UInt32_to_string(uint32_t uu___); + +extern Prims_string FStar_UInt32_to_string_hex(uint32_t uu___); + +extern Prims_string FStar_UInt32_to_string_hex_pad(uint32_t uu___); + +extern uint32_t FStar_UInt32_of_string(Prims_string uu___); + +extern krml_checked_int_t FStar_UInt16_n; + +extern bool FStar_UInt16_uu___is_Mk(uint16_t projectee); + +extern krml_checked_int_t FStar_UInt16___proj__Mk__item__v(uint16_t projectee); + +extern krml_checked_int_t FStar_UInt16_v(uint16_t x); + +extern uint16_t FStar_UInt16_uint_to_t(krml_checked_int_t x); + +extern uint16_t FStar_UInt16_zero; + +extern uint16_t FStar_UInt16_one; + +extern uint16_t FStar_UInt16_minus(uint16_t a); + +extern uint32_t FStar_UInt16_n_minus_one; + +static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) +{ + uint16_t x = (uint32_t)a ^ (uint32_t)b; + uint16_t minus_x = (uint32_t)~x + 1U; + uint16_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; + uint16_t xnx = (uint32_t)x_or_minus_x >> 15U; + return (uint32_t)xnx - 1U; +} + +static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) +{ + uint16_t x = a; + uint16_t y = b; + uint16_t x_xor_y = (uint32_t)x ^ (uint32_t)y; + uint16_t x_sub_y = (uint32_t)x - (uint32_t)y; + uint16_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y; + uint16_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y; + uint16_t x_xor_q = (uint32_t)x ^ (uint32_t)q; + uint16_t x_xor_q_ = (uint32_t)x_xor_q >> 15U; + return (uint32_t)x_xor_q_ - 1U; +} + +extern Prims_string FStar_UInt16_to_string(uint16_t uu___); + +extern Prims_string FStar_UInt16_to_string_hex(uint16_t uu___); + +extern Prims_string FStar_UInt16_to_string_hex_pad(uint16_t uu___); + +extern uint16_t FStar_UInt16_of_string(Prims_string uu___); + +extern krml_checked_int_t FStar_UInt8_n; + +extern bool FStar_UInt8_uu___is_Mk(uint8_t projectee); + +extern krml_checked_int_t FStar_UInt8___proj__Mk__item__v(uint8_t projectee); + +extern krml_checked_int_t FStar_UInt8_v(uint8_t x); + +extern uint8_t FStar_UInt8_uint_to_t(krml_checked_int_t x); + +extern uint8_t FStar_UInt8_zero; + +extern uint8_t FStar_UInt8_one; + +extern uint8_t FStar_UInt8_minus(uint8_t a); + +extern uint32_t FStar_UInt8_n_minus_one; + +static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) +{ + uint8_t x = (uint32_t)a ^ (uint32_t)b; + uint8_t minus_x = (uint32_t)~x + 1U; + uint8_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; + uint8_t xnx = (uint32_t)x_or_minus_x >> 7U; + return (uint32_t)xnx - 1U; +} + +static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) +{ + uint8_t x = a; + uint8_t y = b; + uint8_t x_xor_y = (uint32_t)x ^ (uint32_t)y; + uint8_t x_sub_y = (uint32_t)x - (uint32_t)y; + uint8_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y; + uint8_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y; + uint8_t x_xor_q = (uint32_t)x ^ (uint32_t)q; + uint8_t x_xor_q_ = (uint32_t)x_xor_q >> 7U; + return (uint32_t)x_xor_q_ - 1U; +} + +extern Prims_string FStar_UInt8_to_string(uint8_t uu___); + +extern Prims_string FStar_UInt8_to_string_hex(uint8_t uu___); + +extern Prims_string FStar_UInt8_to_string_hex_pad(uint8_t uu___); + +extern uint8_t FStar_UInt8_of_string(Prims_string uu___); + +typedef uint8_t FStar_UInt8_byte; + + +#define __FStar_UInt_8_16_32_64_H_DEFINED +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h new file mode 100644 index 000000000..e851c15c9 --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h @@ -0,0 +1,27 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __LowStar_Endianness_H +#define __LowStar_Endianness_H + +#include +#include +#include "krml/internal/compat.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +static inline void store128_le(uint8_t *x0, FStar_UInt128_uint128 x1); + +static inline FStar_UInt128_uint128 load128_le(uint8_t *x0); + +static inline void store128_be(uint8_t *x0, FStar_UInt128_uint128 x1); + +static inline FStar_UInt128_uint128 load128_be(uint8_t *x0); + + +#define __LowStar_Endianness_H_DEFINED +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.basic b/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.basic new file mode 100644 index 000000000..8e39de6d0 --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.basic @@ -0,0 +1,56 @@ +# A basic Makefile that KaRaMeL copies in the output directory; this is not +# guaranteed to work and will only work well for very simple projects. This +# Makefile uses: +# - the custom C files passed to your krml invocation +# - the custom C flags passed to your krml invocation +# - the -o option passed to your krml invocation + +include Makefile.include + +ifeq (,$(KRML_HOME)) + $(error please define KRML_HOME to point to the root of your KaRaMeL git checkout) +endif + +CFLAGS += -I. -I $(KRML_HOME)/include -I $(KRML_HOME)/krmllib/dist/minimal +CFLAGS += -Wall -Wextra -Werror -std=c11 \ + -Wno-unknown-warning-option \ + -Wno-infinite-recursion \ + -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE +ifeq ($(OS),Windows_NT) +CFLAGS += -D__USE_MINGW_ANSI_STDIO +else +CFLAGS += -fPIC +endif +CFLAGS += $(USER_CFLAGS) + +SOURCES += $(ALL_C_FILES) $(USER_C_FILES) +ifneq (,$(BLACKLIST)) + SOURCES := $(filter-out $(BLACKLIST),$(SOURCES)) +endif +OBJS += $(patsubst %.c,%.o,$(SOURCES)) + +all: $(USER_TARGET) + +$(USER_TARGET): $(OBJS) + +AR ?= ar + +%.a: + $(AR) cr $@ $^ + +%.exe: + $(CC) $(CFLAGS) -o $@ $^ $(KRML_HOME)/krmllib/dist/generic/libkrmllib.a + +%.so: + $(CC) $(CFLAGS) -shared -o $@ $^ + +%.d: %.c + @set -e; rm -f $@; \ + $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \ + sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \ + rm -f $@.$$$$ + +include $(patsubst %.c,%.d,$(SOURCES)) + +clean: + rm -rf *.o *.d $(USER_TARGET) diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.include b/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.include new file mode 100644 index 000000000..ad5321718 --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.include @@ -0,0 +1,5 @@ +USER_TARGET=libkrmllib.a +USER_CFLAGS= +USER_C_FILES=fstar_uint128.c +ALL_C_FILES= +ALL_H_FILES=FStar_UInt128.h FStar_UInt_8_16_32_64.h LowStar_Endianness.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h new file mode 100644 index 000000000..ae109004f --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h @@ -0,0 +1,165 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/******************************************************************************/ +/* Machine integers (128-bit arithmetic) */ +/******************************************************************************/ + +/* This header contains two things. + * + * First, an implementation of 128-bit arithmetic suitable for 64-bit GCC and + * Clang, i.e. all the operations from FStar.UInt128. + * + * Second, 128-bit operations from C.Endianness (or LowStar.Endianness), + * suitable for any compiler and platform (via a series of ifdefs). This second + * part is unfortunate, and should be fixed by moving {load,store}128_{be,le} to + * FStar.UInt128 to avoid a maze of preprocessor guards and hand-written code. + * */ + +/* This file is used for both the minimal and generic krmllib distributions. As + * such, it assumes that the machine integers have been bundled the exact same + * way in both cases. */ + +#ifndef FSTAR_UINT128_GCC64 +#define FSTAR_UINT128_GCC64 + +#include "FStar_UInt128.h" +#include "FStar_UInt_8_16_32_64.h" +#include "LowStar_Endianness.h" + +/* GCC + using native unsigned __int128 support */ + +inline static uint128_t load128_le(uint8_t *b) { + uint128_t l = (uint128_t)load64_le(b); + uint128_t h = (uint128_t)load64_le(b + 8); + return (h << 64 | l); +} + +inline static void store128_le(uint8_t *b, uint128_t n) { + store64_le(b, (uint64_t)n); + store64_le(b + 8, (uint64_t)(n >> 64)); +} + +inline static uint128_t load128_be(uint8_t *b) { + uint128_t h = (uint128_t)load64_be(b); + uint128_t l = (uint128_t)load64_be(b + 8); + return (h << 64 | l); +} + +inline static void store128_be(uint8_t *b, uint128_t n) { + store64_be(b, (uint64_t)(n >> 64)); + store64_be(b + 8, (uint64_t)n); +} + +inline static uint128_t FStar_UInt128_add(uint128_t x, uint128_t y) { + return x + y; +} + +inline static uint128_t FStar_UInt128_mul(uint128_t x, uint128_t y) { + return x * y; +} + +inline static uint128_t FStar_UInt128_add_mod(uint128_t x, uint128_t y) { + return x + y; +} + +inline static uint128_t FStar_UInt128_sub(uint128_t x, uint128_t y) { + return x - y; +} + +inline static uint128_t FStar_UInt128_sub_mod(uint128_t x, uint128_t y) { + return x - y; +} + +inline static uint128_t FStar_UInt128_logand(uint128_t x, uint128_t y) { + return x & y; +} + +inline static uint128_t FStar_UInt128_logor(uint128_t x, uint128_t y) { + return x | y; +} + +inline static uint128_t FStar_UInt128_logxor(uint128_t x, uint128_t y) { + return x ^ y; +} + +inline static uint128_t FStar_UInt128_lognot(uint128_t x) { + return ~x; +} + +inline static uint128_t FStar_UInt128_shift_left(uint128_t x, uint32_t y) { + return x << y; +} + +inline static uint128_t FStar_UInt128_shift_right(uint128_t x, uint32_t y) { + return x >> y; +} + +inline static uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x) { + return (uint128_t)x; +} + +inline static uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x) { + return (uint64_t)x; +} + +inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { + return ((uint128_t) x) * y; +} + +inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { + uint64_t mask = + FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) & + FStar_UInt64_eq_mask((uint64_t)x, (uint64_t)y); + return ((uint128_t)mask) << 64 | mask; +} + +inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { + uint64_t mask = + (FStar_UInt64_gte_mask(x >> 64, y >> 64) & + ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | + (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y)); + return ((uint128_t)mask) << 64 | mask; +} + +inline static uint64_t FStar_UInt128___proj__Mkuint128__item__low(uint128_t x) { + return (uint64_t) x; +} + +inline static uint64_t FStar_UInt128___proj__Mkuint128__item__high(uint128_t x) { + return (uint64_t) (x >> 64); +} + +inline static uint128_t FStar_UInt128_add_underspec(uint128_t x, uint128_t y) { + return x + y; +} + +inline static uint128_t FStar_UInt128_sub_underspec(uint128_t x, uint128_t y) { + return x - y; +} + +inline static bool FStar_UInt128_eq(uint128_t x, uint128_t y) { + return x == y; +} + +inline static bool FStar_UInt128_gt(uint128_t x, uint128_t y) { + return x > y; +} + +inline static bool FStar_UInt128_lt(uint128_t x, uint128_t y) { + return x < y; +} + +inline static bool FStar_UInt128_gte(uint128_t x, uint128_t y) { + return x >= y; +} + +inline static bool FStar_UInt128_lte(uint128_t x, uint128_t y) { + return x <= y; +} + +inline static uint128_t FStar_UInt128_mul32(uint64_t x, uint32_t y) { + return (uint128_t) x * (uint128_t) y; +} + +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h new file mode 100644 index 000000000..6ff658f54 --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h @@ -0,0 +1,510 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KaRaMeL + * then hand-edited to use MSVC intrinsics KaRaMeL invocation: + * C:\users\barrybo\mitls2c\karamel\_build\src\Karamel.native -minimal -fnouint128 C:/users/barrybo/mitls2c/FStar/ulib/FStar.UInt128.fst -tmpdir ../secure_api/out/runtime_switch/uint128 -skip-compilation -add-include "krmllib0.h" -drop FStar.Int.Cast.Full -bundle FStar.UInt128=FStar.*,Prims + * F* version: 15104ff8 + * KaRaMeL version: 318b7fa8 + */ + +#ifndef FSTAR_UINT128_MSVC +#define FSTAR_UINT128_MSVC + +#include "krml/internal/types.h" +#include "FStar_UInt128.h" +#include "FStar_UInt_8_16_32_64.h" + +#ifndef _MSC_VER +# error This file only works with the MSVC compiler +#endif + +/* JP: need to rip out HAS_OPTIMIZED since the header guards in types.h are now + * done properly and only include this file when we know for sure we are on + * 64-bit MSVC. */ + +#if defined(_M_X64) && !defined(KRML_VERIFIED_UINT128) +#define HAS_OPTIMIZED 1 +#else +#define HAS_OPTIMIZED 0 +#endif + +// Define .low and .high in terms of the __m128i fields, to reduce +// the amount of churn in this file. +#if HAS_OPTIMIZED +#include +#include +#define low m128i_u64[0] +#define high m128i_u64[1] +#endif + +inline static FStar_UInt128_uint128 load128_le(uint8_t *b) { +#if HAS_OPTIMIZED + return _mm_loadu_si128((__m128i *)b); +#else + FStar_UInt128_uint128 lit; + lit.low = load64_le(b); + lit.high = load64_le(b + 8); + return lit; +#endif +} + +inline static void store128_le(uint8_t *b, FStar_UInt128_uint128 n) { + store64_le(b, n.low); + store64_le(b + 8, n.high); +} + +inline static FStar_UInt128_uint128 load128_be(uint8_t *b) { + uint64_t l = load64_be(b + 8); + uint64_t h = load64_be(b); +#if HAS_OPTIMIZED + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = l; + lit.high = h; + return lit; +#endif +} + +inline static void store128_be(uint8_t *b, uint128_t n) { + store64_be(b, n.high); + store64_be(b + 8, n.low); +} + +inline static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) { + return (a ^ (a ^ b | a - b ^ b)) >> (uint32_t)63U; +} + +inline static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) { + return FStar_UInt128_constant_time_carry(a, b); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + uint64_t l, h; + + unsigned char carry = + _addcarry_u64(0, a.low, b.low, &l); // low/CF = a.low+b.low+0 + _addcarry_u64(carry, a.high, b.high, &h); // high = a.high+b.high+CF + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_add(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_add(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + uint64_t l, h; + + unsigned char borrow = _subborrow_u64(0, a.low, b.low, &l); + _subborrow_u64(borrow, a.high, b.high, &h); + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_sub(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_sub(a, b); +#else + return FStar_UInt128_sub_mod_impl(a, b); +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return _mm_and_si128(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low & b.low; + lit.high = a.high & b.high; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return _mm_xor_si128(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low ^ b.low; + lit.high = a.high ^ b.high; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return _mm_or_si128(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low | b.low; + lit.high = a.high | b.high; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) { +#if HAS_OPTIMIZED + return _mm_andnot_si128(a, a); +#else + FStar_UInt128_uint128 lit; + lit.low = ~a.low; + lit.high = ~a.high; + return lit; +#endif +} + +static const uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; + +inline static uint64_t +FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) { + return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); +} + +inline static uint64_t +FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) { + return FStar_UInt128_add_u64_shift_left(hi, lo, s); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) { + if (s == (uint32_t)0U) + return a; + else { + FStar_UInt128_uint128 lit; + lit.low = a.low << s; + lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); + return lit; + } +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) { + FStar_UInt128_uint128 lit; + lit.low = (uint64_t)0U; + lit.high = a.low << (s - FStar_UInt128_u32_64); + return lit; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) { +#if HAS_OPTIMIZED + if (s == 0) { + return a; + } else if (s < FStar_UInt128_u32_64) { + uint64_t l = a.low << s; + uint64_t h = __shiftleft128(a.low, a.high, (unsigned char)s); + return _mm_set_epi64x(h, l); + } else { + return _mm_set_epi64x(a.low << (s - FStar_UInt128_u32_64), 0); + } +#else + if (s < FStar_UInt128_u32_64) + return FStar_UInt128_shift_left_small(a, s); + else + return FStar_UInt128_shift_left_large(a, s); +#endif +} + +inline static uint64_t +FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) { + return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); +} + +inline static uint64_t +FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) { + return FStar_UInt128_add_u64_shift_right(hi, lo, s); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) { + if (s == (uint32_t)0U) + return a; + else { + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); + lit.high = a.high >> s; + return lit; + } +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) { + FStar_UInt128_uint128 lit; + lit.low = a.high >> (s - FStar_UInt128_u32_64); + lit.high = (uint64_t)0U; + return lit; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) { +#if HAS_OPTIMIZED + if (s == 0) { + return a; + } else if (s < FStar_UInt128_u32_64) { + uint64_t l = __shiftright128(a.low, a.high, (unsigned char)s); + uint64_t h = a.high >> s; + return _mm_set_epi64x(h, l); + } else { + return _mm_set_epi64x(0, a.high >> (s - FStar_UInt128_u32_64)); + } +#else + if (s < FStar_UInt128_u32_64) + return FStar_UInt128_shift_right_small(a, s); + else + return FStar_UInt128_shift_right_large(a, s); +#endif +} + +inline static bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.low == b.low && a.high == b.high; +} + +inline static bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high > b.high || a.high == b.high && a.low > b.low; +} + +inline static bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high < b.high || a.high == b.high && a.low < b.low; +} + +inline static bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high > b.high || a.high == b.high && a.low >= b.low; +} + +inline static bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high < b.high || a.high == b.high && a.low <= b.low; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + // PCMPW to produce 4 32-bit values, all either 0x0 or 0xffffffff + __m128i r32 = _mm_cmpeq_epi32(a, b); + // Shuffle 3,2,1,0 into 2,3,0,1 (swapping dwords inside each half) + __m128i s32 = _mm_shuffle_epi32(r32, _MM_SHUFFLE(2, 3, 0, 1)); + // Bitwise and to compute (3&2),(2&3),(1&0),(0&1) + __m128i ret64 = _mm_and_si128(r32, s32); + // Swap the two 64-bit values to form s64 + __m128i s64 = + _mm_shuffle_epi32(ret64, _MM_SHUFFLE(1, 0, 3, 2)); // 3,2,1,0 -> 1,0,3,2 + // And them together + return _mm_and_si128(ret64, s64); +#else + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED && 0 + // ge - compare 3,2,1,0 for >= and generating 0 or 0xffffffff for each + // eq - compare 3,2,1,0 for == and generating 0 or 0xffffffff for each + // slot 0 = ge0 | (eq0 & ge1) | (eq0 & eq1 & ge2) | (eq0 & eq1 & eq2 & ge3) + // then splat slot 0 to 3,2,1,0 + __m128i gt = _mm_cmpgt_epi32(a, b); + __m128i eq = _mm_cmpeq_epi32(a, b); + __m128i ge = _mm_or_si128(gt, eq); + __m128i ge0 = ge; + __m128i eq0 = eq; + __m128i ge1 = _mm_srli_si128(ge, 4); // shift ge from 3,2,1,0 to 0x0,3,2,1 + __m128i t1 = _mm_and_si128(eq0, ge1); + __m128i ret = _mm_or_si128(ge, t1); // ge0 | (eq0 & ge1) is now in 0 + __m128i eq1 = _mm_srli_si128(eq, 4); // shift eq from 3,2,1,0 to 0x0,3,2,1 + __m128i ge2 = + _mm_srli_si128(ge1, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,3,2 + __m128i t2 = + _mm_and_si128(eq0, _mm_and_si128(eq1, ge2)); // t2 = (eq0 & eq1 & ge2) + ret = _mm_or_si128(ret, t2); + __m128i eq2 = _mm_srli_si128(eq1, 4); // shift eq from 3,2,1,0 to 0x0,00,00,3 + __m128i ge3 = + _mm_srli_si128(ge2, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,0x0,3 + __m128i t3 = _mm_and_si128( + eq0, _mm_and_si128( + eq1, _mm_and_si128(eq2, ge3))); // t3 = (eq0 & eq1 & eq2 & ge3) + ret = _mm_or_si128(ret, t3); + return _mm_shuffle_epi32( + ret, + _MM_SHUFFLE(0, 0, 0, 0)); // the result is in 0. Shuffle into all dwords. +#else + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high) | + FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low); + lit.high = FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high) | + FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) { +#if HAS_OPTIMIZED + return _mm_set_epi64x(0, a); +#else + FStar_UInt128_uint128 lit; + lit.low = a; + lit.high = (uint64_t)0U; + return lit; +#endif +} + +inline static uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) { + return a.low; +} + +inline static uint64_t FStar_UInt128_u64_mod_32(uint64_t a) { + return a & (uint64_t)0xffffffffU; +} + +static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U; + +inline static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) { + return lo + (hi << FStar_UInt128_u32_32); +} + +inline static FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) { +#if HAS_OPTIMIZED + uint64_t l, h; + l = _umul128(x, (uint64_t)y, &h); + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_u32_combine( + (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> + FStar_UInt128_u32_32), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); + lit.high = (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> + FStar_UInt128_u32_32) >> + FStar_UInt128_u32_32; + return lit; +#endif +} + +/* Note: static headers bring scope collision issues when they define types! + * Because now client (karamel-generated) code will include this header and + * there might be type collisions if the client code uses quadruples of uint64s. + * So, we cannot use the karamel-generated name. */ +typedef struct K_quad_s { + uint64_t fst; + uint64_t snd; + uint64_t thd; + uint64_t f3; +} K_quad; + +inline static K_quad +FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) { + K_quad tmp; + tmp.fst = FStar_UInt128_u64_mod_32(x); + tmp.snd = FStar_UInt128_u64_mod_32( + FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)); + tmp.thd = x >> FStar_UInt128_u32_32; + tmp.f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> + FStar_UInt128_u32_32); + return tmp; +} + +static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) { + return lo + (hi << FStar_UInt128_u32_32); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y) { + K_quad scrut = + FStar_UInt128_mul_wide_impl_t_(x, y); + uint64_t u1 = scrut.fst; + uint64_t w3 = scrut.snd; + uint64_t x_ = scrut.thd; + uint64_t t_ = scrut.f3; + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_u32_combine_( + u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), w3); + lit.high = + x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> + FStar_UInt128_u32_32); + return lit; +} + +inline static +FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { +#if HAS_OPTIMIZED + uint64_t l, h; + l = _umul128(x, y, &h); + return _mm_set_epi64x(h, l); +#else + return FStar_UInt128_mul_wide_impl(x, y); +#endif +} + +#undef low +#undef high + +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h b/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h new file mode 100644 index 000000000..e2b6d6285 --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h @@ -0,0 +1,68 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef FSTAR_UINT128_STRUCT_ENDIANNESS_H +#define FSTAR_UINT128_STRUCT_ENDIANNESS_H + +/* Hand-written implementation of endianness-related uint128 functions + * for the extracted uint128 implementation */ + +/* Access 64-bit fields within the int128. */ +#define HIGH64_OF(x) ((x)->high) +#define LOW64_OF(x) ((x)->low) + +/* A series of definitions written using pointers. */ + +inline static void load128_le_(uint8_t *b, uint128_t *r) { + LOW64_OF(r) = load64_le(b); + HIGH64_OF(r) = load64_le(b + 8); +} + +inline static void store128_le_(uint8_t *b, uint128_t *n) { + store64_le(b, LOW64_OF(n)); + store64_le(b + 8, HIGH64_OF(n)); +} + +inline static void load128_be_(uint8_t *b, uint128_t *r) { + HIGH64_OF(r) = load64_be(b); + LOW64_OF(r) = load64_be(b + 8); +} + +inline static void store128_be_(uint8_t *b, uint128_t *n) { + store64_be(b, HIGH64_OF(n)); + store64_be(b + 8, LOW64_OF(n)); +} + +#ifndef KRML_NOSTRUCT_PASSING + +inline static uint128_t load128_le(uint8_t *b) { + uint128_t r; + load128_le_(b, &r); + return r; +} + +inline static void store128_le(uint8_t *b, uint128_t n) { + store128_le_(b, &n); +} + +inline static uint128_t load128_be(uint8_t *b) { + uint128_t r; + load128_be_(b, &r); + return r; +} + +inline static void store128_be(uint8_t *b, uint128_t n) { + store128_be_(b, &n); +} + +#else /* !defined(KRML_STRUCT_PASSING) */ + +# define print128 print128_ +# define load128_le load128_le_ +# define store128_le store128_le_ +# define load128_be load128_be_ +# define store128_be store128_be_ + +#endif /* KRML_STRUCT_PASSING */ + +#endif diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/libkrmllib.def b/libcrux-sha3/c/karamel/krmllib/dist/minimal/libkrmllib.def new file mode 100644 index 000000000..c4ab8e38e --- /dev/null +++ b/libcrux-sha3/c/karamel/krmllib/dist/minimal/libkrmllib.def @@ -0,0 +1,11 @@ +LIBRARY libkrmllib + +EXPORTS + FStar_UInt64_eq_mask + FStar_UInt64_gte_mask + FStar_UInt32_eq_mask + FStar_UInt32_gte_mask + FStar_UInt16_eq_mask + FStar_UInt16_gte_mask + FStar_UInt8_eq_mask + FStar_UInt8_gte_mask diff --git a/libcrux-sha3/c/libcrux_intrinsics_avx2.h b/libcrux-sha3/c/libcrux_intrinsics_avx2.h new file mode 100644 index 000000000..4a391a56a --- /dev/null +++ b/libcrux-sha3/c/libcrux_intrinsics_avx2.h @@ -0,0 +1,20 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#ifndef __libcrux_intrinsics_avx2_H +#define __libcrux_intrinsics_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_avx2_H_DEFINED +#endif diff --git a/libcrux-sha3/c/libcrux_sha3.c b/libcrux-sha3/c/libcrux_sha3.c new file mode 100644 index 000000000..5bd9b1059 --- /dev/null +++ b/libcrux-sha3/c/libcrux_sha3.c @@ -0,0 +1,3293 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#include "internal/libcrux_sha3.h" + +#include "internal/core.h" + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) +{ + size_t uu____0; + switch (mode) + { + case libcrux_sha3_Sha224: + { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = (size_t)64U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha224(digest, payload); +} + +inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) +{ + uint8_t out[28U] = { 0U }; + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha256(digest, payload); +} + +inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) +{ + uint8_t out[32U] = { 0U }; + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha384(digest, payload); +} + +inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) +{ + uint8_t out[48U] = { 0U }; + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha512(digest, payload); +} + +inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +const +size_t +libcrux_sha3_generic_keccak__ROTC[24U] = + { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, + (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, + (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, + (size_t)61U, (size_t)56U, (size_t)14U + }; + +const +size_t +libcrux_sha3_generic_keccak__PI[24U] = + { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, + (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, + (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, + (size_t)14U, (size_t)15U, (size_t)21U + }; + +const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; + +inline uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) +{ + uint64_t uu____0 = a; + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) +{ + return a ^ (b & ~c); +} + +inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) +{ + return a ^ c; +} + +inline void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + ret[0U] = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out[0U], + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) +{ + return 0ULL; +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +) +{ + return a ^ b; +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); +} + +inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +) +{ + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) +{ + libcrux_sha3_Algorithm uu____0; + switch (v) + { + case 1U: + { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: + { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: + { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: + { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } + } + return uu____0; +} + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +) +{ + uint32_t uu____0; + switch (v) + { + case libcrux_sha3_Sha224: + { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = 4U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result_____core_fmt_Error_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +Result__uint8_t_8size_t__core_array_TryFromSliceError; + +static void +unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + uint64_t + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + uint64_t + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + uint64_t + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + uint64_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + uint64_t + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + uint64_t + uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + uint64_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)72U, + (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)144U, + (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)104U, + (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)168U, + (size_t)168U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +) +{ + return self[0U]; +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} + +inline void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); +} + +inline void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +inline void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} + diff --git a/libcrux-sha3/c-snapshot/libcrux_sha3.h b/libcrux-sha3/c/libcrux_sha3.h similarity index 52% rename from libcrux-sha3/c-snapshot/libcrux_sha3.h rename to libcrux-sha3/c/libcrux_sha3.h index 8646695bb..9e54fc9b8 100644 --- a/libcrux-sha3/c-snapshot/libcrux_sha3.h +++ b/libcrux-sha3/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/79mbhm8cx0rrgdyj2jfxiq5h7l5cd3km-ocaml4.14.1-eurydice-dirty/bin/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc F* version: - KaRaMeL version: + KaRaMeL version: e8e461ce */ #ifndef __libcrux_sha3_H @@ -15,146 +15,30 @@ extern "C" { #include "core.h" #include "eurydice_glue.h" -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t x0); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permute2x128_si256( - int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m256i x2 -); - -extern void -libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice x0, core_core_arch_x86___m256i x1); - -void -libcrux_sha3_simd_avx2_slice_4( - Eurydice_slice a[4U], - size_t start, - size_t len, - Eurydice_slice ret[4U] -); +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 -typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s -{ - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} -K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; +typedef uint8_t libcrux_sha3_Algorithm; -extern K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice x0[4U], size_t x1); +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___zero( - void -); +void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor5( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -); +void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___rotate_left1_and_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); +void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___and_not_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -); +void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_constant( - core_core_arch_x86___m256i a, - uint64_t c -); +void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); +void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___slice_n( - Eurydice_slice a[4U], - size_t start, - size_t len, - Eurydice_slice ret[4U] -); +void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); -K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___split_at_mut_n( - Eurydice_slice a[4U], - size_t mid -); +void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; @@ -248,13 +132,6 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 size_t mid ); -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - libcrux_sha3_Algorithm libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); @@ -263,8 +140,6 @@ libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( libcrux_sha3_Algorithm v ); -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); - typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; @@ -918,22 +793,6 @@ libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); -void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); - -void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); - -void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); - -void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); - void libcrux_sha3_portable_keccak_load_block___168size_t( uint64_t (*s)[5U], @@ -1084,631 +943,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( Eurydice_slice out0 ); -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -); - -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } -libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void); - -void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -); - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); - -typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s -{ core_core_arch_x86___m256i st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -); - -void -libcrux_sha3_simd_avx2_load_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_simd_avx2_load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_simd_avx2_store_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -); - -void -libcrux_sha3_simd_avx2_store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t ret[4U][200U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t ret[4U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -); - -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void); - -void -libcrux_sha3_simd_avx2_load_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_simd_avx2_load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -); - -void -libcrux_sha3_simd_avx2_store_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - #if defined(__cplusplus) } #endif diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.c b/libcrux-sha3/c/libcrux_sha3_avx2.c new file mode 100644 index 000000000..355bdb33b --- /dev/null +++ b/libcrux-sha3/c/libcrux_sha3_avx2.c @@ -0,0 +1,2720 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#include "internal/libcrux_sha3_avx2.h" + +#include "internal/libcrux_sha3.h" +#include "internal/core.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" + +static inline core_core_arch_x86___m256i +_veor5q_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i uu____0 = a; + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i +_vbcaxq_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i uu____0 = a; + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) +{ + core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline void +slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) +{ + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(a[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(a[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = + Eurydice_slice_subslice(a[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +typedef struct __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s +{ + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} +__Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + +static inline __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) +{ + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out0, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at_mut(out1, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at_mut(out2, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at_mut(out3, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline core_core_arch_x86___m256i zero(void) +{ + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static inline core_core_arch_x86___m256i +xor5( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i +rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i +and_not_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) +{ + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i +xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void +slice_n(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) +{ + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); +} + +static inline __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) +{ + return split_at_mut_4(a, mid); +} + +inline void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, + buf); +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +) +{ + Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, + buf); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____0 = split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o0); + __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____1 = split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o1); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o2); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +) +{ + libcrux_sha3_simd_avx2_store_block___168size_t(a, b); +} + +inline void +libcrux_sha3_simd_avx2_store_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2_load_block_full___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_simd_avx2_load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + libcrux_sha3_simd_avx2_load_block___168size_t(uu____0, buf); +} + +inline void +libcrux_sha3_simd_avx2_load_block___168size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } + else + { + __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o); + memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +) +{ + libcrux_sha3_simd_avx2_store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t ret[4U][200U] +) +{ + uint8_t ret0[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_simd_avx2_store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t ret[4U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + uint8_t out2[200U] = { 0U }; + uint8_t out3[200U] = { 0U }; + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + out3, + uint8_t, + Eurydice_slice) + }; + libcrux_sha3_simd_avx2_store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_simd_avx2_store_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( + core_core_arch_x86___m256i (*a)[5U], + uint8_t b[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + libcrux_sha3_simd_avx2_load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_simd_avx2_load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], + uint8_t blocks[4U][200U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, buf); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +) +{ + core_core_arch_x86___m256i + uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + core_core_arch_x86___m256i + uu____0 = + and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + core_core_arch_x86___m256i [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i + uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); + core_core_arch_x86___m256i + uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); + core_core_arch_x86___m256i + uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); + core_core_arch_x86___m256i + uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); + core_core_arch_x86___m256i + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + core_core_arch_x86___m256i + uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i + uu____9 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i + uu____10 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i + uu____11 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i + uu____12 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i + uu____13 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i + uu____14 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i + uu____15 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i + uu____16 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i + uu____17 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i + uu____18 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i + uu____19 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i + uu____20 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i + uu____21 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i + uu____22 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i + uu____23 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i + uu____24 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i + uu____25 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i + uu____26 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i + uu____27 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i + uu____28 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i + uu____29 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i + uu____30 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i + uu____31 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i + uu____32 = + libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t(a, b); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(ab); +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); +} + +inline void +libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( + core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_simd_avx2_load_block___136size_t( + core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +inline core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); +} + diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.h b/libcrux-sha3/c/libcrux_sha3_avx2.h new file mode 100644 index 000000000..1ce43edf8 --- /dev/null +++ b/libcrux-sha3/c/libcrux_sha3_avx2.h @@ -0,0 +1,172 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#ifndef __libcrux_sha3_avx2_H +#define __libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_intrinsics_avx2.h" +#include "core.h" +#include "eurydice_glue.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" + +typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s +{ core_core_arch_x86___m256i st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void); + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-sha3/c/libcrux_sha3_neon.c b/libcrux-sha3/c/libcrux_sha3_neon.c new file mode 100644 index 000000000..b5c51993b --- /dev/null +++ b/libcrux-sha3/c/libcrux_sha3_neon.c @@ -0,0 +1,178 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#include "libcrux_sha3_neon.h" + +#include "internal/core.h" +#include "intrinsics/libcrux_intrinsics_arm64.h" + +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice data0, + Eurydice_slice data1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + diff --git a/libcrux-sha3/c/libcrux_sha3_neon.h b/libcrux-sha3/c/libcrux_sha3_neon.h new file mode 100644 index 000000000..5a35f712a --- /dev/null +++ b/libcrux-sha3/c/libcrux_sha3_neon.h @@ -0,0 +1,68 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: + KaRaMeL version: e8e461ce + */ + +#ifndef __libcrux_sha3_neon_H +#define __libcrux_sha3_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "core.h" +#include "eurydice_glue.h" + +void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +); + +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } +libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void); + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice data0, + Eurydice_slice data1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_neon_H_DEFINED +#endif diff --git a/libcrux-sha3/c/log.yxy b/libcrux-sha3/c/log.yxy new file mode 100644 index 000000000..10df4b047 --- /dev/null +++ b/libcrux-sha3/c/log.yxy @@ -0,0 +1,1652 @@ +[1/3] Building C object CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o +FAILED: CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o +/usr/bin/cc -DCMAKE_INTDIR=\"Debug\" -I/home/franziskus/libcrux/libcrux-sha3/c -I/home/franziskus/libcrux/libcrux-sha3/c/internal -I/home/franziskus/libcrux/libcrux-sha3/c/karamel/include -Wall -g -mavx -mavx2 -MD -MT CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o -MF CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o.d -o CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o -c /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c +In file included from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:17, + from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: +/home/franziskus/libcrux/libcrux-sha3/c/internal/../libcrux_sha3_avx2.h:22:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 22 | { core_core_arch_x86___m256i st[5U][5U]; } + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +In file included from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:22:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 22 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:28:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 28 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:34:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 34 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:40:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 40 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:46:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 46 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:52:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 52 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:58:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 58 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:64:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 64 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:70:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 70 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:76:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 76 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:82:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 82 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:86:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 86 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:88:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 88 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:89:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 89 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:92:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 92 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:94:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 94 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:95:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 95 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:98:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 98 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:99:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 99 | libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:101:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 101 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:103:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 103 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:104:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 104 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:107:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 107 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:109:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 109 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:110:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 110 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:113:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 113 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:114:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 114 | libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:116:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 116 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:118:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 118 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:119:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 119 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:122:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 122 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:124:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 124 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:125:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 125 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:128:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 128 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:129:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 129 | libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:131:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 131 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:133:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 133 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:134:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 134 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:137:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 137 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:139:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 139 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:140:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 140 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:143:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 143 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:144:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 144 | libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:146:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 146 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:148:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 148 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:149:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 149 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:152:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 152 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:154:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 154 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:155:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 155 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:158:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 158 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:159:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 159 | libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:161:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 161 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:163:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 163 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:164:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 164 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:167:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 167 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:169:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 169 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:170:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 170 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:173:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 173 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:174:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 174 | libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:176:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 176 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:178:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 178 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:179:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 179 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:182:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 182 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:184:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 184 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:185:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 185 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:188:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 188 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:189:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 189 | libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:191:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 191 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:193:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 193 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:194:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 194 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:197:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 197 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:199:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 199 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:200:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 200 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:203:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 203 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:204:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 204 | libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:206:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 206 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:208:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 208 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:209:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 209 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:212:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 212 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:214:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 214 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:215:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 215 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:218:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 218 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:219:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 219 | libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:221:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 221 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:223:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 223 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:224:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 224 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:227:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 227 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:229:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 229 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:230:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 230 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:233:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 233 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:234:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 234 | libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:236:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 236 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:238:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 238 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:239:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 239 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:242:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 242 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:244:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 244 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:245:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 245 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:248:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 248 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:249:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 249 | libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:251:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 251 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:253:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 253 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:254:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 254 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:257:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 257 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:259:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 259 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:260:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 260 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:263:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 263 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:264:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 264 | libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:266:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 266 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:268:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 268 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:269:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 269 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:272:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 272 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:274:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 274 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:275:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 275 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:278:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 278 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:279:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 279 | libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:281:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 281 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:283:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 283 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:284:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 284 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:287:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 287 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:289:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 289 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:290:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 290 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:293:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 293 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:294:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 294 | libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:296:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 296 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:298:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 298 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:299:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 299 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:302:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 302 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:304:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 304 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:305:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 305 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:308:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 308 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:309:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 309 | libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:311:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 311 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:313:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 313 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:314:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 314 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:317:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 317 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:319:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 319 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:320:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 320 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:323:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 323 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:324:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 324 | libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:326:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 326 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:328:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 328 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:329:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 329 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:332:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 332 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:334:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 334 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:335:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 335 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:338:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 338 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:339:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 339 | libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:341:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 341 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:343:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 343 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:344:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 344 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:347:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 347 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:349:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 349 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:350:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 350 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:353:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 353 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:354:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 354 | libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:356:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 356 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:358:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 358 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:359:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 359 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:362:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 362 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:364:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 364 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:365:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 365 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:368:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 368 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:369:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 369 | libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:371:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 371 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:373:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 373 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:374:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 374 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:377:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 377 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:379:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 379 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:380:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 380 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:383:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 383 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:385:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 385 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:386:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 386 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:389:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 389 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:391:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 391 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:392:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 392 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:395:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 395 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:396:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 396 | libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:398:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 398 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:400:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 400 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:401:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 401 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:404:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 404 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:406:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 406 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:407:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 407 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:410:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 410 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:411:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 411 | libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:413:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 413 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:415:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 415 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:416:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 416 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:419:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 419 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:421:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 421 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:422:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 422 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:425:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 425 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:426:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 426 | libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:428:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 428 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:430:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 430 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:431:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 431 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:434:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 434 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:436:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 436 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:437:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 437 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:440:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 440 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:441:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 441 | libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:445:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 445 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:451:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 451 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:455:1: error: unknown type name ‘core_core_arch_x86___m256i’ + 455 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:456:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 456 | libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:14:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 14 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:16:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 16 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:17:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 17 | core_core_arch_x86___m256i b, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:18:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 18 | core_core_arch_x86___m256i c, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:19:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 19 | core_core_arch_x86___m256i d, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:20:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 20 | core_core_arch_x86___m256i e + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:29:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 29 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:30:13: error: unknown type name ‘core_core_arch_x86___m256i’ + 30 | _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:30:43: error: unknown type name ‘core_core_arch_x86___m256i’ + 30 | _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:38:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 38 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:40:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 40 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:41:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 41 | core_core_arch_x86___m256i b, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:42:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 42 | core_core_arch_x86___m256i c + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:51:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 51 | static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:51:55: error: unknown type name ‘core_core_arch_x86___m256i’ + 51 | static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:150:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 150 | static inline core_core_arch_x86___m256i zero(void) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘zero’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:152:10: warning: implicit declaration of function ‘libcrux_intrinsics_avx2_mm256_set1_epi64x’ [-Wimplicit-function-declaration] + 152 | return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:155:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 155 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:157:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 157 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:158:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 158 | core_core_arch_x86___m256i b, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:159:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 159 | core_core_arch_x86___m256i c, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:160:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 160 | core_core_arch_x86___m256i d, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:161:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 161 | core_core_arch_x86___m256i e + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:167:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 167 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:168:22: error: unknown type name ‘core_core_arch_x86___m256i’ + 168 | rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:168:52: error: unknown type name ‘core_core_arch_x86___m256i’ + 168 | rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:173:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 173 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:175:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 175 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:176:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 176 | core_core_arch_x86___m256i b, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:177:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 177 | core_core_arch_x86___m256i c + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:183:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 183 | static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:183:55: error: unknown type name ‘core_core_arch_x86___m256i’ + 183 | static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:188:15: error: unknown type name ‘core_core_arch_x86___m256i’ + 188 | static inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:189:6: error: unknown type name ‘core_core_arch_x86___m256i’ + 189 | xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:189:36: error: unknown type name ‘core_core_arch_x86___m256i’ + 189 | xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:310:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t’? [-Wimplicit-function-declaration] + 310 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:326:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 326 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:335:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 335 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:583:3: warning: implicit declaration of function ‘core_core_arch_x86___m256i’ [-Wimplicit-function-declaration] + 583 | core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:583:32: error: ‘uu____1’ undeclared (first use in this function) + 583 | core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + | ^~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:583:32: note: each undeclared identifier is reported only once for each function it appears in +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:586:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t’? [-Wimplicit-function-declaration] + 586 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t(uu____1, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:593:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 593 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:605:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 605 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:632:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 632 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1004:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t’? [-Wimplicit-function-declaration] + 1004 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s.st, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1033:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t’? [-Wimplicit-function-declaration] + 1033 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1049:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1049 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1087:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1087 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1098:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1098 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1138:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1138 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1386:32: error: ‘uu____1’ undeclared (first use in this function) + 1386 | core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + | ^~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1389:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t’? [-Wimplicit-function-declaration] + 1389 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t(uu____1, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1396:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1396 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1408:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1408 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1439:32: error: ‘uu____0’ undeclared (first use in this function) + 1439 | core_core_arch_x86___m256i (*uu____0)[5U] = s->st; + | ^~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1442:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t’ [-Wimplicit-function-declaration] + 1442 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t(uu____0, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1468:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1468 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1469:13: warning: implicit declaration of function ‘xor_constant’ [-Wimplicit-function-declaration] + 1469 | uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + | ^~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1478:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1478 | core_core_arch_x86___m256i old[5U][5U]; + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1479:43: error: ‘core_core_arch_x86___m256i’ undeclared (first use in this function) + 1479 | memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1486:33: error: expected ‘;’ before ‘uu____0’ + 1486 | core_core_arch_x86___m256i + | ^ + | ; + 1487 | uu____0 = + | ~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1491:22: error: ‘uu____0’ undeclared (first use in this function) + 1491 | s->st[i1][j] = uu____0; + | ^~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1501:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1501 | core_core_arch_x86___m256i old[5U][5U]; + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +In file included from /home/franziskus/libcrux/libcrux-sha3/c/internal/../core.h:15, + from /home/franziskus/libcrux/libcrux-sha3/c/internal/core.h:15, + from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3.h:15, + from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:15, + from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1505:5: error: ‘core_core_arch_x86___m256i’ undeclared (first use in this function) + 1505 | core_core_arch_x86___m256i [5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/../eurydice_glue.h:52:34: note: in definition of macro ‘core_array___core__clone__Clone_for__Array_T__N___20__clone’ + 52 | (memcpy(dst, src, len * sizeof(elem_type))) + | ^~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t’: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1538:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1538 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1539:13: warning: implicit declaration of function ‘xor5’ [-Wimplicit-function-declaration] + 1539 | uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); + | ^~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1540:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1540 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1542:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1542 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1544:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1544 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1546:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1546 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1556:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1556 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1558:5: warning: implicit declaration of function ‘rotate_left1_and_xor’ [-Wimplicit-function-declaration] + 1558 | rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + | ^~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1560:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1560 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1564:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1564 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1568:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1568 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1572:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1572 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1579:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1579 | core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1579:40: warning: implicit declaration of function ‘xor0’ [-Wimplicit-function-declaration] + 1579 | core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + | ^~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1581:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1581 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1583:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t’? [-Wimplicit-function-declaration] + 1583 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1586:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1586 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1588:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t’? [-Wimplicit-function-declaration] + 1588 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1591:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1591 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1593:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t’? [-Wimplicit-function-declaration] + 1593 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1596:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1596 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1598:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t’? [-Wimplicit-function-declaration] + 1598 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1601:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1601 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1603:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t’? [-Wimplicit-function-declaration] + 1603 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1606:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1606 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1608:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t’? [-Wimplicit-function-declaration] + 1608 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1611:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1611 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1613:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t’? [-Wimplicit-function-declaration] + 1613 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1616:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1616 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1618:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t’? [-Wimplicit-function-declaration] + 1618 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1621:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1621 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1623:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t’? [-Wimplicit-function-declaration] + 1623 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1626:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1626 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1628:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t’? [-Wimplicit-function-declaration] + 1628 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1631:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1631 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1633:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t’? [-Wimplicit-function-declaration] + 1633 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1636:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1636 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1638:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t’? [-Wimplicit-function-declaration] + 1638 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1641:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1641 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1643:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t’? [-Wimplicit-function-declaration] + 1643 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1646:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1646 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1648:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t’? [-Wimplicit-function-declaration] + 1648 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1651:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1651 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1653:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t’? [-Wimplicit-function-declaration] + 1653 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1656:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1656 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1658:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t’? [-Wimplicit-function-declaration] + 1658 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1661:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1661 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1663:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t’? [-Wimplicit-function-declaration] + 1663 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1666:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1666 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1668:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t’? [-Wimplicit-function-declaration] + 1668 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1671:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1671 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1673:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t’? [-Wimplicit-function-declaration] + 1673 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1676:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1676 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1678:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t’? [-Wimplicit-function-declaration] + 1678 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1681:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1681 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1683:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t’? [-Wimplicit-function-declaration] + 1683 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1686:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1686 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1688:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t’? [-Wimplicit-function-declaration] + 1688 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1691:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1691 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1693:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t’? [-Wimplicit-function-declaration] + 1693 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1696:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1696 | core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1698:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t’? [-Wimplicit-function-declaration] + 1698 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1703:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1703 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1705:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1705 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1706:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1706 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1712:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1712 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1714:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1714 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1715:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1715 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1722:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1722 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1723:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1723 | libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1732:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1732 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1734:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1734 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1735:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1735 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1741:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1741 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1743:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1743 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1744:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1744 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1751:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1751 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1752:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 1752 | libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1761:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1761 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1763:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1763 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1764:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1764 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1770:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1770 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1772:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1772 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1773:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1773 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1780:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1780 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1781:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1781 | libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1790:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1790 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1792:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1792 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1793:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1793 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1799:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1799 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1801:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1801 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1802:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1802 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1809:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1809 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1810:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1810 | libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1819:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1819 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1821:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1821 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1822:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1822 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1828:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1828 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1830:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1830 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1831:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1831 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1838:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1838 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1839:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1839 | libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1848:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1848 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1850:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1850 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1851:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1851 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1857:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1857 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1859:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1859 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1860:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1860 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1867:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1867 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1868:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 1868 | libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1877:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1877 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1879:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1879 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1880:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1880 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1886:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1886 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1888:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1888 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1889:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1889 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1896:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1896 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1897:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1897 | libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1906:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1906 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1908:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1908 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1909:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1909 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1915:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1915 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1917:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1917 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1918:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1918 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1925:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1925 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1926:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1926 | libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1935:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1935 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1937:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1937 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1938:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1938 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1944:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1944 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1946:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1946 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1947:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1947 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1954:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1954 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1955:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 1955 | libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1964:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1964 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1966:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1966 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1967:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1967 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1973:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1973 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1975:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1975 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1976:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1976 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1983:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1983 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1984:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 1984 | libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1993:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 1993 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1995:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1995 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1996:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 1996 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2002:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2002 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2004:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2004 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2005:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2005 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2012:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2012 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2013:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 2013 | libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2022:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2022 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2024:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2024 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2025:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2025 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2031:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2031 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2033:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2033 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2034:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2034 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2041:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2041 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2042:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2042 | libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2051:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2051 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2053:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2053 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2054:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2054 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2060:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2060 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2062:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2062 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2063:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2063 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2070:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2070 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2071:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2071 | libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2080:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2080 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2082:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2082 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2083:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2083 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2089:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2089 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2091:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2091 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2092:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2092 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2099:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2099 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2100:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 2100 | libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2109:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2109 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2111:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2111 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2112:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2112 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2118:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2118 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2120:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2120 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2121:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2121 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2128:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2128 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2129:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 2129 | libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2138:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2138 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2140:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2140 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2141:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2141 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2147:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2147 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2149:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2149 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2150:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2150 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2157:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2157 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2158:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 2158 | libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2167:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2167 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2169:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2169 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2170:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2170 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2176:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2176 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2178:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2178 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2179:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2179 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2186:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2186 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2187:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2187 | libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2196:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2196 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2198:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2198 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2199:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2199 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2205:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2205 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2207:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2207 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2208:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2208 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2215:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2215 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2216:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2216 | libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2225:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2225 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2227:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2227 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2228:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2228 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2234:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2234 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2236:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2236 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2237:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2237 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2244:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2244 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2245:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2245 | libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2254:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2254 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2256:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2256 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2257:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2257 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2263:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2263 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2265:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2265 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2266:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2266 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2273:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2273 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2275:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2275 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2276:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2276 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2282:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2282 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2284:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2284 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2285:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2285 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2292:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2292 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2293:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2293 | libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2302:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2302 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2304:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2304 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2305:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2305 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2311:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2311 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2313:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2313 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2314:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2314 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2321:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2321 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2322:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2322 | libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2331:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2331 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2333:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2333 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2334:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2334 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2340:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2340 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2342:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2342 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2343:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2343 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2350:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2350 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2351:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 2351 | libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2360:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2360 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2362:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2362 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2363:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2363 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2369:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2369 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2371:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2371 | core_core_arch_x86___m256i a, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2372:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2372 | core_core_arch_x86___m256i b + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2379:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2379 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2380:58: error: unknown type name ‘core_core_arch_x86___m256i’ + 2380 | libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2391:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2391 | core_core_arch_x86___m256i (*a)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2403:3: error: unknown type name ‘core_core_arch_x86___m256i’ + 2403 | core_core_arch_x86___m256i (*s)[5U], + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2711:8: error: unknown type name ‘core_core_arch_x86___m256i’ + 2711 | inline core_core_arch_x86___m256i + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2712:57: error: unknown type name ‘core_core_arch_x86___m256i’ + 2712 | libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~ +In file included from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3.h:15, + from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:15, + from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: +/home/franziskus/libcrux/libcrux-sha3/c/internal/core.h:35:24: warning: ‘core_num__u64_9__from_le_bytes’ declared ‘static’ but never defined [-Wunused-function] + 35 | static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +/home/franziskus/libcrux/libcrux-sha3/c/internal/core.h:37:20: warning: ‘core_num__u64_9__to_le_bytes’ declared ‘static’ but never defined [-Wunused-function] + 37 | static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ +ninja: build stopped: subcommand failed. From 8515d8b07e8dff1784991b888c854f380831a7d9 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 29 May 2024 20:46:13 +0200 Subject: [PATCH 54/94] drop chunk --- libcrux-sha3/c/log.yxy | 1652 ---------------------------------------- 1 file changed, 1652 deletions(-) delete mode 100644 libcrux-sha3/c/log.yxy diff --git a/libcrux-sha3/c/log.yxy b/libcrux-sha3/c/log.yxy deleted file mode 100644 index 10df4b047..000000000 --- a/libcrux-sha3/c/log.yxy +++ /dev/null @@ -1,1652 +0,0 @@ -[1/3] Building C object CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o -FAILED: CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o -/usr/bin/cc -DCMAKE_INTDIR=\"Debug\" -I/home/franziskus/libcrux/libcrux-sha3/c -I/home/franziskus/libcrux/libcrux-sha3/c/internal -I/home/franziskus/libcrux/libcrux-sha3/c/karamel/include -Wall -g -mavx -mavx2 -MD -MT CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o -MF CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o.d -o CMakeFiles/sha3_vec256.dir/Debug/libcrux_sha3_avx2.c.o -c /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c -In file included from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:17, - from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: -/home/franziskus/libcrux/libcrux-sha3/c/internal/../libcrux_sha3_avx2.h:22:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 22 | { core_core_arch_x86___m256i st[5U][5U]; } - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -In file included from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:22:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 22 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:28:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 28 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:34:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 34 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:40:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 40 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:46:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 46 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:52:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 52 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:58:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 58 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:64:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 64 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:70:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 70 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:76:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 76 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:82:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 82 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:86:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 86 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:88:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 88 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:89:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 89 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:92:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 92 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:94:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 94 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:95:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 95 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:98:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 98 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:99:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 99 | libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:101:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 101 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:103:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 103 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:104:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 104 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:107:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 107 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:109:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 109 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:110:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 110 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:113:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 113 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:114:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 114 | libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:116:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 116 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:118:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 118 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:119:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 119 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:122:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 122 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:124:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 124 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:125:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 125 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:128:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 128 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:129:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 129 | libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:131:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 131 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:133:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 133 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:134:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 134 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:137:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 137 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:139:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 139 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:140:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 140 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:143:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 143 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:144:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 144 | libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:146:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 146 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:148:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 148 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:149:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 149 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:152:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 152 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:154:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 154 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:155:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 155 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:158:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 158 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:159:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 159 | libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:161:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 161 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:163:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 163 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:164:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 164 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:167:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 167 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:169:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 169 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:170:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 170 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:173:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 173 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:174:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 174 | libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:176:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 176 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:178:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 178 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:179:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 179 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:182:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 182 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:184:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 184 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:185:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 185 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:188:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 188 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:189:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 189 | libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:191:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 191 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:193:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 193 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:194:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 194 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:197:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 197 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:199:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 199 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:200:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 200 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:203:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 203 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:204:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 204 | libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:206:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 206 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:208:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 208 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:209:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 209 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:212:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 212 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:214:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 214 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:215:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 215 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:218:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 218 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:219:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 219 | libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:221:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 221 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:223:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 223 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:224:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 224 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:227:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 227 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:229:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 229 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:230:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 230 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:233:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 233 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:234:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 234 | libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:236:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 236 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:238:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 238 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:239:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 239 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:242:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 242 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:244:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 244 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:245:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 245 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:248:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 248 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:249:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 249 | libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:251:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 251 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:253:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 253 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:254:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 254 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:257:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 257 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:259:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 259 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:260:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 260 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:263:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 263 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:264:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 264 | libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:266:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 266 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:268:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 268 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:269:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 269 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:272:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 272 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:274:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 274 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:275:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 275 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:278:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 278 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:279:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 279 | libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:281:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 281 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:283:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 283 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:284:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 284 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:287:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 287 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:289:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 289 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:290:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 290 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:293:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 293 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:294:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 294 | libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:296:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 296 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:298:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 298 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:299:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 299 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:302:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 302 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:304:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 304 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:305:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 305 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:308:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 308 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:309:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 309 | libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:311:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 311 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:313:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 313 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:314:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 314 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:317:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 317 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:319:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 319 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:320:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 320 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:323:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 323 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:324:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 324 | libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:326:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 326 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:328:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 328 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:329:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 329 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:332:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 332 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:334:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 334 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:335:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 335 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:338:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 338 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:339:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 339 | libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:341:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 341 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:343:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 343 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:344:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 344 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:347:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 347 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:349:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 349 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:350:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 350 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:353:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 353 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:354:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 354 | libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:356:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 356 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:358:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 358 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:359:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 359 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:362:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 362 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:364:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 364 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:365:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 365 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:368:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 368 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:369:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 369 | libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:371:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 371 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:373:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 373 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:374:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 374 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:377:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 377 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:379:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 379 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:380:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 380 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:383:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 383 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:385:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 385 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:386:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 386 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:389:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 389 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:391:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 391 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:392:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 392 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:395:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 395 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:396:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 396 | libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:398:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 398 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:400:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 400 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:401:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 401 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:404:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 404 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:406:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 406 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:407:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 407 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:410:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 410 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:411:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 411 | libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:413:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 413 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:415:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 415 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:416:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 416 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:419:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 419 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:421:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 421 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:422:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 422 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:425:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 425 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:426:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 426 | libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:428:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 428 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:430:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 430 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:431:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 431 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:434:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 434 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:436:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 436 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:437:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 437 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:440:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 440 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:441:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 441 | libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:445:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 445 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:451:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 451 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:455:1: error: unknown type name ‘core_core_arch_x86___m256i’ - 455 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:456:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 456 | libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:14:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 14 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:16:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 16 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:17:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 17 | core_core_arch_x86___m256i b, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:18:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 18 | core_core_arch_x86___m256i c, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:19:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 19 | core_core_arch_x86___m256i d, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:20:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 20 | core_core_arch_x86___m256i e - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:29:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 29 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:30:13: error: unknown type name ‘core_core_arch_x86___m256i’ - 30 | _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:30:43: error: unknown type name ‘core_core_arch_x86___m256i’ - 30 | _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:38:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 38 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:40:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 40 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:41:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 41 | core_core_arch_x86___m256i b, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:42:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 42 | core_core_arch_x86___m256i c - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:51:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 51 | static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:51:55: error: unknown type name ‘core_core_arch_x86___m256i’ - 51 | static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:150:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 150 | static inline core_core_arch_x86___m256i zero(void) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘zero’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:152:10: warning: implicit declaration of function ‘libcrux_intrinsics_avx2_mm256_set1_epi64x’ [-Wimplicit-function-declaration] - 152 | return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:155:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 155 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:157:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 157 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:158:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 158 | core_core_arch_x86___m256i b, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:159:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 159 | core_core_arch_x86___m256i c, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:160:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 160 | core_core_arch_x86___m256i d, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:161:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 161 | core_core_arch_x86___m256i e - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:167:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 167 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:168:22: error: unknown type name ‘core_core_arch_x86___m256i’ - 168 | rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:168:52: error: unknown type name ‘core_core_arch_x86___m256i’ - 168 | rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:173:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 173 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:175:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 175 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:176:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 176 | core_core_arch_x86___m256i b, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:177:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 177 | core_core_arch_x86___m256i c - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:183:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 183 | static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:183:55: error: unknown type name ‘core_core_arch_x86___m256i’ - 183 | static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:188:15: error: unknown type name ‘core_core_arch_x86___m256i’ - 188 | static inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:189:6: error: unknown type name ‘core_core_arch_x86___m256i’ - 189 | xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:189:36: error: unknown type name ‘core_core_arch_x86___m256i’ - 189 | xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:310:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t’? [-Wimplicit-function-declaration] - 310 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:326:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 326 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:335:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 335 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:583:3: warning: implicit declaration of function ‘core_core_arch_x86___m256i’ [-Wimplicit-function-declaration] - 583 | core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:583:32: error: ‘uu____1’ undeclared (first use in this function) - 583 | core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - | ^~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:583:32: note: each undeclared identifier is reported only once for each function it appears in -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:586:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t’? [-Wimplicit-function-declaration] - 586 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t(uu____1, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:593:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 593 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:605:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 605 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:632:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 632 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1004:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t’? [-Wimplicit-function-declaration] - 1004 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s.st, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1033:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t’? [-Wimplicit-function-declaration] - 1033 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1049:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1049 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1087:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1087 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1098:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1098 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1138:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1138 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1386:32: error: ‘uu____1’ undeclared (first use in this function) - 1386 | core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - | ^~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1389:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t’? [-Wimplicit-function-declaration] - 1389 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t(uu____1, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1396:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1396 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1408:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1408 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1439:32: error: ‘uu____0’ undeclared (first use in this function) - 1439 | core_core_arch_x86___m256i (*uu____0)[5U] = s->st; - | ^~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1442:3: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t’ [-Wimplicit-function-declaration] - 1442 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t(uu____0, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1468:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1468 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1469:13: warning: implicit declaration of function ‘xor_constant’ [-Wimplicit-function-declaration] - 1469 | uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - | ^~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1478:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1478 | core_core_arch_x86___m256i old[5U][5U]; - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1479:43: error: ‘core_core_arch_x86___m256i’ undeclared (first use in this function) - 1479 | memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1486:33: error: expected ‘;’ before ‘uu____0’ - 1486 | core_core_arch_x86___m256i - | ^ - | ; - 1487 | uu____0 = - | ~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1491:22: error: ‘uu____0’ undeclared (first use in this function) - 1491 | s->st[i1][j] = uu____0; - | ^~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1501:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1501 | core_core_arch_x86___m256i old[5U][5U]; - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -In file included from /home/franziskus/libcrux/libcrux-sha3/c/internal/../core.h:15, - from /home/franziskus/libcrux/libcrux-sha3/c/internal/core.h:15, - from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3.h:15, - from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:15, - from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1505:5: error: ‘core_core_arch_x86___m256i’ undeclared (first use in this function) - 1505 | core_core_arch_x86___m256i [5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/../eurydice_glue.h:52:34: note: in definition of macro ‘core_array___core__clone__Clone_for__Array_T__N___20__clone’ - 52 | (memcpy(dst, src, len * sizeof(elem_type))) - | ^~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: In function ‘libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t’: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1538:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1538 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1539:13: warning: implicit declaration of function ‘xor5’ [-Wimplicit-function-declaration] - 1539 | uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); - | ^~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1540:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1540 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1542:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1542 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1544:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1544 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1546:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1546 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1556:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1556 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1558:5: warning: implicit declaration of function ‘rotate_left1_and_xor’ [-Wimplicit-function-declaration] - 1558 | rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - | ^~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1560:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1560 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1564:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1564 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1568:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1568 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1572:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1572 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1579:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1579 | core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1579:40: warning: implicit declaration of function ‘xor0’ [-Wimplicit-function-declaration] - 1579 | core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - | ^~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1581:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1581 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1583:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t’? [-Wimplicit-function-declaration] - 1583 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1586:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1586 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1588:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t’? [-Wimplicit-function-declaration] - 1588 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1591:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1591 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1593:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t’? [-Wimplicit-function-declaration] - 1593 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1596:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1596 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1598:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t’? [-Wimplicit-function-declaration] - 1598 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1601:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1601 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1603:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t’? [-Wimplicit-function-declaration] - 1603 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1606:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1606 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1608:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t’? [-Wimplicit-function-declaration] - 1608 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1611:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1611 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1613:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t’? [-Wimplicit-function-declaration] - 1613 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1616:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1616 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1618:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t’? [-Wimplicit-function-declaration] - 1618 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1621:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1621 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1623:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t’? [-Wimplicit-function-declaration] - 1623 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1626:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1626 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1628:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t’? [-Wimplicit-function-declaration] - 1628 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1631:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1631 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1633:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t’? [-Wimplicit-function-declaration] - 1633 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1636:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1636 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1638:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t’? [-Wimplicit-function-declaration] - 1638 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1641:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1641 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1643:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t’? [-Wimplicit-function-declaration] - 1643 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1646:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1646 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1648:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t’? [-Wimplicit-function-declaration] - 1648 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1651:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1651 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1653:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t’? [-Wimplicit-function-declaration] - 1653 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1656:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1656 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1658:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t’? [-Wimplicit-function-declaration] - 1658 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1661:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1661 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1663:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t’? [-Wimplicit-function-declaration] - 1663 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1666:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1666 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1668:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t’? [-Wimplicit-function-declaration] - 1668 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1671:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1671 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1673:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t’? [-Wimplicit-function-declaration] - 1673 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1676:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1676 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1678:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t’? [-Wimplicit-function-declaration] - 1678 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1681:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1681 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1683:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t’? [-Wimplicit-function-declaration] - 1683 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1686:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1686 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1688:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t’? [-Wimplicit-function-declaration] - 1688 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1691:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1691 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1693:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t’? [-Wimplicit-function-declaration] - 1693 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1696:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1696 | core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1698:5: warning: implicit declaration of function ‘libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t’; did you mean ‘libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t’? [-Wimplicit-function-declaration] - 1698 | libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - | libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c: At top level: -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1703:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1703 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1705:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1705 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1706:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1706 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1712:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1712 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1714:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1714 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1715:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1715 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1722:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1722 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1723:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1723 | libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1732:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1732 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1734:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1734 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1735:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1735 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1741:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1741 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1743:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1743 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1744:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1744 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1751:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1751 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1752:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 1752 | libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1761:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1761 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1763:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1763 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1764:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1764 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1770:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1770 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1772:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1772 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1773:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1773 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1780:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1780 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1781:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1781 | libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1790:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1790 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1792:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1792 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1793:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1793 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1799:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1799 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1801:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1801 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1802:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1802 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1809:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1809 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1810:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1810 | libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1819:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1819 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1821:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1821 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1822:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1822 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1828:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1828 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1830:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1830 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1831:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1831 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1838:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1838 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1839:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1839 | libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1848:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1848 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1850:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1850 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1851:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1851 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1857:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1857 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1859:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1859 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1860:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1860 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1867:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1867 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1868:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 1868 | libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1877:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1877 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1879:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1879 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1880:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1880 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1886:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1886 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1888:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1888 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1889:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1889 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1896:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1896 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1897:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1897 | libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1906:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1906 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1908:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1908 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1909:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1909 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1915:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1915 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1917:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1917 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1918:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1918 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1925:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1925 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1926:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1926 | libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1935:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1935 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1937:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1937 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1938:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1938 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1944:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1944 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1946:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1946 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1947:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1947 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1954:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1954 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1955:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 1955 | libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1964:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1964 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1966:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1966 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1967:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1967 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1973:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1973 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1975:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1975 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1976:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1976 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1983:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1983 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1984:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 1984 | libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1993:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 1993 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1995:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1995 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:1996:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 1996 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2002:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2002 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2004:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2004 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2005:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2005 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2012:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2012 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2013:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 2013 | libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2022:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2022 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2024:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2024 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2025:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2025 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2031:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2031 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2033:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2033 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2034:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2034 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2041:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2041 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2042:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2042 | libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2051:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2051 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2053:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2053 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2054:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2054 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2060:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2060 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2062:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2062 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2063:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2063 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2070:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2070 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2071:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2071 | libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2080:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2080 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2082:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2082 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2083:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2083 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2089:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2089 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2091:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2091 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2092:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2092 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2099:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2099 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2100:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 2100 | libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2109:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2109 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2111:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2111 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2112:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2112 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2118:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2118 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2120:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2120 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2121:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2121 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2128:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2128 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2129:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 2129 | libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2138:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2138 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2140:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2140 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2141:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2141 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2147:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2147 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2149:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2149 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2150:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2150 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2157:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2157 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2158:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 2158 | libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2167:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2167 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2169:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2169 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2170:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2170 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2176:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2176 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2178:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2178 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2179:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2179 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2186:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2186 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2187:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2187 | libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2196:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2196 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2198:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2198 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2199:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2199 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2205:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2205 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2207:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2207 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2208:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2208 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2215:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2215 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2216:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2216 | libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2225:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2225 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2227:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2227 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2228:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2228 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2234:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2234 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2236:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2236 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2237:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2237 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2244:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2244 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2245:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2245 | libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2254:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2254 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2256:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2256 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2257:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2257 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2263:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2263 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2265:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2265 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2266:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2266 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2273:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2273 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2275:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2275 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2276:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2276 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2282:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2282 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2284:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2284 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2285:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2285 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2292:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2292 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2293:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2293 | libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2302:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2302 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2304:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2304 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2305:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2305 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2311:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2311 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2313:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2313 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2314:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2314 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2321:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2321 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2322:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2322 | libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2331:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2331 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2333:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2333 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2334:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2334 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2340:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2340 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2342:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2342 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2343:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2343 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2350:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2350 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2351:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 2351 | libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2360:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2360 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2362:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2362 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2363:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2363 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2369:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2369 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2371:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2371 | core_core_arch_x86___m256i a, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2372:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2372 | core_core_arch_x86___m256i b - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2379:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2379 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2380:58: error: unknown type name ‘core_core_arch_x86___m256i’ - 2380 | libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2391:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2391 | core_core_arch_x86___m256i (*a)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2403:3: error: unknown type name ‘core_core_arch_x86___m256i’ - 2403 | core_core_arch_x86___m256i (*s)[5U], - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2711:8: error: unknown type name ‘core_core_arch_x86___m256i’ - 2711 | inline core_core_arch_x86___m256i - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:2712:57: error: unknown type name ‘core_core_arch_x86___m256i’ - 2712 | libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -In file included from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3.h:15, - from /home/franziskus/libcrux/libcrux-sha3/c/internal/libcrux_sha3_avx2.h:15, - from /home/franziskus/libcrux/libcrux-sha3/c/libcrux_sha3_avx2.c:8: -/home/franziskus/libcrux/libcrux-sha3/c/internal/core.h:35:24: warning: ‘core_num__u64_9__from_le_bytes’ declared ‘static’ but never defined [-Wunused-function] - 35 | static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -/home/franziskus/libcrux/libcrux-sha3/c/internal/core.h:37:20: warning: ‘core_num__u64_9__to_le_bytes’ declared ‘static’ but never defined [-Wunused-function] - 37 | static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ -ninja: build stopped: subcommand failed. From 3cc148605a752ad6a9ad744f2f647e288f974288 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 12:20:06 -0700 Subject: [PATCH 55/94] Dummies to make compilation work without hand edits --- libcrux-sha3/c/eurydice_glue.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libcrux-sha3/c/eurydice_glue.h b/libcrux-sha3/c/eurydice_glue.h index 4b8062a53..556d29d72 100644 --- a/libcrux-sha3/c/eurydice_glue.h +++ b/libcrux-sha3/c/eurydice_glue.h @@ -174,7 +174,10 @@ typedef const char *Prims_string; // MISC (UNTESTED) -#define core_fmt_Formatter void +typedef void *core_fmt_Formatter; +typedef void *core_fmt_Arguments; +typedef void *core_fmt_rt_Argument; +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, x4) NULL // VECTORS (ANCIENT, POSSIBLY UNTESTED) From 38dd75685109640271f2fae032bed52f7261da72 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 29 May 2024 21:50:00 +0200 Subject: [PATCH 56/94] missing intrinsics and functions --- libcrux-sha3/c/eurydice_glue.h | 8 ++++ .../c/intrinsics/libcrux_intrinsics_avx2.h | 48 ++++++++++++++++++- 2 files changed, 54 insertions(+), 2 deletions(-) diff --git a/libcrux-sha3/c/eurydice_glue.h b/libcrux-sha3/c/eurydice_glue.h index 556d29d72..fbd1c86eb 100644 --- a/libcrux-sha3/c/eurydice_glue.h +++ b/libcrux-sha3/c/eurydice_glue.h @@ -48,6 +48,14 @@ typedef struct { #define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) +static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { + store64_le(buf,v); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + return load64_le(buf); +} + + #define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t diff --git a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h index 28ce62ccd..3d7ce9712 100644 --- a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h @@ -49,6 +49,10 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi3 return _mm256_set1_epi32(a); } +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a){ + return _mm256_set1_epi64x(a); +} + static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ return _mm_set1_epi16(a); } @@ -163,7 +167,12 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ return _mm256_loadu_si256(a.ptr); } - + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ + return _mm256_loadu_si256(a.ptr); +} + static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ return _mm_loadu_si128(a.ptr); } @@ -182,6 +191,14 @@ libcrux_intrinsics_avx2_mm256_storeu_si256_i16( return _mm256_storeu_si256(a.ptr,b); } +static inline void +libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice a, + core_core_arch_x86___m256i b +){ + return _mm256_storeu_si256(a.ptr,b); +} + static inline void libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ return _mm_storeu_si128(a.ptr,b); @@ -308,6 +325,15 @@ libcrux_intrinsics_avx2_mm256_and_si256( return _mm256_and_si256(a,b); } +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_andnot_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_andnot_si256(a,b); +} + + static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_xor_si256( core_core_arch_x86___m256i a, @@ -341,6 +367,13 @@ libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t a, core_core_arch_x86___m256i b return _mm256_slli_epi32(b,a); } +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_slli_epi64(b,a); +} + +#define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) + static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t a, core_core_arch_x86___m256i b){ return _mm256_srai_epi32(b,a); @@ -360,10 +393,12 @@ libcrux_intrinsics_avx2_mm256_sllv_epi32( } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t a, core_core_arch_x86___m256i b){ +libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b){ return _mm256_srli_epi64(b,a); } +#define libcrux_intrinsics_avx2_mm256_srli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_srli_epi64_(a,b)) + // Shuffle and Vector Interleaving static inline core_core_arch_x86___m256i @@ -374,6 +409,14 @@ libcrux_intrinsics_avx2_mm256_unpacklo_epi32( return _mm256_unpacklo_epi32(a,b); } +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpacklo_epi64(a,b); +} + static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpackhi_epi32( core_core_arch_x86___m256i a, @@ -422,6 +465,7 @@ libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t a, core_core_arch_x86___ return _mm256_permute4x64_epi64(b,a); } +#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_inserti128_si256( From cd9ad91d6827d6f8050c14c614312674f01f1da7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 29 May 2024 22:02:59 +0200 Subject: [PATCH 57/94] patch for intrinsics ordering --- libcrux-sha3/c/libcrux_sha3_avx2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.c b/libcrux-sha3/c/libcrux_sha3_avx2.c index 355bdb33b..094c27efb 100644 --- a/libcrux-sha3/c/libcrux_sha3_avx2.c +++ b/libcrux-sha3/c/libcrux_sha3_avx2.c @@ -5,11 +5,11 @@ KaRaMeL version: e8e461ce */ +#include "intrinsics/libcrux_intrinsics_avx2.h" #include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_sha3.h" #include "internal/core.h" -#include "intrinsics/libcrux_intrinsics_avx2.h" static inline core_core_arch_x86___m256i _veor5q_u64( From 29e23ec8847802318846bb4561ddcca6113079ee Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 29 May 2024 22:04:33 +0200 Subject: [PATCH 58/94] fixup build --- libcrux-sha3/c/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libcrux-sha3/c/CMakeLists.txt b/libcrux-sha3/c/CMakeLists.txt index 0322020e6..08a04a8e3 100644 --- a/libcrux-sha3/c/CMakeLists.txt +++ b/libcrux-sha3/c/CMakeLists.txt @@ -25,6 +25,12 @@ file(GLOB SOURCES_vec256 libcrux_sha3_avx2.c ) +if(${CMAKE_SYSTEM_NAME} MATCHES Linux) + add_compile_options( + -fPIC + ) +endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) + add_library(sha3_vec256 OBJECT ${SOURCES_vec256}) add_library(sha3 SHARED ${SOURCES}) add_library(sha3_static STATIC ${SOURCES}) From 49b790438740377ae6b5bdf46c1f70841295ec1b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 29 May 2024 22:13:24 +0200 Subject: [PATCH 59/94] add sha3 test --- libcrux-sha3/c.yaml | 2 ++ libcrux-sha3/c/CMakeLists.txt | 37 +++++++++++++++++++--- libcrux-sha3/c/tests/sha3.cc | 58 +++++++++++++++++++++++++++++++++++ libcrux-sha3/src/lib.rs | 20 ++++++------ 4 files changed, 102 insertions(+), 15 deletions(-) create mode 100644 libcrux-sha3/c/tests/sha3.cc diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml index b1e2a2578..9344e92b0 100644 --- a/libcrux-sha3/c.yaml +++ b/libcrux-sha3/c.yaml @@ -7,6 +7,8 @@ files: # Different crate - name: libcrux_intrinsics_avx2 + library: true + inline_static: true api: - [libcrux_intrinsics, avx2] diff --git a/libcrux-sha3/c/CMakeLists.txt b/libcrux-sha3/c/CMakeLists.txt index 08a04a8e3..f9818586f 100644 --- a/libcrux-sha3/c/CMakeLists.txt +++ b/libcrux-sha3/c/CMakeLists.txt @@ -5,7 +5,7 @@ cmake_minimum_required(VERSION 3.10) project(libcrux-sha3 VERSION 0.1.0 - LANGUAGES C + LANGUAGES C CXX ) set(CMAKE_C_FLAGS " -Wall ") @@ -15,14 +15,14 @@ include_directories( ${PROJECT_SOURCE_DIR}/karamel/include ) file(GLOB SOURCES - core.c - libcrux_sha3.c + ${PROJECT_SOURCE_DIR}/core.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3.c ) # file(GLOB VEC128_SOURCES # libcrux_sha3_neon.c # ) file(GLOB SOURCES_vec256 - libcrux_sha3_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c ) if(${CMAKE_SYSTEM_NAME} MATCHES Linux) @@ -44,3 +44,32 @@ target_compile_options(sha3_vec256 PRIVATE target_sources(sha3_static PRIVATE $) target_sources(sha3 PRIVATE $) # endif() + +# --- Tests + +# Get gtests +include(FetchContent) +FetchContent_Declare(googletest +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip +) + +# For Windows: Prevent overriding the parent project's compiler/linker settings +set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) +FetchContent_MakeAvailable(googletest) + +# Get nlohmann json +FetchContent_Declare(json +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip +) +FetchContent_MakeAvailable(json) + +add_executable(sha3_test + ${PROJECT_SOURCE_DIR}/tests/sha3.cc +) +target_link_libraries(sha3_test PRIVATE + sha3_static + gtest_main + nlohmann_json::nlohmann_json +) diff --git a/libcrux-sha3/c/tests/sha3.cc b/libcrux-sha3/c/tests/sha3.cc new file mode 100644 index 000000000..2671564df --- /dev/null +++ b/libcrux-sha3/c/tests/sha3.cc @@ -0,0 +1,58 @@ + +#include +#include + +#include "libcrux_sha3.h" + +using namespace std; + +typedef vector bytes; + +vector +from_hex(const string& hex) +{ + if (hex.length() % 2 == 1) { + throw invalid_argument("Odd-length hex string"); + } + + int len = static_cast(hex.length()) / 2; + vector out(len); + for (int i = 0; i < len; i += 1) { + string byte = hex.substr(2 * i, 2); + out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); + } + + return out; +} + +string +bytes_to_hex(const vector& data) +{ + stringstream hex(ios_base::out); + hex.flags(ios::hex); + for (const auto& byte : data) { + hex << setw(2) << setfill('0') << int(byte); + } + return hex.str(); +} + +TEST(Sha3Test, ConsistencyTest) +{ + const char* message = "Hello, World!"; + uint32_t message_size = strlen(message); + + uint8_t digest[32]; + Eurydice_slice input; + input.ptr = (void*) message; + input.len = message_size; + + libcrux_sha3_sha256(input,digest); + + bytes expected_digest = from_hex( + "1af17a664e3fa8e419b8ba05c2a173169df76162a5a286e0c405b460d478f7ef"); + + EXPECT_EQ(strncmp((char*)digest, + (char*)expected_digest.data(), + 32), + 0); +} diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 0cd524e8d..3ec57b3c3 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -39,7 +39,7 @@ impl From for Algorithm { 2 => Algorithm::Sha256, 3 => Algorithm::Sha384, 4 => Algorithm::Sha512, - _ => panic!("Unknown Digest mode {}", v), + _ => panic!(), } } } @@ -376,9 +376,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(non_snake_case)] #[inline(always)] - fn _shake256xN( - input: &[[u8; 33]; N], - ) -> [[u8; LEN]; N] { + fn _shake256xN(input: &[[u8; 33]; N]) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); let mut out = [[0u8; LEN]; N]; @@ -468,9 +466,7 @@ pub mod neon { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn _shake128_absorb_finalxN( - input: [[u8; 34]; N], - ) -> [KeccakState2; 2] { + fn _shake128_absorb_finalxN(input: [[u8; 34]; N]) -> [KeccakState2; 2] { debug_assert!(N == 2 || N == 3 || N == 4); let mut state = [shake128_init(), shake128_init()]; @@ -573,7 +569,11 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] - pub fn shake128_squeeze_next_block(s: &mut KeccakState2, out0: &mut [u8], out1: &mut [u8]) { + pub fn shake128_squeeze_next_block( + s: &mut KeccakState2, + out0: &mut [u8], + out1: &mut [u8], + ) { #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with @@ -695,9 +695,7 @@ pub mod avx2 { /// **PANICS** when `N` is not 2, 3, or 4. #[allow(unused_variables, non_snake_case)] #[inline(always)] - fn _shake256xN( - input: &[[u8; 33]; N], - ) -> [[u8; LEN]; N] { + fn _shake256xN(input: &[[u8; 33]; N]) -> [[u8; LEN]; N] { debug_assert!(N == 2 || N == 3 || N == 4); let mut out = [[0u8; LEN]; N]; From 9df56fd59f0509db849e661ed2a3c1f15eee29b1 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 29 May 2024 22:24:39 +0200 Subject: [PATCH 60/94] fix intrinsics --- .../c/intrinsics/libcrux_intrinsics_avx2.h | 41 ++++++------------- 1 file changed, 13 insertions(+), 28 deletions(-) diff --git a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h index 3d7ce9712..235dc9318 100644 --- a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h @@ -450,40 +450,25 @@ libcrux_intrinsics_avx2_mm_packs_epi16( } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi32(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_shuffle_epi32(b,a); -} +#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b) \ + (_mm256_shuffle_epi32(b,a)) -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_extracti128_si256(b,a); -} +#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b)\ + (_mm256_extracti128_si256(b,a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_permute4x64_epi64(b,a); -} +#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b) \ + (_mm256_permute4x64_epi64(b,a)) #define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_inserti128_si256( - int32_t a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m128i c -){ - return _mm256_inserti128_si256(b,c,a); -} +#define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ + a,\ + b,\ + c \ +) (_mm256_inserti128_si256(b,c,a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_blend_epi16( - int32_t a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -){ - return _mm256_blend_epi16(b,c,a); -} +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b, c) \ + (_mm256_blend_epi16(b,c,a)) static inline core_core_arch_x86___m256i From 165e74efbdade79c6a8f14d045386c816f7ee748 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 14:12:36 -0700 Subject: [PATCH 61/94] refresh --- libcrux-sha3/c.yaml | 2 + libcrux-sha3/c/core.c | 31 +++++++---- libcrux-sha3/c/core.h | 6 +- libcrux-sha3/c/eurydice_glue.h | 18 +++--- libcrux-sha3/c/internal/core.h | 34 ++++++++++-- libcrux-sha3/c/internal/libcrux_sha3.h | 6 +- libcrux-sha3/c/internal/libcrux_sha3_avx2.h | 6 +- libcrux-sha3/c/libcrux_sha3.c | 61 ++++++--------------- libcrux-sha3/c/libcrux_sha3.h | 6 +- libcrux-sha3/c/libcrux_sha3_avx2.c | 7 ++- libcrux-sha3/c/libcrux_sha3_avx2.h | 8 +-- libcrux-sha3/c/libcrux_sha3_neon.c | 9 +-- libcrux-sha3/c/libcrux_sha3_neon.h | 6 +- 13 files changed, 102 insertions(+), 98 deletions(-) diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml index 9344e92b0..b58f3d03c 100644 --- a/libcrux-sha3/c.yaml +++ b/libcrux-sha3/c.yaml @@ -47,5 +47,7 @@ files: - name: core private: - [core, "*"] + monomorphizations_of: + - [core, result, "*"] api: - [Eurydice, "*"] diff --git a/libcrux-sha3/c/core.c b/libcrux-sha3/c/core.c index 7cf08bf02..7275df06c 100644 --- a/libcrux-sha3/c/core.c +++ b/libcrux-sha3/c/core.c @@ -1,21 +1,28 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #include "internal/core.h" -typedef struct Error_s { } Error; - -typedef struct Result_____core_fmt_Error_s +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) { - core_result_Result_____core_fmt_Error_tags tag; - void *f0; + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } } -Result_____core_fmt_Error; - -extern Result_____core_fmt_Error -core_fmt_num_imp___core__fmt__Display_for_u32__5__fmt(uint32_t *x0, core_fmt_Formatter *x1); diff --git a/libcrux-sha3/c/core.h b/libcrux-sha3/c/core.h index 2d3371af3..35544bbd3 100644 --- a/libcrux-sha3/c/core.h +++ b/libcrux-sha3/c/core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __core_H diff --git a/libcrux-sha3/c/eurydice_glue.h b/libcrux-sha3/c/eurydice_glue.h index fbd1c86eb..0235fbeea 100644 --- a/libcrux-sha3/c/eurydice_glue.h +++ b/libcrux-sha3/c/eurydice_glue.h @@ -48,14 +48,6 @@ typedef struct { #define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) -static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { - store64_le(buf,v); -} -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - return load64_le(buf); -} - - #define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t @@ -96,9 +88,15 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { + store64_le(buf,v); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + return load64_le(buf); +} + static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) -{ +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { return x; } diff --git a/libcrux-sha3/c/internal/core.h b/libcrux-sha3/c/internal/core.h index 032a2e4cd..168229151 100644 --- a/libcrux-sha3/c/internal/core.h +++ b/libcrux-sha3/c/internal/core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __internal_core_H @@ -27,14 +27,36 @@ typedef struct core_option_Option__size_t_s } core_option_Option__size_t; +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); + +extern core_fmt_Arguments +core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); + #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result_____core_fmt_Error_tags; +typedef uint8_t core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_tags; -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); +typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +); #if defined(__cplusplus) } diff --git a/libcrux-sha3/c/internal/libcrux_sha3.h b/libcrux-sha3/c/internal/libcrux_sha3.h index 0f94db616..5ca4022b5 100644 --- a/libcrux-sha3/c/internal/libcrux_sha3.h +++ b/libcrux-sha3/c/internal/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __internal_libcrux_sha3_H diff --git a/libcrux-sha3/c/internal/libcrux_sha3_avx2.h b/libcrux-sha3/c/internal/libcrux_sha3_avx2.h index 2dc7d63d2..8bf44a565 100644 --- a/libcrux-sha3/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-sha3/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-sha3/c/libcrux_sha3.c b/libcrux-sha3/c/libcrux_sha3.c index 5bd9b1059..c82f8da13 100644 --- a/libcrux-sha3/c/libcrux_sha3.c +++ b/libcrux-sha3/c/libcrux_sha3.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #include "internal/libcrux_sha3.h" @@ -405,36 +405,6 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__Tra return lit; } -typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result_____core_fmt_Error_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_8size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - inline void libcrux_sha3_portable_keccak_load_block___72size_t( uint64_t (*s)[5U], @@ -445,7 +415,7 @@ libcrux_sha3_portable_keccak_load_block___72size_t( { size_t i0 = i; uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(blocks[0U], ( @@ -460,7 +430,8 @@ libcrux_sha3_portable_keccak_load_block___72size_t( Eurydice_slice, uint8_t [8U], void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1605,7 +1576,7 @@ libcrux_sha3_portable_keccak_load_block___144size_t( { size_t i0 = i; uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(blocks[0U], ( @@ -1620,7 +1591,8 @@ libcrux_sha3_portable_keccak_load_block___144size_t( Eurydice_slice, uint8_t [8U], void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1975,7 +1947,7 @@ libcrux_sha3_portable_keccak_load_block___136size_t( { size_t i0 = i; uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(blocks[0U], ( @@ -1990,7 +1962,8 @@ libcrux_sha3_portable_keccak_load_block___136size_t( Eurydice_slice, uint8_t [8U], void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2345,7 +2318,7 @@ libcrux_sha3_portable_keccak_load_block___104size_t( { size_t i0 = i; uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(blocks[0U], ( @@ -2360,7 +2333,8 @@ libcrux_sha3_portable_keccak_load_block___104size_t( Eurydice_slice, uint8_t [8U], void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2715,7 +2689,7 @@ libcrux_sha3_portable_keccak_load_block___168size_t( { size_t i0 = i; uint8_t ret[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, Eurydice_slice_subslice(blocks[0U], ( @@ -2730,7 +2704,8 @@ libcrux_sha3_portable_keccak_load_block___168size_t( Eurydice_slice, uint8_t [8U], void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; diff --git a/libcrux-sha3/c/libcrux_sha3.h b/libcrux-sha3/c/libcrux_sha3.h index 9e54fc9b8..66384185c 100644 --- a/libcrux-sha3/c/libcrux_sha3.h +++ b/libcrux-sha3/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.c b/libcrux-sha3/c/libcrux_sha3_avx2.c index 094c27efb..c8c762d2a 100644 --- a/libcrux-sha3/c/libcrux_sha3_avx2.c +++ b/libcrux-sha3/c/libcrux_sha3_avx2.c @@ -1,11 +1,12 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #include "intrinsics/libcrux_intrinsics_avx2.h" + #include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_sha3.h" diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.h b/libcrux-sha3/c/libcrux_sha3_avx2.h index 1ce43edf8..c4d2c773c 100644 --- a/libcrux-sha3/c/libcrux_sha3_avx2.h +++ b/libcrux-sha3/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __libcrux_sha3_avx2_H @@ -13,10 +13,8 @@ extern "C" { #endif #include "libcrux_sha3.h" -#include "libcrux_intrinsics_avx2.h" #include "core.h" #include "eurydice_glue.h" -#include "intrinsics/libcrux_intrinsics_avx2.h" typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { core_core_arch_x86___m256i st[5U][5U]; } diff --git a/libcrux-sha3/c/libcrux_sha3_neon.c b/libcrux-sha3/c/libcrux_sha3_neon.c index b5c51993b..010c580b9 100644 --- a/libcrux-sha3/c/libcrux_sha3_neon.c +++ b/libcrux-sha3/c/libcrux_sha3_neon.c @@ -1,14 +1,15 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ +#include "intrinsics/libcrux_intrinsics_arm64.h" + #include "libcrux_sha3_neon.h" #include "internal/core.h" -#include "intrinsics/libcrux_intrinsics_arm64.h" inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { diff --git a/libcrux-sha3/c/libcrux_sha3_neon.h b/libcrux-sha3/c/libcrux_sha3_neon.h index 5a35f712a..ec2948001 100644 --- a/libcrux-sha3/c/libcrux_sha3_neon.h +++ b/libcrux-sha3/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 */ #ifndef __libcrux_sha3_neon_H From 798f69c039f97ae4159fbfe5cd9dfc0982bef600 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 14:19:36 -0700 Subject: [PATCH 62/94] refresh source --- libcrux-ml-kem/c.sh | 2 -- libcrux-sha3/c/libcrux_intrinsics_avx2.h | 20 -------------------- 2 files changed, 22 deletions(-) delete mode 100644 libcrux-sha3/c/libcrux_intrinsics_avx2.h diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index e42e39549..0f0bcf2b1 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -3,8 +3,6 @@ set -e set -o pipefail -rm -rf c - if [[ -z "$CHARON_HOME" ]]; then echo "Please set CHARON_HOME to the Charon directory" 1>&2 exit 1 diff --git a/libcrux-sha3/c/libcrux_intrinsics_avx2.h b/libcrux-sha3/c/libcrux_intrinsics_avx2.h deleted file mode 100644 index 4a391a56a..000000000 --- a/libcrux-sha3/c/libcrux_intrinsics_avx2.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: - KaRaMeL version: e8e461ce - */ - -#ifndef __libcrux_intrinsics_avx2_H -#define __libcrux_intrinsics_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_avx2_H_DEFINED -#endif From 2c373e6d6747728bee2a7a67a90093c640f71e92 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 14:26:29 -0700 Subject: [PATCH 63/94] And fix up the config for neon, too --- libcrux-sha3/c.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/libcrux-sha3/c.yaml b/libcrux-sha3/c.yaml index b58f3d03c..86cc22958 100644 --- a/libcrux-sha3/c.yaml +++ b/libcrux-sha3/c.yaml @@ -1,6 +1,7 @@ files: # Different crate - name: libcrux_intrinsics_neon + library: true inline_static: true api: - [libcrux_intrinsics, arm64] From ba2cbcb2fcf939ee5fc46b18a089e9698999f0c2 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 17:30:40 -0700 Subject: [PATCH 64/94] Single run of Eurydice -- much easier --- libcrux-ml-kem/c.sh | 7 +++-- libcrux-ml-kem/c.yaml | 73 +++++++++++++++++++++++++------------------ libcrux-sha3/c.sh | 59 +--------------------------------- 3 files changed, 48 insertions(+), 91 deletions(-) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index e42e39549..89e8e53ee 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -35,7 +35,10 @@ if [[ "$portable_only" = 1 ]]; then fi if [[ "$no_charon" = 0 ]]; then - echo "Running charon ..." + rm -rf ../libcrux_ml_kem.llbc ../libcrux_sha3.llbc + echo "Running charon (sha3) ..." + (cd ../libcrux-sha3 && RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings) + echo "Running charon (ml-kem) ..." RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings else echo "Skipping charon" @@ -45,7 +48,7 @@ mkdir -p c cd c echo "Running eurydice ..." -$EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc +$EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 68b4b4e38..d74c80239 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,24 +1,50 @@ files: - # Different crate - - name: libcrux_sha3 - api: - - [libcrux_sha3, "*"] - - # Different crate + # Intrinsics, in their own separate files. - name: libcrux_intrinsics_neon api: - [libcrux_intrinsics, arm64] - # Different crate - name: libcrux_intrinsics_avx2 api: - [libcrux_intrinsics, avx2] - # - name: libcrux_mlkem_sha3_neon - # specialized_over_trait_impl: - # - [libcrux_ml_kem, hash_functions, neon, "*"] - # api: - # - [libcrux_ml_kem, hash_functions, neon, "*"] + - name: libcrux_platform + api: + - [libcrux_platform, "*"] + + # Keep the per-target seperation idea: each SHA3 variant in its own file + - name: libcrux_sha3_neon + api: + - [libcrux_sha3, neon, "*"] + private: + - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_of: + - [libcrux_sha3, neon, "*"] + - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_using: + - [libcrux_sha3, neon, "*"] + - [libcrux_sha3, simd, arm64, "*"] + include_in_c: + - '"intrinsics/libcrux_intrinsics_arm64.h"' + + - name: libcrux_sha3_avx2 + api: + - [libcrux_sha3, avx2, "*"] + private: + - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_of: + - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_using: + - [libcrux_sha3, simd, avx2, "*"] + include_in_c: + - '"intrinsics/libcrux_intrinsics_avx2.h"' + + # Common parts of SHA3 (this catches stuff that hasn't matched above) + - name: libcrux_sha3 + api: + - [libcrux_sha3, "*"] + include_in_c: + - '"libcrux_core.h"' - name: libcrux_mlkem_neon api: @@ -103,27 +129,11 @@ files: api: - [libcrux_platform, "*"] - # Extras needed for the C code from eurydice + # I think this is not doing anything - name: libcrux_mlkem_eurydice api: - [libcrux_ml_kem, eurydice_types, "*"] - # - name: libcrux_mlkem_avx2 - # api: - # - [libcrux_ml_kem, vector, avx2, "*"] - # specialized_over_trait_impl: - # - [libcrux_ml_kem, vector, avx2, "*"] - # include_in_c: - # - '"libcrux_hacl_glue.h"' - -# - name: libcrux_mlkem_sha3 -# api: -# - [libcrux_ml_kem, hash_functions, "*"] -# specialized_over_trait_impl: -# - [libcrux_ml_kem, hash_functions, "*"] -# include_in_c: -# - '"libcrux_hacl_glue.h"' - - name: libcrux_mlkem512 api: - [libcrux_ml_kem, mlkem512] @@ -142,10 +152,11 @@ files: include_in_c: - '"libcrux_hacl_glue.h"' + # Just a few constants not caught by anything above. Most likely can go into + # core or polynomial (TODO: try it). - name: libcrux_mlkem_common private: - - [libcrux_mlkem, "*"] + - [libcrux_ml_kem, "*"] include_in_h: - '"libcrux_hacl_glue.h"' inline_static: true - diff --git a/libcrux-sha3/c.sh b/libcrux-sha3/c.sh index 04cba03a4..62800f860 100755 --- a/libcrux-sha3/c.sh +++ b/libcrux-sha3/c.sh @@ -1,60 +1,3 @@ #!/usr/bin/env bash -set -e -set -o pipefail - -rm -rf c - -if [[ -z "$CHARON_HOME" ]]; then - echo "Please set CHARON_HOME to the Charon directory" 1>&2 - exit 1 -fi -if [[ -z "$EURYDICE_HOME" ]]; then - echo "Please set EURYDICE_HOME to the Eurydice directory" 1>&2 - exit 1 -fi - -portable_only=0 -no_hacl=0 -no_charon=0 - -# Parse command line arguments. -all_args=("$@") -while [ $# -gt 0 ]; do - case "$1" in - -p | --portable) portable_only=1 ;; - --no-hacl) no_hacl=1 ;; - --no-charon) no_charon=1 ;; - esac - shift -done - -if [[ "$portable_only" = 1 ]]; then - export LIBCRUX_DISABLE_SIMD256=1 - export LIBCRUX_DISABLE_SIMD128=1 -fi - -if [[ "$no_charon" = 0 ]]; then - echo "Running charon ..." - RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings -else - echo "Skipping charon" -fi - -mkdir -p c -cd c - -echo "Running eurydice ..." -$EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_sha3.llbc -cp $EURYDICE_HOME/include/eurydice_glue.h . - -if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then - # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h - cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ - cp *.h $HACL_PACKAGES_HOME/libcrux/include - cp *.c $HACL_PACKAGES_HOME/libcrux/src -elif [[ "$no_hacl" = 0 ]]; then - echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 -else - echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 -fi +echo "Everything is extracted in one go now, please run c.sh in libcrux-ml-kem" From 98edcf1a45effb1bd8494acdb1e1bb9ef1eb8662 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 17:39:40 -0700 Subject: [PATCH 65/94] WIP simplifying build --- libcrux-ml-kem/c.sh | 5 +++++ libcrux-ml-kem/c.yaml | 12 ------------ {libcrux-sha3 => libcrux-ml-kem}/c/CMakeLists.txt | 0 .../c/intrinsics/libcrux_intrinsics_arm64.h | 0 .../c/intrinsics/libcrux_intrinsics_avx2.h | 0 .../c/karamel/include/krml/c_endianness.h | 0 .../c/karamel/include/krml/fstar_int.h | 0 .../c/karamel/include/krml/internal/builtin.h | 0 .../c/karamel/include/krml/internal/callconv.h | 0 .../c/karamel/include/krml/internal/compat.h | 0 .../c/karamel/include/krml/internal/debug.h | 0 .../c/karamel/include/krml/internal/target.h | 0 .../c/karamel/include/krml/internal/types.h | 0 .../c/karamel/include/krml/internal/wasmsupport.h | 0 .../c/karamel/include/krml/lowstar_endianness.h | 0 .../c/karamel/include/krmllib.h | 0 .../c/karamel/krmllib/dist/minimal/FStar_UInt128.h | 0 .../krmllib/dist/minimal/FStar_UInt128_Verified.h | 0 .../krmllib/dist/minimal/FStar_UInt_8_16_32_64.h | 0 .../krmllib/dist/minimal/LowStar_Endianness.h | 0 .../c/karamel/krmllib/dist/minimal/Makefile.basic | 0 .../c/karamel/krmllib/dist/minimal/Makefile.include | 0 .../krmllib/dist/minimal/fstar_uint128_gcc64.h | 0 .../krmllib/dist/minimal/fstar_uint128_msvc.h | 0 .../dist/minimal/fstar_uint128_struct_endianness.h | 0 .../c/karamel/krmllib/dist/minimal/libkrmllib.def | 0 {libcrux-sha3 => libcrux-ml-kem}/c/tests/sha3.cc | 0 27 files changed, 5 insertions(+), 12 deletions(-) rename {libcrux-sha3 => libcrux-ml-kem}/c/CMakeLists.txt (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/intrinsics/libcrux_intrinsics_arm64.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/intrinsics/libcrux_intrinsics_avx2.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/c_endianness.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/fstar_int.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/builtin.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/callconv.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/compat.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/debug.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/target.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/types.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/internal/wasmsupport.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krml/lowstar_endianness.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/include/krmllib.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/FStar_UInt128.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/Makefile.basic (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/Makefile.include (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/karamel/krmllib/dist/minimal/libkrmllib.def (100%) rename {libcrux-sha3 => libcrux-ml-kem}/c/tests/sha3.cc (100%) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 1702e99fc..4aad02b87 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -36,6 +36,11 @@ if [[ "$no_charon" = 0 ]]; then rm -rf ../libcrux_ml_kem.llbc ../libcrux_sha3.llbc echo "Running charon (sha3) ..." (cd ../libcrux-sha3 && RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings) + if ! [[ -f ../libcrux_sha3.llbc ]]; then + echo "😱😱😱 You are the victim of this bug: https://hacspec.zulipchat.com/#narrow/stream/433829-Circus/topic/charon.20declines.20to.20generate.20an.20llbc.20file" + echo "Suggestion: rm -rf ../target" + exit 1 + fi echo "Running charon (ml-kem) ..." RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings else diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index d74c80239..9227b7929 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -59,8 +59,6 @@ files: - [libcrux_ml_kem, vector, neon, "*"] - [libcrux_ml_kem, hash_functions, neon, "*"] - [libcrux_sha3, neon, "*"] - include_in_c: - - '"libcrux_hacl_glue.h"' - name: libcrux_mlkem_avx2 api: @@ -75,8 +73,6 @@ files: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - [libcrux_sha3, avx2, "*"] - include_in_c: - - '"libcrux_hacl_glue.h"' - name: libcrux_core monomorphizations_of: @@ -137,26 +133,18 @@ files: - name: libcrux_mlkem512 api: - [libcrux_ml_kem, mlkem512] - include_in_c: - - '"libcrux_hacl_glue.h"' - name: libcrux_mlkem768 api: - [libcrux_ml_kem, mlkem768] - include_in_c: - - '"libcrux_hacl_glue.h"' - name: libcrux_mlkem1024 api: - [libcrux_ml_kem, mlkem1024] - include_in_c: - - '"libcrux_hacl_glue.h"' # Just a few constants not caught by anything above. Most likely can go into # core or polynomial (TODO: try it). - name: libcrux_mlkem_common private: - [libcrux_ml_kem, "*"] - include_in_h: - - '"libcrux_hacl_glue.h"' inline_static: true diff --git a/libcrux-sha3/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt similarity index 100% rename from libcrux-sha3/c/CMakeLists.txt rename to libcrux-ml-kem/c/CMakeLists.txt diff --git a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h similarity index 100% rename from libcrux-sha3/c/intrinsics/libcrux_intrinsics_arm64.h rename to libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h diff --git a/libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h similarity index 100% rename from libcrux-sha3/c/intrinsics/libcrux_intrinsics_avx2.h rename to libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h diff --git a/libcrux-sha3/c/karamel/include/krml/c_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/c_endianness.h rename to libcrux-ml-kem/c/karamel/include/krml/c_endianness.h diff --git a/libcrux-sha3/c/karamel/include/krml/fstar_int.h b/libcrux-ml-kem/c/karamel/include/krml/fstar_int.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/fstar_int.h rename to libcrux-ml-kem/c/karamel/include/krml/fstar_int.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/builtin.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/callconv.h b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/callconv.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/compat.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/compat.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/debug.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/debug.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/target.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/target.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/types.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/types.h diff --git a/libcrux-sha3/c/karamel/include/krml/internal/wasmsupport.h b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/internal/wasmsupport.h rename to libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h diff --git a/libcrux-sha3/c/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krml/lowstar_endianness.h rename to libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h diff --git a/libcrux-sha3/c/karamel/include/krmllib.h b/libcrux-ml-kem/c/karamel/include/krmllib.h similarity index 100% rename from libcrux-sha3/c/karamel/include/krmllib.h rename to libcrux-ml-kem/c/karamel/include/krmllib.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.basic b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/Makefile.basic similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.basic rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/Makefile.basic diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.include b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/Makefile.include similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/Makefile.include rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/Makefile.include diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h diff --git a/libcrux-sha3/c/karamel/krmllib/dist/minimal/libkrmllib.def b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/libkrmllib.def similarity index 100% rename from libcrux-sha3/c/karamel/krmllib/dist/minimal/libkrmllib.def rename to libcrux-ml-kem/c/karamel/krmllib/dist/minimal/libkrmllib.def diff --git a/libcrux-sha3/c/tests/sha3.cc b/libcrux-ml-kem/c/tests/sha3.cc similarity index 100% rename from libcrux-sha3/c/tests/sha3.cc rename to libcrux-ml-kem/c/tests/sha3.cc From b015f6fd738ab15211d1ab6aef93f1a06dfe51f7 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 17:43:47 -0700 Subject: [PATCH 66/94] Snapshot of the C code now lives in libcrux-ml-kem/c --- libcrux-ml-kem/.gitignore | 1 - libcrux-ml-kem/c/.gitignore | 1 + libcrux-ml-kem/c/eurydice_glue.h | 240 + libcrux-ml-kem/c/internal/libcrux_core.h | 266 + libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 171 + .../c/internal/libcrux_mlkem_neon.h | 97 + .../c/internal/libcrux_polynomial.h | 329 + libcrux-ml-kem/c/libcrux_core.c | 394 + libcrux-ml-kem/c/libcrux_core.h | 135 + libcrux-ml-kem/c/libcrux_intrinsics_neon.h | 347 + libcrux-ml-kem/c/libcrux_mlkem1024.c | 2183 ++++ libcrux-ml-kem/c/libcrux_mlkem1024.h | 132 + libcrux-ml-kem/c/libcrux_mlkem512.c | 2058 ++++ libcrux-ml-kem/c/libcrux_mlkem512.h | 138 + libcrux-ml-kem/c/libcrux_mlkem768.c | 3022 +++++ libcrux-ml-kem/c/libcrux_mlkem768.h | 132 + libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 33 + libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9734 +++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_neon.h | 702 ++ libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 26 + libcrux-ml-kem/c/libcrux_platform.h | 26 + libcrux-ml-kem/c/libcrux_polynomial.c | 2087 ++++ libcrux-ml-kem/c/libcrux_polynomial.h | 31 + libcrux-ml-kem/c/libcrux_sha3.c | 3270 ++++++ libcrux-ml-kem/c/libcrux_sha3.h | 944 ++ libcrux-ml-kem/c/libcrux_sha3_avx2.c | 125 + libcrux-ml-kem/c/libcrux_sha3_avx2.h | 66 + libcrux-ml-kem/c/libcrux_sha3_neon.c | 3727 +++++++ libcrux-ml-kem/c/libcrux_sha3_neon.h | 335 + 29 files changed, 30751 insertions(+), 1 deletion(-) create mode 100644 libcrux-ml-kem/c/.gitignore create mode 100644 libcrux-ml-kem/c/eurydice_glue.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_core.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_polynomial.h create mode 100644 libcrux-ml-kem/c/libcrux_core.c create mode 100644 libcrux-ml-kem/c/libcrux_core.h create mode 100644 libcrux-ml-kem/c/libcrux_intrinsics_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_sha3.h create mode 100644 libcrux-ml-kem/c/libcrux_platform.h create mode 100644 libcrux-ml-kem/c/libcrux_polynomial.c create mode 100644 libcrux-ml-kem/c/libcrux_polynomial.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3.c create mode 100644 libcrux-ml-kem/c/libcrux_sha3.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_sha3_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_sha3_neon.h diff --git a/libcrux-ml-kem/.gitignore b/libcrux-ml-kem/.gitignore index fed5ebf9b..af27795c5 100644 --- a/libcrux-ml-kem/.gitignore +++ b/libcrux-ml-kem/.gitignore @@ -1,4 +1,3 @@ Cargo.lock proofs/fstar/extraction/.cache/ proofs/fstar/extraction/.depend -c diff --git a/libcrux-ml-kem/c/.gitignore b/libcrux-ml-kem/c/.gitignore new file mode 100644 index 000000000..378eac25d --- /dev/null +++ b/libcrux-ml-kem/c/.gitignore @@ -0,0 +1 @@ +build diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h new file mode 100644 index 000000000..0235fbeea --- /dev/null +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -0,0 +1,240 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. +// the number of elements in the slice (this is NOT the number of bytes). This design choice has two +// important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end +// index in x (excluded). The argument x must be suitably cast to something that can decay (see +// remark above about how pointer arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +#define EURYDICE_SLICE_LEN(s, _) s.len +#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) +#define Eurydice_slice_index_outparam(s, i, dst, t, _ret_t) (memcpy(dst, ((t*) s.ptr)[i], sizeof(t))) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) + +#define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ + (memcpy(dst, src, len * sizeof(elem_type))) +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + + +// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. +typedef struct +{ + uint8_t tag; + uint8_t case_Ok[]; +} +result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { + store64_le(buf,v); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + return load64_le(buf); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { + return x; +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ + ((iter_ptr)->start == (iter_ptr)->end) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ + ) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static +// inline function cannot receive a type as an argument. Instead, we receive the element size and +// use it to peform manual offset computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; + Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); + chunks->slice = ((Eurydice_slice) { + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size + }); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ + .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ + .chunk_size = sz_ }) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t)) })) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ + (((iter)->index == (iter)->s.len) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) + +// STRINGS + +typedef const char *Prims_string; + +// MISC (UNTESTED) + +typedef void *core_fmt_Formatter; +typedef void *core_fmt_Arguments; +typedef void *core_fmt_rt_Argument; +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, x4) NULL + +// VECTORS (ANCIENT, POSSIBLY UNTESTED) + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size/sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX/2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t*)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) + +#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h new file mode 100644 index 000000000..4cb9bc8d3 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -0,0 +1,266 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_core_H +#define __internal_libcrux_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_core.h" +#include "eurydice_glue.h" + +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); + +extern core_fmt_Arguments +core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); + +typedef struct core_option_Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +core_option_Option__size_t; + +#define CORE_NUM__U32_8__BITS (32U) + +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +); + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[800U]; +} +K___uint8_t_768size_t__uint8_t_800size_t_; + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +); + +typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +); + +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s +{ + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} +K___uint8_t_1536size_t__uint8_t_1568size_t_; + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +); + +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s +{ + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} +K___uint8_t_1152size_t__uint8_t_1184size_t_; + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +); + +typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + +typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s +{ + core_option_Option__size_t_tags tag; + Eurydice_slice f0; +} +core_option_Option__Eurydice_slice_uint8_t; + +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; + +typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + int16_t case_Ok[16U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +); + +typedef struct K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s +{ + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} +K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; + +typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +); + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h new file mode 100644 index 000000000..fddebd288 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -0,0 +1,171 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_mlkem768_H +#define __internal_libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem768.h" +#include "eurydice_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h new file mode 100644 index 000000000..557f90c7a --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -0,0 +1,97 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_mlkem_neon_H +#define __internal_libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem_neon.h" +#include "eurydice_glue.h" + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h new file mode 100644 index 000000000..1345275e7 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -0,0 +1,329 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_polynomial_H +#define __internal_libcrux_polynomial_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_core.h" +#include "../libcrux_polynomial.h" +#include "eurydice_glue.h" + +extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +); + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +); + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_polynomial_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c new file mode 100644 index 000000000..ca667c7fe --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -0,0 +1,394 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_core.h" + +typedef size_t RangeTo__size_t; + +typedef size_t RangeFrom__size_t; + +typedef struct Option__int32_t_s +{ + core_option_Option__size_t_tags tag; + int32_t f0; +} +Option__int32_t; + +typedef struct Option__uint32_t_s +{ + core_option_Option__size_t_tags tag; + uint32_t f0; +} +Option__uint32_t; + +static uint8_t is_non_zero(uint8_t value) +{ + uint16_t value0 = (uint16_t)value; + uint16_t uu____0 = value0; + uint16_t + result = + (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) + >> 8U + & 1U; + return (uint8_t)result; +} + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +) +{ + uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); + uint8_t out[32U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) + { + size_t i0 = i; + uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); + out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); + } + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +) +{ + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return is_non_zero(r); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +) +{ + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) +{ + uint8_t out[800U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +) +{ + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return is_non_zero(r); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) +{ + uint8_t out[1600U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +) +{ + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + } + return is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +{ + uint8_t out[33U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +{ + uint8_t out[34U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +{ + uint8_t out[1120U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +void +core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +) +{ + if (self.tag == core_result_Ok) + { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h new file mode 100644 index 000000000..d44fb7324 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -0,0 +1,135 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_core_H +#define __libcrux_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } +libcrux_ml_kem_types_MlKemPublicKey____800size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } +libcrux_ml_kem_types_MlKemCiphertext____768size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemPublicKey____1568size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemCiphertext____1568size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } +libcrux_ml_kem_types_MlKemPublicKey____1184size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } +libcrux_ml_kem_types_MlKemCiphertext____1088size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; + +typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s +{ + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_intrinsics_neon.h b/libcrux-ml-kem/c/libcrux_intrinsics_neon.h new file mode 100644 index 000000000..21a2a3d15 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_intrinsics_neon.h @@ -0,0 +1,347 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_intrinsics_neon_H +#define __libcrux_intrinsics_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vaddq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vaddq_u32( + core_core_arch_arm_shared_neon_uint32x4_t x0, + core_core_arch_arm_shared_neon_uint32x4_t x1 +); + +extern uint16_t +libcrux_intrinsics_arm64__vaddv_u16(core_core_arch_arm_shared_neon_uint16x4_t x0); + +extern int16_t +libcrux_intrinsics_arm64__vaddvq_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vandq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vandq_u16( + core_core_arch_arm_shared_neon_uint16x8_t x0, + core_core_arch_arm_shared_neon_uint16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vandq_u32( + core_core_arch_arm_shared_neon_uint32x4_t x0, + core_core_arch_arm_shared_neon_uint32x4_t x1 +); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vbicq_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1 +); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vcgeq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vdupq_n_s16(int16_t x0); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t x0); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t x0); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__veorq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__veorq_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1 +); + +extern core_core_arch_arm_shared_neon_uint16x4_t +libcrux_intrinsics_arm64__vget_high_u16(core_core_arch_arm_shared_neon_uint16x8_t x0); + +extern core_core_arch_arm_shared_neon_int16x4_t +libcrux_intrinsics_arm64__vget_low_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_uint16x4_t +libcrux_intrinsics_arm64__vget_low_u16(core_core_arch_arm_shared_neon_uint16x8_t x0); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice x0); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0); + +extern core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice x0); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmlal_high_s16( + core_core_arch_arm_shared_neon_int32x4_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1, + core_core_arch_arm_shared_neon_int16x8_t x2 +); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmlal_s16( + core_core_arch_arm_shared_neon_int32x4_t x0, + core_core_arch_arm_shared_neon_int16x4_t x1, + core_core_arch_arm_shared_neon_int16x4_t x2 +); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmull_high_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmull_s16( + core_core_arch_arm_shared_neon_int16x4_t x0, + core_core_arch_arm_shared_neon_int16x4_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vmulq_n_s16(core_core_arch_arm_shared_neon_int16x8_t x0, int16_t x1); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vmulq_n_u16( + core_core_arch_arm_shared_neon_uint16x8_t x0, + uint16_t x1 +); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vmulq_n_u32( + core_core_arch_arm_shared_neon_uint32x4_t x0, + uint32_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vmulq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vqdmulhq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + int16_t x1 +); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vqdmulhq_n_s32( + core_core_arch_arm_shared_neon_int32x4_t x0, + int32_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vqdmulhq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vqtbl1q_u8( + core_core_arch_arm_shared_neon_uint8x16_t x0, + core_core_arch_arm_shared_neon_uint8x16_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_s32(core_core_arch_arm_shared_neon_int32x4_t x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_s64(core_core_arch_arm_shared_neon_int64x2_t x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_u16(core_core_arch_arm_shared_neon_uint16x8_t x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_u32(core_core_arch_arm_shared_neon_uint32x4_t x0); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_u8(core_core_arch_arm_shared_neon_uint8x16_t x0); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vreinterpretq_s32_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vreinterpretq_s32_u32(core_core_arch_arm_shared_neon_uint32x4_t x0); + +extern core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vreinterpretq_s64_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vreinterpretq_s64_s32(core_core_arch_arm_shared_neon_int32x4_t x0); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vreinterpretq_u16_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vreinterpretq_u16_u8(core_core_arch_arm_shared_neon_uint8x16_t x0); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vreinterpretq_u32_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vreinterpretq_u32_s32(core_core_arch_arm_shared_neon_int32x4_t x0); + +extern core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vreinterpretq_u8_s16(core_core_arch_arm_shared_neon_int16x8_t x0); + +extern core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vreinterpretq_u8_s64(core_core_arch_arm_shared_neon_int64x2_t x0); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vshlq_n_u32(int32_t x0, core_core_arch_arm_shared_neon_uint32x4_t x1); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vshlq_n_u64(int32_t x0, core_core_arch_arm_shared_neon_uint64x2_t x1); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vshlq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vshlq_u16( + core_core_arch_arm_shared_neon_uint16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vshrq_n_s16(int32_t x0, core_core_arch_arm_shared_neon_int16x8_t x1); + +extern core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vshrq_n_u16(int32_t x0, core_core_arch_arm_shared_neon_uint16x8_t x1); + +extern core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vshrq_n_u32(int32_t x0, core_core_arch_arm_shared_neon_uint32x4_t x1); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vshrq_n_u64(int32_t x0, core_core_arch_arm_shared_neon_uint64x2_t x1); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vsliq_n_s32( + int32_t x0, + core_core_arch_arm_shared_neon_int32x4_t x1, + core_core_arch_arm_shared_neon_int32x4_t x2 +); + +extern core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vsliq_n_s64( + int32_t x0, + core_core_arch_arm_shared_neon_int64x2_t x1, + core_core_arch_arm_shared_neon_int64x2_t x2 +); + +extern void +libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice x0, + core_core_arch_arm_shared_neon_uint64x2_t x1 +); + +extern void +libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_slice x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern void +libcrux_intrinsics_arm64__vst1q_u8( + Eurydice_slice x0, + core_core_arch_arm_shared_neon_uint8x16_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vsubq_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vtrn1q_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vtrn1q_s32( + core_core_arch_arm_shared_neon_int32x4_t x0, + core_core_arch_arm_shared_neon_int32x4_t x1 +); + +extern core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vtrn1q_s64( + core_core_arch_arm_shared_neon_int64x2_t x0, + core_core_arch_arm_shared_neon_int64x2_t x1 +); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vtrn1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1 +); + +extern core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vtrn2q_s16( + core_core_arch_arm_shared_neon_int16x8_t x0, + core_core_arch_arm_shared_neon_int16x8_t x1 +); + +extern core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vtrn2q_s32( + core_core_arch_arm_shared_neon_int32x4_t x0, + core_core_arch_arm_shared_neon_int32x4_t x1 +); + +extern core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vtrn2q_s64( + core_core_arch_arm_shared_neon_int64x2_t x0, + core_core_arch_arm_shared_neon_int64x2_t x1 +); + +extern core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vtrn2q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c new file mode 100644 index 000000000..347f5e46e --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -0,0 +1,2183 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_mlkem1024.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; + memcpy(uu____1, + state, + (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t0(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, + out); +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +static void +decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static void +decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + } + else + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____7 = public_key; + uint8_t uu____8[32U]; + memcpy(uu____8, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____7, + uu____8); + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; + if (uu____1) + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + return uu____2; + } + else + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static bool +validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static bool validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(public_key); + return uu____2; + } + else + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if (validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h new file mode 100644 index 000000000..43ba98645 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -0,0 +1,132 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem1024_H +#define __libcrux_mlkem1024_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_polynomial.h" +#include "libcrux_platform.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c new file mode 100644 index 000000000..60bb6997e --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -0,0 +1,2058 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_mlkem512.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; + memcpy(uu____1, + state, + (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t0(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +static void +decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static void +decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + } + else + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + uu____4); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____7 = public_key; + uint8_t uu____8[32U]; + memcpy(uu____8, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____7, + uu____8); + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; + if (uu____1) + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + return uu____2; + } + else + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static bool +validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static bool validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(public_key); + return uu____2; + } + else + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (validate_public_key___2size_t_768size_t_800size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h new file mode 100644 index 000000000..0ce3d0209 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -0,0 +1,138 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem512_H +#define __libcrux_mlkem512_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_polynomial.h" +#include "libcrux_platform.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c new file mode 100644 index 000000000..4446d4362 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -0,0 +1,3022 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_mlkem768.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_core.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +typedef struct __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s +{ + libcrux_ml_kem_vector_PortableVector fst; + libcrux_ml_kem_vector_PortableVector snd; +} +__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; + +static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, + zeta_r); + b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, + &t); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, + &a); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &b)); + b = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, + zeta_r); + return + ( + (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + state[i] = libcrux_sha3_portable_incremental_shake128_init(); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); + } + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; + memcpy(uu____1, + state, + (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); + } + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficients = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +static void +decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static void +decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + } + else + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____7 = public_key; + uint8_t uu____8[32U]; + memcpy(uu____8, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____7, + uu____8); + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; + if (uu____1) + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + return uu____2; + } + else + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static bool +validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static bool validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = false; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(public_key); + return uu____2; + } + else + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if (validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h new file mode 100644 index 000000000..73c99ca4c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -0,0 +1,132 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem768_H +#define __libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_polynomial.h" +#include "libcrux_platform.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..3bde51716 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -0,0 +1,33 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem_avx2_H +#define __libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_neon.h" +#include "eurydice_glue.h" + +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U]; +} +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2_Simd256Hash; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c new file mode 100644 index 000000000..a39ab8e5d --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -0,0 +1,9734 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) +{ + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0) + } + ); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) +{ + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)) + } + ); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; + core_core_arch_arm_shared_neon_int16x8_t + c0 = + libcrux_intrinsics_arm64__vandq_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; + core_core_arch_arm_shared_neon_int16x8_t + c1 = + libcrux_intrinsics_arm64__vandq_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t + vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, + LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t + vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t + quotient = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, + vec0, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + sub = + libcrux_intrinsics_arm64__vmulq_n_s16(quotient, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); + v.high = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high +) +{ + core_core_arch_arm_shared_neon_int16x8_t + k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vmulq_n_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t + c = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + int16_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t + v_high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + v.low = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.low, + c); + v.high = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.high, + c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t + quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t + shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t + mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + shifted, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + shifted_to_positive = libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t + shifted_positive_in_range = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t + shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + shifted0, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + shifted_to_positive0 = libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t + shifted_positive_in_range0 = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); +} + +inline int16_t +libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits) +{ + int16_t uu____0; + switch (coefficient_bits) + { + case 4: + { + uu____0 = (int16_t)15; + break; + } + case 5: + { + uu____0 = (int16_t)31; + break; + } + case 10: + { + uu____0 = (int16_t)1023; + break; + } + case 11: + { + uu____0 = (int16_t)2047; + break; + } + default: + { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t + v_high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); + core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int32x4_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); + core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int64x2_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +) +{ + core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t + a1 = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t + b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); + core_core_arch_arm_shared_neon_int32x4_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return + libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step(a, + zeta1, + zeta2, + zeta3, + zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t + b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); + core_core_arch_arm_shared_neon_int64x2_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +) +{ + core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t + a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t + b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t + b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t + a1b1 = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, b1); + core_core_arch_arm_shared_neon_int16x4_t + uu____0 = libcrux_intrinsics_arm64__vget_low_s16(a1b1); + core_core_arch_arm_shared_neon_int32x4_t + a1b1_low = + libcrux_intrinsics_arm64__vmull_s16(uu____0, + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t + a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____2 = libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int16x8_t + fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____1, + uu____2, + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t + fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, + a0, + b0)); + core_core_arch_arm_shared_neon_int16x4_t uu____3 = libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int32x4_t + a0b1_low = + libcrux_intrinsics_arm64__vmull_s16(uu____3, + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t + a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____5 = libcrux_intrinsics_arm64__vget_low_s16(a1); + core_core_arch_arm_shared_neon_int16x8_t + snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____4, + uu____5, + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t + snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, + a1, + b0)); + core_core_arch_arm_shared_neon_int16x8_t + fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t + fst_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t + snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t + snd_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t + fst = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t + snd = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(low0, + high0)); + core_core_arch_arm_shared_neon_int16x8_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(low0, + high0)); + uint8_t + indexes[16U] = { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U }; + core_core_arch_arm_shared_neon_uint8x16_t + index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + indexes, + uint8_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), + index)); + core_core_arch_arm_shared_neon_int16x8_t + high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), + index)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low2, .high = high2 }); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return + libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply(lhs, + rhs, + zeta1, + zeta2, + zeta3, + zeta4); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[2U] +) +{ + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t + high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) +{ + core_core_arch_arm_shared_neon_int16x8_t + one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t + low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, + (size_t)0U, + uint8_t, + uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t + high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, + (size_t)1U, + uint8_t, + uint8_t)); + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, + (int16_t)-7 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t + high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vandq_s16(low, one); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vandq_s16(high, one) + } + ); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[8U] +) +{ + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, + (int16_t)12 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + lowt = + libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), + shift); + core_core_arch_arm_shared_neon_uint16x8_t + hight = + libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), + shift); + uint64_t + sum0 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t + sum1 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t + sum2 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t + sum3 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) +{ + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t [8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t input = core_num__u64_9__from_le_bytes(ret); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input & 15ULL); + low[1U] = (int16_t)(input >> 4U & 15ULL); + low[2U] = (int16_t)(input >> 8U & 15ULL); + low[3U] = (int16_t)(input >> 12U & 15ULL); + low[4U] = (int16_t)(input >> 16U & 15ULL); + low[5U] = (int16_t)(input >> 20U & 15ULL); + low[6U] = (int16_t)(input >> 24U & 15ULL); + low[7U] = (int16_t)(input >> 28U & 15ULL); + high[0U] = (int16_t)(input >> 32U & 15ULL); + high[1U] = (int16_t)(input >> 36U & 15ULL); + high[2U] = (int16_t)(input >> 40U & 15ULL); + high[3U] = (int16_t)(input >> 44U & 15ULL); + high[4U] = (int16_t)(input >> 48U & 15ULL); + high[5U] = (int16_t)(input >> 52U & 15ULL); + high[6U] = (int16_t)(input >> 56U & 15ULL); + high[7U] = (int16_t)(input >> 60U & 15ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t ret[16U] +) +{ + int16_t out[16U] = { 0U }; + libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, + out, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, + out, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[10U] +) +{ + uint8_t res[10U] = { 0U }; + int16_t out[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); + res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); + res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); + res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); + res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); + res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); + res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | out[(size_t)8U + (size_t)1U] << 5U); + res[6U] = + (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | out[(size_t)8U + (size_t)2U] << 2U) + | out[(size_t)8U + (size_t)3U] << 7U); + res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | out[(size_t)8U + (size_t)4U] << 4U); + res[8U] = + (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | out[(size_t)8U + (size_t)5U] << 1U) + | out[(size_t)8U + (size_t)6U] << 6U); + res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | out[(size_t)8U + (size_t)7U] << 3U); + memcpy(ret, res, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)8U, + input0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____1[8U]; + memcpy(uu____1, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); + uint8_t input1[8U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)8U, + input1, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(low64 & 31ULL); + low[1U] = (int16_t)(low64 >> 5U & 31ULL); + low[2U] = (int16_t)(low64 >> 10U & 31ULL); + low[3U] = (int16_t)(low64 >> 15U & 31ULL); + low[4U] = (int16_t)(low64 >> 20U & 31ULL); + low[5U] = (int16_t)(low64 >> 25U & 31ULL); + low[6U] = (int16_t)(low64 >> 30U & 31ULL); + low[7U] = (int16_t)(low64 >> 35U & 31ULL); + high[0U] = (int16_t)(high64 & 31ULL); + high[1U] = (int16_t)(high64 >> 5U & 31ULL); + high[2U] = (int16_t)(high64 >> 10U & 31ULL); + high[3U] = (int16_t)(high64 >> 15U & 31ULL); + high[4U] = (int16_t)(high64 >> 20U & 31ULL); + high[5U] = (int16_t)(high64 >> 25U & 31ULL); + high[6U] = (int16_t)(high64 >> 30U & 31ULL); + high[7U] = (int16_t)(high64 >> 35U & 31ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[20U] +) +{ + core_core_arch_arm_shared_neon_int32x4_t + low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + mixt = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, + low00, + low10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, + low0, + low1, + core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t + high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, + high00, + high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, + high0, + high1, + core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)13U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)15U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)15U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)29U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + uint8_t input1[8U] = { 0U }; + uint8_t input2[4U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[4U]; + memcpy(uu____5, input2, (size_t)4U * sizeof (uint8_t)); + uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input00 & 1023ULL); + low[1U] = (int16_t)(input00 >> 10U & 1023ULL); + low[2U] = (int16_t)(input00 >> 20U & 1023ULL); + low[3U] = (int16_t)(input00 >> 30U & 1023ULL); + low[4U] = (int16_t)(input00 >> 40U & 1023ULL); + low[5U] = (int16_t)(input00 >> 50U & 1023ULL); + low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); + low[7U] = (int16_t)(input10 >> 6U & 1023ULL); + high[0U] = (int16_t)(input10 >> 16U & 1023ULL); + high[1U] = (int16_t)(input10 >> 26U & 1023ULL); + high[2U] = (int16_t)(input10 >> 36U & 1023ULL); + high[3U] = (int16_t)(input10 >> 46U & 1023ULL); + high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); + high[5U] = (int16_t)(input20 >> 2U & 1023U); + high[6U] = (int16_t)(input20 >> 12U & 1023U); + high[7U] = (int16_t)(input20 >> 22U & 1023U); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[22U] +) +{ + int16_t input[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)input[0U]; + result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); + result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); + result[3U] = (uint8_t)(input[2U] >> 2U); + result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); + result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); + result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); + result[7U] = (uint8_t)(input[5U] >> 1U); + result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); + result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); + result[10U] = (uint8_t)(input[7U] >> 3U); + result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; + result[(size_t)11U + (size_t)1U] = + (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | input[(size_t)8U + (size_t)1U] << 3U); + result[(size_t)11U + (size_t)2U] = + (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | input[(size_t)8U + (size_t)2U] << 6U); + result[(size_t)11U + (size_t)3U] = (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); + result[(size_t)11U + (size_t)4U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | input[(size_t)8U + (size_t)3U] << 1U); + result[(size_t)11U + (size_t)5U] = + (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | input[(size_t)8U + (size_t)4U] << 4U); + result[(size_t)11U + (size_t)6U] = + (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | input[(size_t)8U + (size_t)5U] << 7U); + result[(size_t)11U + (size_t)7U] = (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); + result[(size_t)11U + (size_t)8U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | input[(size_t)8U + (size_t)6U] << 2U); + result[(size_t)11U + (size_t)9U] = + (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | input[(size_t)8U + (size_t)7U] << 5U); + result[(size_t)11U + (size_t)10U] = (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + uint8_t input1[8U] = { 0U }; + uint8_t input2[8U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)8U, + input2, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[8U]; + memcpy(uu____5, input2, (size_t)8U * sizeof (uint8_t)); + uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input00 & 2047ULL); + low[1U] = (int16_t)(input00 >> 11U & 2047ULL); + low[2U] = (int16_t)(input00 >> 22U & 2047ULL); + low[3U] = (int16_t)(input00 >> 33U & 2047ULL); + low[4U] = (int16_t)(input00 >> 44U & 2047ULL); + low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); + low[6U] = (int16_t)(input10 >> 2U & 2047ULL); + low[7U] = (int16_t)(input10 >> 13U & 2047ULL); + high[0U] = (int16_t)(input10 >> 24U & 2047ULL); + high[1U] = (int16_t)(input10 >> 35U & 2047ULL); + high[2U] = (int16_t)(input10 >> 46U & 2047ULL); + high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); + high[4U] = (int16_t)(input20 >> 4U & 2047ULL); + high[5U] = (int16_t)(input20 >> 15U & 2047ULL); + high[6U] = (int16_t)(input20 >> 26U & 2047ULL); + high[7U] = (int16_t)(input20 >> 37U & 2047ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[24U] +) +{ + core_core_arch_arm_shared_neon_int32x4_t + low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + mixt = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, + low00, + low10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, + low0, + low1, + core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t + high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, + high00, + high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, + high0, + high1, + core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)6U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)14U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)18U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)18U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)30U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) +{ + uint8_t indexes[16U] = { 0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U }; + core_core_arch_arm_shared_neon_uint8x16_t + index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + indexes, + uint8_t, + Eurydice_slice)); + int16_t + shifts[8U] = + { + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, + (int16_t)-4 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift_vec = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifts, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)16U, + input0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_arm_shared_neon_uint8x16_t + input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + input0, + uint8_t, + Eurydice_slice)); + uint8_t input1[16U] = { 0U }; + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)16U, + input1, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_arm_shared_neon_uint8x16_t + input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + input1, + uint8_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, + index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t + shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted0, + mask12)); + core_core_arch_arm_shared_neon_uint16x8_t + moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, + index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t + shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted1, + mask12)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low, .high = high }); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self +) +{ + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + v.low = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + v.low, + core_core_arch_arm_shared_neon_int16x8_t); + v.high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + v.high, + core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t(a); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fm = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = self->shake128_state; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[168U]; + memcpy(uu____2, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____2, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____3, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_slice a) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash + xof_state = + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[2U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [192U], + Eurydice_slice), + (size_t)1U, + uint8_t [192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[192U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [192U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)192U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[192U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [192U], void *); + libcrux_sha3_neon_x2_shake256(uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)192U, ret1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct +__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; +} +__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, + fer); +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(b, zeta_r); + b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(self->coefficients[j]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + a_minus_b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &b)); + b = + montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_minus_b, + zeta_r); + return + ( + (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + tmp = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + tmp0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t(v); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficients = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = self->shake128_state; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____5 = &self->shake128_state[1U]; + uint8_t ret2[504U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[504U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____5, + uu____6, + Eurydice_array_to_slice((size_t)504U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + uint8_t out2[168U] = { 0U }; + uint8_t out3[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof (uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash + xof_state = + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[4U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + uint8_t ret2[128U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); + Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[128U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____6, + uu____7, + uu____8, + Eurydice_array_to_slice((size_t)128U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out +) +{ + compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + uint8_t extra[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = self->shake128_state; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____4 = &self->shake128_state[1U]; + uint8_t ret2[504U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____4, + uu____5, + Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + uint8_t out2[168U] = { 0U }; + uint8_t out3[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash + xof_state = + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[3U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + uint8_t extra[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + uint8_t ret2[128U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h new file mode 100644 index 000000000..b83eb5c6b --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -0,0 +1,702 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem_neon_H +#define __libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_neon.h" +#include "libcrux_intrinsics_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high +); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +int16_t +libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t ret[16U] +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a +); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result); + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + shake128_state[2U]; +} +libcrux_ml_kem_hash_functions_neon_Simd128Hash; + +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[2U][504U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[2U][168U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[4U][504U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[4U][168U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][504U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][168U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h new file mode 100644 index 000000000..9a582e2b4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem_sha3_H +#define __libcrux_mlkem_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h new file mode 100644 index 000000000..ed8357591 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_platform_H +#define __libcrux_platform_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_platform_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c new file mode 100644 index 000000000..c8dbbe5fc --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -0,0 +1,2087 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_polynomial.h" + +#include "internal/libcrux_core.h" + +const +int16_t +libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = + { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, + (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, + (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, + (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, + (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, + (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, + (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, + (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, + (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, + (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, + (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, + (int16_t)1522, (int16_t)1628 + }; + +static inline libcrux_ml_kem_vector_PortableVector zero(void) +{ + libcrux_ml_kem_vector_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +static libcrux_ml_kem_vector_PortableVector ZERO(void) +{ + return zero(); +} + +static inline libcrux_ml_kem_vector_PortableVector from_i16_array(Eurydice_slice array) +{ + libcrux_ml_kem_vector_PortableVector lit; + int16_t ret[16U]; + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + int16_t [16U], + void *); + core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, + ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + return lit; +} + +static libcrux_ml_kem_vector_PortableVector from_i16_array0(Eurydice_slice array) +{ + return from_i16_array(array); +} + +static inline libcrux_ml_kem_vector_PortableVector +add(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return add(lhs, rhs); +} + +static inline libcrux_ml_kem_vector_PortableVector +sub(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return sub(lhs, rhs); +} + +static inline libcrux_ml_kem_vector_PortableVector +multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + return multiply_by_constant(v, c); +} + +static inline libcrux_ml_kem_vector_PortableVector +bitwise_and_with_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} + +static libcrux_ml_kem_vector_PortableVector +bitwise_and_with_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + return bitwise_and_with_constant(v, c); +} + +static inline libcrux_ml_kem_vector_PortableVector +cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) + { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + } + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +) +{ + return cond_subtract_3329(v); +} + +#define BARRETT_MULTIPLIER ((int32_t)20159) + +#define BARRETT_SHIFT ((int32_t)26) + +#define BARRETT_R ((int32_t)1 << (uint32_t)BARRETT_SHIFT) + +static int16_t barrett_reduce_element(int16_t value) +{ + int32_t t = (int32_t)value * BARRETT_MULTIPLIER + (BARRETT_R >> 1U); + int16_t quotient = (int16_t)(t >> (uint32_t)BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +} + +static inline libcrux_ml_kem_vector_PortableVector +barrett_reduce(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = barrett_reduce_element(v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +) +{ + return barrett_reduce(v); +} + +#define MONTGOMERY_SHIFT (16U) + +static int16_t montgomery_reduce_element(int32_t value) +{ + int32_t + k = + (int32_t)(int16_t)value + * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t + k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = (int16_t)(k_times_modulus >> (uint32_t)MONTGOMERY_SHIFT); + int16_t value_high = (int16_t)(value >> (uint32_t)MONTGOMERY_SHIFT); + return value_high - c; +} + +static inline int16_t montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) +{ + return montgomery_reduce_element((int32_t)fe * (int32_t)fer); +} + +static inline libcrux_ml_kem_vector_PortableVector +montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = montgomery_multiply_fe_by_fer(v.elements[i0], c); + v.elements[i0] = uu____0; + } + return v; +} + +static libcrux_ml_kem_vector_PortableVector +montgomery_multiply_by_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t r) +{ + return montgomery_multiply_by_constant(v, r); +} + +static uint8_t compress_message_coefficient(uint16_t fe) +{ + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress_1(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t uu____0 = compress_message_coefficient((uint16_t)v.elements[i0]); + v.elements[i0] = (int16_t)uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress_1(v); +} + +static inline uint32_t get_n_least_significant_bits(uint8_t n, uint32_t value) +{ + return value & ((1U << (uint32_t)n) - 1U); +} + +static int16_t compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) +{ + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t)get_n_least_significant_bits(coefficient_bits, (uint32_t)compressed); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t t = montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); + v.elements[2U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); + v.elements[3U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); + v.elements[6U] = v.elements[4U] - t1; + v.elements[4U] = v.elements[4U] + t1; + int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); + v.elements[7U] = v.elements[5U] - t2; + v.elements[5U] = v.elements[5U] + t2; + int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], zeta2); + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], zeta2); + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta3); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta3); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) +{ + int16_t t = montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); + v.elements[4U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); + v.elements[5U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); + v.elements[6U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); + v.elements[7U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], zeta1); + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], zeta1); + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta1); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta1); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return ntt_layer_2_step(a, zeta0, zeta1); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) +{ + int16_t t = montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + v.elements[8U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + v.elements[9U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[10U], zeta); + v.elements[10U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[11U], zeta); + v.elements[11U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[12U], zeta); + v.elements[12U] = v.elements[4U] - t3; + v.elements[4U] = v.elements[4U] + t3; + int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[13U], zeta); + v.elements[13U] = v.elements[5U] - t4; + v.elements[5U] = v.elements[5U] + t4; + int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[14U], zeta); + v.elements[14U] = v.elements[6U] - t5; + v.elements[6U] = v.elements[6U] + t5; + int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[15U], zeta); + v.elements[15U] = v.elements[7U] - t6; + v.elements[7U] = v.elements[7U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return ntt_layer_3_step(a, zeta); +} + +static inline libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t a_minus_b = v.elements[2U] - v.elements[0U]; + int16_t uu____0 = barrett_reduce_element(v.elements[0U] + v.elements[2U]); + v.elements[0U] = uu____0; + int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[2U] = uu____1; + int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; + int16_t uu____2 = barrett_reduce_element(v.elements[1U] + v.elements[3U]); + v.elements[1U] = uu____2; + int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[3U] = uu____3; + int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; + int16_t uu____4 = barrett_reduce_element(v.elements[4U] + v.elements[6U]); + v.elements[4U] = uu____4; + int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + v.elements[6U] = uu____5; + int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; + int16_t uu____6 = barrett_reduce_element(v.elements[5U] + v.elements[7U]); + v.elements[5U] = uu____6; + int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + v.elements[7U] = uu____7; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t + uu____8 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); + v.elements[(size_t)8U + (size_t)0U] = uu____8; + int16_t uu____9 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + v.elements[(size_t)8U + (size_t)2U] = uu____9; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t + uu____10 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); + v.elements[(size_t)8U + (size_t)1U] = uu____10; + int16_t uu____11 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + v.elements[(size_t)8U + (size_t)3U] = uu____11; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t + uu____12 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); + v.elements[(size_t)8U + (size_t)4U] = uu____12; + int16_t uu____13 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + v.elements[(size_t)8U + (size_t)6U] = uu____13; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t + uu____14 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); + v.elements[(size_t)8U + (size_t)5U] = uu____14; + int16_t uu____15 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + v.elements[(size_t)8U + (size_t)7U] = uu____15; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +static inline libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) +{ + int16_t a_minus_b = v.elements[4U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[4U]; + int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[4U] = uu____0; + int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[5U]; + int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[5U] = uu____1; + int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[6U]; + int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + v.elements[6U] = uu____2; + int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[7U]; + int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + v.elements[7U] = uu____3; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v.elements[(size_t)8U + (size_t)4U] = uu____4; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v.elements[(size_t)8U + (size_t)5U] = uu____5; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + + (size_t)2U] + + v.elements[(size_t)8U + (size_t)6U]; + int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v.elements[(size_t)8U + (size_t)6U] = uu____6; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + + (size_t)3U] + + v.elements[(size_t)8U + (size_t)7U]; + int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v.elements[(size_t)8U + (size_t)7U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return inv_ntt_layer_2_step(a, zeta0, zeta1); +} + +static inline libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) +{ + int16_t a_minus_b = v.elements[8U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[8U]; + int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + v.elements[8U] = uu____0; + int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[9U]; + int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + v.elements[9U] = uu____1; + int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[10U]; + int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + v.elements[10U] = uu____2; + int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[11U]; + int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + v.elements[11U] = uu____3; + int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; + v.elements[4U] = v.elements[4U] + v.elements[12U]; + int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + v.elements[12U] = uu____4; + int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; + v.elements[5U] = v.elements[5U] + v.elements[13U]; + int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + v.elements[13U] = uu____5; + int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; + v.elements[6U] = v.elements[6U] + v.elements[14U]; + int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + v.elements[14U] = uu____6; + int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; + v.elements[7U] = v.elements[7U] + v.elements[15U]; + int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + v.elements[15U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return inv_ntt_layer_3_step(a, zeta); +} + +typedef struct __int16_t_int16_t_s +{ + int16_t fst; + int16_t snd; +} +__int16_t_int16_t; + +static inline __int16_t_int16_t +ntt_multiply_binomials(__int16_t_int16_t _, __int16_t_int16_t _0, int16_t zeta) +{ + int16_t a0 = _.fst; + int16_t a1 = _.snd; + int16_t b0 = _0.fst; + int16_t b1 = _0.snd; + int32_t uu____0 = (int32_t)a0 * (int32_t)b0; + int16_t + uu____1 = + montgomery_reduce_element(uu____0 + + (int32_t)montgomery_reduce_element((int32_t)a1 * (int32_t)b1) * (int32_t)zeta); + return + ( + (__int16_t_int16_t){ + .fst = uu____1, + .snd = montgomery_reduce_element((int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0) + } + ); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + libcrux_ml_kem_vector_PortableVector out = zero(); + __int16_t_int16_t lit0; + lit0.fst = lhs->elements[0U]; + lit0.snd = lhs->elements[1U]; + __int16_t_int16_t lit1; + lit1.fst = rhs->elements[0U]; + lit1.snd = rhs->elements[1U]; + __int16_t_int16_t product = ntt_multiply_binomials(lit0, lit1, zeta0); + out.elements[0U] = product.fst; + out.elements[1U] = product.snd; + __int16_t_int16_t lit2; + lit2.fst = lhs->elements[2U]; + lit2.snd = lhs->elements[3U]; + __int16_t_int16_t lit3; + lit3.fst = rhs->elements[2U]; + lit3.snd = rhs->elements[3U]; + __int16_t_int16_t product0 = ntt_multiply_binomials(lit2, lit3, -zeta0); + out.elements[2U] = product0.fst; + out.elements[3U] = product0.snd; + __int16_t_int16_t lit4; + lit4.fst = lhs->elements[4U]; + lit4.snd = lhs->elements[5U]; + __int16_t_int16_t lit5; + lit5.fst = rhs->elements[4U]; + lit5.snd = rhs->elements[5U]; + __int16_t_int16_t product1 = ntt_multiply_binomials(lit4, lit5, zeta1); + out.elements[4U] = product1.fst; + out.elements[5U] = product1.snd; + __int16_t_int16_t lit6; + lit6.fst = lhs->elements[6U]; + lit6.snd = lhs->elements[7U]; + __int16_t_int16_t lit7; + lit7.fst = rhs->elements[6U]; + lit7.snd = rhs->elements[7U]; + __int16_t_int16_t product2 = ntt_multiply_binomials(lit6, lit7, -zeta1); + out.elements[6U] = product2.fst; + out.elements[7U] = product2.snd; + __int16_t_int16_t lit8; + lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; + lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; + __int16_t_int16_t lit9; + lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; + lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; + __int16_t_int16_t product3 = ntt_multiply_binomials(lit8, lit9, zeta2); + out.elements[(size_t)8U + (size_t)0U] = product3.fst; + out.elements[(size_t)8U + (size_t)1U] = product3.snd; + __int16_t_int16_t lit10; + lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; + lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; + __int16_t_int16_t lit11; + lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; + lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; + __int16_t_int16_t product4 = ntt_multiply_binomials(lit10, lit11, -zeta2); + out.elements[(size_t)8U + (size_t)2U] = product4.fst; + out.elements[(size_t)8U + (size_t)3U] = product4.snd; + __int16_t_int16_t lit12; + lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; + lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; + __int16_t_int16_t lit13; + lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; + lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; + __int16_t_int16_t product5 = ntt_multiply_binomials(lit12, lit13, zeta3); + out.elements[(size_t)8U + (size_t)4U] = product5.fst; + out.elements[(size_t)8U + (size_t)5U] = product5.snd; + __int16_t_int16_t lit14; + lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; + lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; + __int16_t_int16_t lit; + lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; + lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; + __int16_t_int16_t product6 = ntt_multiply_binomials(lit14, lit, -zeta3); + out.elements[(size_t)8U + (size_t)6U] = product6.fst; + out.elements[(size_t)8U + (size_t)7U] = product6.snd; + return out; +} + +static libcrux_ml_kem_vector_PortableVector +ntt_multiply0( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); +} + +static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) +{ + uint8_t result[2U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) + { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] + | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_1(Eurydice_slice v) +{ + libcrux_ml_kem_vector_PortableVector result = zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) + { + size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); + } + for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + } + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +) +{ + return deserialize_1(a); +} + +static inline void serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) +{ + uint8_t result[8U] = { 0U }; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_4(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +) +{ + return deserialize_4(a); +} + +static inline void serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) +{ + uint8_t result[10U] = { 0U }; + result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); + result[1U] = + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); + result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + result[3U] = + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); + result[5U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) + << 5U + | v.elements[(size_t)8U + (size_t)0U]); + result[6U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) + << 7U + | v.elements[(size_t)8U + (size_t)2U] << 2U) + | v.elements[(size_t)8U + (size_t)1U] >> 3U); + result[7U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | v.elements[(size_t)8U + (size_t)3U] >> 1U); + result[8U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) + << 6U + | v.elements[(size_t)8U + (size_t)5U] << 1U) + | v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)7U] + << 3U + | v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_5(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); + uint8_t + uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); + uint8_t + uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); + uint8_t + uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); + uint8_t + uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); + uint8_t + uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) + << 3U; + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); + uint8_t + uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) + << 1U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t + uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) + << 4U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); + uint8_t + uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) + << 2U; + uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +) +{ + return deserialize_5(a); +} + +static inline void serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) +{ + uint8_t result[20U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); + result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); + result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[11U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + result[18U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); + result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_10(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; + int16_t + uu____8 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); + int16_t + uu____10 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; + int16_t + uu____12 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; + int16_t + uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; + int16_t + uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); + result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; + int16_t + uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); + int16_t + uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) + & (int16_t)15) + << 6U; + uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; + int16_t + uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) + & (int16_t)63) + << 4U; + uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); + result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; + int16_t + uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) + << 2U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); + result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +) +{ + return deserialize_10(a); +} + +static inline void serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +) +{ + return deserialize_11(a); +} + +static inline void serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) +{ + uint8_t result[24U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); + result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); + result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); + result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); + result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); + result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); + result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[13U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)0U] + >> 8U + | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); + result[16U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)2U] + >> 8U + | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)4U] + >> 8U + | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); + result[22U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)6U] + >> 8U + | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector re = zero(); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); + int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); + re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); + re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); + re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); + re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); + re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); + re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); + int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); + int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); + int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); + int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); + int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); + int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); + int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); + int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); + int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); + int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); + int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); + int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); + re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); + re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); + re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); + re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); + re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); + re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); + re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); + re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); + return re; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +) +{ + return deserialize_12(a); +} + +static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return rej_sample(a, out); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_PortableVector +to_standard_domain__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + montgomery_multiply_by_constant0(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___5int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___4int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___11int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___10int32_t(v); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + montgomery_multiply_by_constant0(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + bitwise_and_with_constant0(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(ZERO(), + &v), + (int16_t)1665); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + montgomery_multiply_by_constant0(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; + lit.coefficients[0U] = ZERO(); + lit.coefficients[1U] = ZERO(); + lit.coefficients[2U] = ZERO(); + lit.coefficients[3U] = ZERO(); + lit.coefficients[4U] = ZERO(); + lit.coefficients[5U] = ZERO(); + lit.coefficients[6U] = ZERO(); + lit.coefficients[7U] = ZERO(); + lit.coefficients[8U] = ZERO(); + lit.coefficients[9U] = ZERO(); + lit.coefficients[10U] = ZERO(); + lit.coefficients[11U] = ZERO(); + lit.coefficients[12U] = ZERO(); + lit.coefficients[13U] = ZERO(); + lit.coefficients[14U] = ZERO(); + lit.coefficients[15U] = ZERO(); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + from_i16_array0(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_vector_PortableVector +shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + } + return v; +} + +static libcrux_ml_kem_vector_PortableVector +shift_right___15int32_t0(libcrux_ml_kem_vector_PortableVector v) +{ + return shift_right___15int32_t(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +) +{ + libcrux_ml_kem_vector_PortableVector t = shift_right___15int32_t0(a); + libcrux_ml_kem_vector_PortableVector + fm = bitwise_and_with_constant0(t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &fm); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = montgomery_multiply_by_constant0(b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + ntt_multiply0(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); + decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); + decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___4int32_t(v); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +) +{ + return montgomery_multiply_by_constant0(v, fer); +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); + decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___10int32_t(v); +} + diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h new file mode 100644 index 000000000..e81f1220f --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_polynomial_H +#define __libcrux_polynomial_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_PortableVector; + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s +{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_polynomial_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c new file mode 100644 index 000000000..3c8aed7e7 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -0,0 +1,3270 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_core.h" + +#include "libcrux_sha3.h" + +#include "internal/libcrux_core.h" + +const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) +{ + return 0ULL; +} + +inline uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) +{ + uint64_t uu____0 = a; + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) +{ + return a ^ (b & ~c); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) +{ + return a ^ c; +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +) +{ + return a ^ b; +} + +inline void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + ret[0U] = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); +} + +inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out[0U], + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +) +{ + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + uint64_t + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + uint64_t + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + uint64_t + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + uint64_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + uint64_t + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + uint64_t + uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + uint64_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)72U, + (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} + +inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} + +inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); +} + +void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) +{ + size_t uu____0; + switch (mode) + { + case libcrux_sha3_Sha224: + { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = (size_t)64U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)144U, + (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); +} + +inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)104U, + (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); +} + +inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha224(digest, payload); +} + +inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) +{ + uint8_t out[28U] = { 0U }; + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha256(digest, payload); +} + +inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) +{ + uint8_t out[32U] = { 0U }; + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha384(digest, payload); +} + +inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) +{ + uint8_t out[48U] = { 0U }; + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +} + +inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha512(digest, payload); +} + +inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)168U, + (size_t)168U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + } + } +} + +inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); +} + +inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); +} + +const +size_t +libcrux_sha3_generic_keccak__PI[24U] = + { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, + (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, + (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, + (size_t)14U, (size_t)15U, (size_t)21U + }; + +const +size_t +libcrux_sha3_generic_keccak__ROTC[24U] = + { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, + (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, + (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, + (size_t)61U, (size_t)56U, (size_t)14U + }; + +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +) +{ + return self[0U]; +} + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +) +{ + uint32_t uu____0; + switch (v) + { + case libcrux_sha3_Sha224: + { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = 4U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) +{ + libcrux_sha3_Algorithm uu____0; + switch (v) + { + case 1U: + { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: + { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: + { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: + { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h new file mode 100644 index 000000000..ebdfa5a85 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -0,0 +1,944 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_H +#define __libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); + +uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +); + +uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +); + +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid); + +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +); + +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s +{ uint64_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +); + +void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_KeccakState1; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void); + +void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +); + +void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); + +void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); + +void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); + +void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); + +void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); + +extern const size_t libcrux_sha3_generic_keccak__PI[24U]; + +extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +); + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +); + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c new file mode 100644 index 000000000..92b0d98d3 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -0,0 +1,125 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "intrinsics/libcrux_intrinsics_avx2.h" + +#include "libcrux_sha3_avx2.h" + +#include "internal/libcrux_core.h" + +inline void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_avx2_x4_incremental_shake128_init(void) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h new file mode 100644 index 000000000..8eacdba44 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -0,0 +1,66 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_avx2_H +#define __libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem_avx2.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_avx2_x4_incremental_shake128_init(void); + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c new file mode 100644 index 000000000..e68465eb6 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -0,0 +1,3727 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "intrinsics/libcrux_intrinsics_arm64.h" + +#include "libcrux_sha3_neon.h" + +#include "internal/libcrux_core.h" + +static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) +{ + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e +) +{ + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left1_and_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c +) +{ + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +and_not_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c +) +{ + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) +{ + core_core_arch_arm_shared_neon_uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_constant(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) +{ + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor0(core_core_arch_arm_shared_neon_uint64x2_t a, core_core_arch_arm_shared_neon_uint64x2_t b) +{ + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static inline void +slice_2(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) +{ + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = + Eurydice_slice_subslice(a[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +slice_n(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_2(Eurydice_slice out[2U], size_t mid) +{ + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out0, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at_mut(out1, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_n(Eurydice_slice a[2U], size_t mid) +{ + return split_at_mut_2(a, mid); +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void +load_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)72U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___72size_t(uu____0, uu____1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); + core_core_arch_arm_shared_neon_uint64x2_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + core_core_arch_arm_shared_neon_uint64x2_t + uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t + uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t + uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t + uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t + uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t + uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t + uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t + uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t + uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t + uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t + uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t + uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t + uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t + uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t + uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t + uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t + uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t + uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t + uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t + uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_arm_shared_neon_uint64x2_t + uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_arm_shared_neon_uint64x2_t + uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_arm_shared_neon_uint64x2_t + uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_arm_shared_neon_uint64x2_t + uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_arm_shared_neon_uint64x2_t + uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +inline void +libcrux_sha3_generic_keccak_pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + core_core_arch_arm_shared_neon_uint64x2_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_arm_shared_neon_uint64x2_t [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + size_t i +) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + libcrux_sha3_generic_keccak_pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + libcrux_sha3_generic_keccak_chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + libcrux_sha3_generic_keccak_iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___72size_t0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___72size_t(uu____0, buf); +} + +static inline void +load_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___72size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___72size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___72size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___72size_t0(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___72size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___72size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___72size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___72size_t0(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, + o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(s, + o1); + } + } +} + +inline void +libcrux_sha3_neon_keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____0, + out); +} + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[64U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice) }; + libcrux_sha3_neon_keccakx2___72size_t_6uint8_t(uu____0, buf); +} + +static inline void +load_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)136U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___136size_t(uu____0, buf); +} + +static inline void +load_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___136size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___136size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___136size_t0(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___136size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___136size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___136size_t0(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, + o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, + o1); + } + } +} + +inline void +libcrux_sha3_neon_keccakx2___136size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____0, + out); +} + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice) }; + libcrux_sha3_neon_keccakx2___136size_t_6uint8_t(uu____0, buf); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___136size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, + o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, + o1); + } + } +} + +inline void +libcrux_sha3_neon_keccakx2___136size_t_31uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____0, + out); +} + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Eurydice_slice buf0[2U] = { input0, input1 }; + Eurydice_slice buf[2U] = { out0, out1 }; + libcrux_sha3_neon_keccakx2___136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); +} + +static inline void +load_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)168U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block_full___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___168size_t(uu____0, buf); +} + +static inline void +load_block_full___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___168size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice data0, + Eurydice_slice data1 +) +{ + Eurydice_slice buf[2U] = { data0, data1 }; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t(s, + buf); +} + +static inline void +store_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___168size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___168size_t0(s->st, out); +} + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Eurydice_slice buf[2U] = { out0, out1 }; + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, + buf); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___168size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____0 = split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, + o0); + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____1 = split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, + o1); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, + o2); +} + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Eurydice_slice buf[2U] = { out0, out1 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, + buf); +} + +static inline void +load_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)144U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___144size_t0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___144size_t(uu____0, buf); +} + +static inline void +load_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___144size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___144size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___144size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___144size_t0(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___144size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___144size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___144size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___144size_t0(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, + o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(s, + o1); + } + } +} + +inline void +libcrux_sha3_neon_keccakx2___144size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____0, + out); +} + +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[28U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice) }; + libcrux_sha3_neon_keccakx2___144size_t_6uint8_t(uu____0, buf); +} + +static inline void +load_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)104U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___104size_t0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___104size_t(uu____0, buf); +} + +static inline void +load_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___104size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___104size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___104size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___104size_t0(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___104size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___104size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___104size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___104size_t0(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, + o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(s, + o1); + } + } +} + +inline void +libcrux_sha3_neon_keccakx2___104size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____0, + out); +} + +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[48U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice) }; + libcrux_sha3_neon_keccakx2___104size_t_6uint8_t(uu____0, buf); +} + diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h new file mode 100644 index 000000000..323d5ff46 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -0,0 +1,335 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_neon_H +#define __libcrux_sha3_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_intrinsics_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s +{ core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + void +); + +void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]); + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_keccakx2___136size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_keccakx2___136size_t_31uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +); + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_shake128_init(void); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +); + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice data0, + Eurydice_slice data1 +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_keccakx2___144size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void +libcrux_sha3_neon_keccakx2___104size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +); + +void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_neon_H_DEFINED +#endif From 0382b43cae323252849322d139efbe4be350addf Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 17:54:07 -0700 Subject: [PATCH 67/94] Regenerate the code on AVX2... and update config so that AVX2 code-gen works too --- libcrux-ml-kem/c.yaml | 1 + libcrux-ml-kem/c/CMakeLists.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 120 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 4 +- .../c/internal/libcrux_polynomial.h | 10 +- libcrux-ml-kem/c/libcrux_core.c | 59 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 53 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 53 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 53 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 655 ++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 679 +-- libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_platform.h | 2 +- libcrux-ml-kem/c/libcrux_polynomial.c | 1424 ++++++- libcrux-ml-kem/c/libcrux_polynomial.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.c | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2513 ++++++++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 117 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3766 +---------------- libcrux-ml-kem/c/libcrux_sha3_neon.h | 281 +- 25 files changed, 4957 insertions(+), 4851 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 9227b7929..576c291e1 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -33,6 +33,7 @@ files: private: - [libcrux_sha3, simd, avx2, "*"] monomorphizations_of: + - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] monomorphizations_using: - [libcrux_sha3, simd, avx2, "*"] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index f9818586f..c954d734e 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -14,7 +14,7 @@ include_directories( ${PROJECT_SOURCE_DIR}/internal ${PROJECT_SOURCE_DIR}/karamel/include ) -file(GLOB SOURCES +file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/core.c ${PROJECT_SOURCE_DIR}/libcrux_sha3.c ) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 4cb9bc8d3..dbb88c5df 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -29,12 +29,12 @@ core_option_Option__size_t; #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) void @@ -80,6 +80,12 @@ uint8_t libcrux_ml_kem_types_MlKemPublicKey____800size_t *self ); +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { Eurydice_slice fst; @@ -87,12 +93,6 @@ typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192s } K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( libcrux_ml_kem_types_MlKemCiphertext____768size_t *self @@ -161,6 +161,12 @@ uint8_t libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self ); +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { Eurydice_slice fst; @@ -168,6 +174,19 @@ typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128s } K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +typedef struct K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; + typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { Eurydice_slice fst; @@ -175,28 +194,72 @@ typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504s } K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self ); void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + +typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U] ); +typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; + void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); +core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U] +); + +typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); +core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U] +); typedef struct core_option_Option__Eurydice_slice_uint8_t_s { @@ -205,14 +268,9 @@ typedef struct core_option_Option__Eurydice_slice_uint8_t_s } core_option_Option__Eurydice_slice_uint8_t; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; - typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -227,16 +285,16 @@ core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_Tr int16_t ret[16U] ); -typedef struct K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s +typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; } -K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; +K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index fddebd288..ace6f4826 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -13,7 +13,7 @@ extern "C" { #endif #include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_core.h" #include "../libcrux_mlkem768.h" #include "eurydice_glue.h" diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 1345275e7..63287b074 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -24,6 +24,12 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; + libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( libcrux_ml_kem_vector_PortableVector lhs, @@ -52,8 +58,6 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m libcrux_ml_kem_vector_PortableVector v ); -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) - libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( libcrux_ml_kem_vector_PortableVector v diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index ca667c7fe..689fb6501 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -354,6 +354,63 @@ libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_ memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); } +void +core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index d44fb7324..94ce0e0ee 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 347f5e46e..fde6f5e71 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,14 +1,14 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ #include "libcrux_mlkem1024.h" #include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_mlkem768.h" #include "internal/libcrux_core.h" @@ -1371,7 +1371,7 @@ decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_140 ) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -1384,13 +1384,7 @@ decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_140 uint8_t uu____2[32U]; if (uu____1) { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - } - else if (libcrux_platform_platform_simd128_support()) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, ciphertext, uu____2); } @@ -1525,7 +1519,7 @@ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11si ) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -1542,26 +1536,18 @@ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11si uint8_t uu____4[32U]; memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, uu____4); } - else if (libcrux_platform_platform_simd128_support()) + else { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; uint8_t uu____6[32U]; memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, uu____6); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____7 = public_key; - uint8_t uu____8[32U]; - memcpy(uu____8, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____7, - uu____8); + return uu____2; } return uu____2; } @@ -1981,7 +1967,7 @@ generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_1 size_t, Eurydice_slice); bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -1995,15 +1981,8 @@ generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_1 if (uu____1) { uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else if (libcrux_platform_platform_simd128_support()) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, implicit_rejection_value); - return uu____2; } else { @@ -2123,7 +2102,7 @@ validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536si static bool validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -2137,13 +2116,7 @@ static bool validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_ if (uu____1) { uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); - } - else if (libcrux_platform_platform_simd128_support()) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(public_key); - return uu____2; + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 43ba98645..c9e81b182 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 60bb6997e..a6cd6a365 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,14 +1,14 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ #include "libcrux_mlkem512.h" #include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_mlkem768.h" #include "internal/libcrux_core.h" @@ -1246,7 +1246,7 @@ decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size ) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -1259,13 +1259,7 @@ decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size uint8_t uu____2[32U]; if (uu____1) { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - } - else if (libcrux_platform_platform_simd128_support()) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, ciphertext, uu____2); } @@ -1400,7 +1394,7 @@ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t ) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -1417,26 +1411,18 @@ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t uint8_t uu____4[32U]; memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, uu____4); } - else if (libcrux_platform_platform_simd128_support()) + else { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; uint8_t uu____6[32U]; memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, uu____6); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____7 = public_key; - uint8_t uu____8[32U]; - memcpy(uu____8, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____7, - uu____8); + return uu____2; } return uu____2; } @@ -1856,7 +1842,7 @@ generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192s size_t, Eurydice_slice); bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -1870,15 +1856,8 @@ generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192s if (uu____1) { uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else if (libcrux_platform_platform_simd128_support()) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, implicit_rejection_value); - return uu____2; } else { @@ -1998,7 +1977,7 @@ validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768siz static bool validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -2012,13 +1991,7 @@ static bool validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_ke if (uu____1) { uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); - } - else if (libcrux_platform_platform_simd128_support()) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(public_key); - return uu____2; + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 0ce3d0209..bd94fd3ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 4446d4362..1771062cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,14 +1,14 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ #include "internal/libcrux_mlkem768.h" #include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_core.h" static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -2173,7 +2173,7 @@ decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960 ) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -2186,13 +2186,7 @@ decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960 uint8_t uu____2[32U]; if (uu____1) { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - } - else if (libcrux_platform_platform_simd128_support()) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, ciphertext, uu____2); } @@ -2327,7 +2321,7 @@ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10siz ) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -2344,26 +2338,18 @@ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10siz uint8_t uu____4[32U]; memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, uu____4); } - else if (libcrux_platform_platform_simd128_support()) + else { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; uint8_t uu____6[32U]; memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, uu____6); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____7 = public_key; - uint8_t uu____8[32U]; - memcpy(uu____8, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____7, - uu____8); + return uu____2; } return uu____2; } @@ -2820,7 +2806,7 @@ generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_1 size_t, Eurydice_slice); bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -2834,15 +2820,8 @@ generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_1 if (uu____1) { uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else if (libcrux_platform_platform_simd128_support()) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, implicit_rejection_value); - return uu____2; } else { @@ -2962,7 +2941,7 @@ validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152si static bool validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) { bool uu____0; - uu____0 = false; + uu____0 = true; bool uu____1; if (uu____0) { @@ -2976,13 +2955,7 @@ static bool validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_ if (uu____1) { uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); - } - else if (libcrux_platform_platform_simd128_support()) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(public_key); - return uu____2; + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 73c99ca4c..acbdfe9c5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 3bde51716..0e7fba041 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -12,19 +12,658 @@ extern "C" { #endif -#include "libcrux_sha3_neon.h" +#include "libcrux_sha3_avx2.h" +#include "libcrux_sha3.h" +#include "libcrux_intrinsics_avx2.h" +#include "libcrux_core.h" #include "eurydice_glue.h" -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U]; -} -libcrux_sha3_avx2_x4_incremental_KeccakState4; +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); + +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_avx2_portable_PortableVector; + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); + +void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +); + +size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +); + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ core_core_arch_x86___m256i coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_ml_kem_hash_functions_avx2_Simd256Hash; +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index b83eb5c6b..3eff076f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -13,687 +13,12 @@ extern "C" { #endif #include "libcrux_sha3_neon.h" -#include "libcrux_intrinsics_neon.h" -#include "libcrux_core.h" #include "eurydice_glue.h" -typedef struct libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high -); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -int16_t -libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[2U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[2U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[8U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[8U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t ret[16U] -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[10U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[10U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[20U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[20U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[24U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[24U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a -); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result); - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self -); - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - shake128_state[2U]; -} +{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[2U][504U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[2U][168U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[4U][504U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[4U][168U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h index 9a582e2b4..0e60b7cb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index ed8357591..420eb1380 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index c8dbbe5fc..fe53c8081 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -37,6 +37,1428 @@ libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = (int16_t)1522, (int16_t)1628 }; +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE0[16U] = + { + 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE1[16U] = + { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE2[16U] = + { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE3[16U] = + { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE4[16U] = + { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE5[16U] = + { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE6[16U] = + { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE7[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE8[16U] = + { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE9[16U] = + { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE10[16U] = + { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE11[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE12[16U] = + { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE13[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE14[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE15[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE16[16U] = + { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE17[16U] = + { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE18[16U] = + { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE19[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE20[16U] = + { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE21[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE22[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE23[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE24[16U] = + { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE25[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE26[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE27[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE28[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE29[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE30[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE31[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE32[16U] = + { + 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE33[16U] = + { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE34[16U] = + { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE35[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE36[16U] = + { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE37[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE38[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE39[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE40[16U] = + { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE41[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE42[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE43[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE44[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE45[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE46[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE47[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE48[16U] = + { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE49[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE50[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE51[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE52[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE53[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE54[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE55[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE56[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE57[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE58[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE59[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE60[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE61[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE62[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE63[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE64[16U] = + { + 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE65[16U] = + { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE66[16U] = + { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE67[16U] = + { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE68[16U] = + { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE69[16U] = + { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE70[16U] = + { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE71[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE72[16U] = + { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE73[16U] = + { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE74[16U] = + { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE75[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE76[16U] = + { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE77[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE78[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE79[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE80[16U] = + { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE81[16U] = + { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE82[16U] = + { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE83[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE84[16U] = + { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE85[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE86[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE87[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE88[16U] = + { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE89[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE90[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE91[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE92[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE93[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE94[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE95[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE96[16U] = + { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE97[16U] = + { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE98[16U] = + { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE99[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE100[16U] = + { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE101[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE102[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE103[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE104[16U] = + { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE105[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE106[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE107[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE108[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE109[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE110[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE111[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE112[16U] = + { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE113[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE114[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE115[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE116[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE117[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE118[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE119[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE120[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE121[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE122[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE123[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE124[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE125[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE126[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE127[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE128[16U] = + { + 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE129[16U] = + { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE130[16U] = + { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE131[16U] = + { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE132[16U] = + { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE133[16U] = + { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE134[16U] = + { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE135[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE136[16U] = + { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE137[16U] = + { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE138[16U] = + { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE139[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE140[16U] = + { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE141[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE142[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE143[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE144[16U] = + { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE145[16U] = + { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE146[16U] = + { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE147[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE148[16U] = + { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE149[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE150[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE151[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE152[16U] = + { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE153[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE154[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE155[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE156[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE157[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE158[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE159[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE160[16U] = + { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE161[16U] = + { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE162[16U] = + { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE163[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE164[16U] = + { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE165[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE166[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE167[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE168[16U] = + { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE169[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE170[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE171[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE172[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE173[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE174[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE175[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE176[16U] = + { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE177[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE178[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE179[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE180[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE181[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE182[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE183[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE184[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE185[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE186[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE187[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE188[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE189[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE190[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE191[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE192[16U] = + { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE193[16U] = + { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE194[16U] = + { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE195[16U] = + { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE196[16U] = + { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE197[16U] = + { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE198[16U] = + { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE199[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE200[16U] = + { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE201[16U] = + { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE202[16U] = + { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE203[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE204[16U] = + { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE205[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE206[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE207[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE208[16U] = + { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE209[16U] = + { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE210[16U] = + { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE211[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE212[16U] = + { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE213[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE214[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE215[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE216[16U] = + { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE217[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE218[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE219[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE220[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE221[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE222[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE223[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE224[16U] = + { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE225[16U] = + { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE226[16U] = + { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE227[16U] = + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE228[16U] = + { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE229[16U] = + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE230[16U] = + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE231[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE232[16U] = + { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE233[16U] = + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE234[16U] = + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE235[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE236[16U] = + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE237[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE238[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE239[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE240[16U] = + { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE241[16U] = + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE242[16U] = + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE243[16U] = + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE244[16U] = + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE245[16U] = + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE246[16U] = + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE247[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE248[16U] = + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE249[16U] = + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE250[16U] = + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE251[16U] = + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE252[16U] = + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE253[16U] = + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE254[16U] = + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; + +static const +uint8_t +REJECTION_SAMPLE_SHUFFLE_TABLE255[16U] = + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = + { + REJECTION_SAMPLE_SHUFFLE_TABLE0, REJECTION_SAMPLE_SHUFFLE_TABLE1, + REJECTION_SAMPLE_SHUFFLE_TABLE2, REJECTION_SAMPLE_SHUFFLE_TABLE3, + REJECTION_SAMPLE_SHUFFLE_TABLE4, REJECTION_SAMPLE_SHUFFLE_TABLE5, + REJECTION_SAMPLE_SHUFFLE_TABLE6, REJECTION_SAMPLE_SHUFFLE_TABLE7, + REJECTION_SAMPLE_SHUFFLE_TABLE8, REJECTION_SAMPLE_SHUFFLE_TABLE9, + REJECTION_SAMPLE_SHUFFLE_TABLE10, REJECTION_SAMPLE_SHUFFLE_TABLE11, + REJECTION_SAMPLE_SHUFFLE_TABLE12, REJECTION_SAMPLE_SHUFFLE_TABLE13, + REJECTION_SAMPLE_SHUFFLE_TABLE14, REJECTION_SAMPLE_SHUFFLE_TABLE15, + REJECTION_SAMPLE_SHUFFLE_TABLE16, REJECTION_SAMPLE_SHUFFLE_TABLE17, + REJECTION_SAMPLE_SHUFFLE_TABLE18, REJECTION_SAMPLE_SHUFFLE_TABLE19, + REJECTION_SAMPLE_SHUFFLE_TABLE20, REJECTION_SAMPLE_SHUFFLE_TABLE21, + REJECTION_SAMPLE_SHUFFLE_TABLE22, REJECTION_SAMPLE_SHUFFLE_TABLE23, + REJECTION_SAMPLE_SHUFFLE_TABLE24, REJECTION_SAMPLE_SHUFFLE_TABLE25, + REJECTION_SAMPLE_SHUFFLE_TABLE26, REJECTION_SAMPLE_SHUFFLE_TABLE27, + REJECTION_SAMPLE_SHUFFLE_TABLE28, REJECTION_SAMPLE_SHUFFLE_TABLE29, + REJECTION_SAMPLE_SHUFFLE_TABLE30, REJECTION_SAMPLE_SHUFFLE_TABLE31, + REJECTION_SAMPLE_SHUFFLE_TABLE32, REJECTION_SAMPLE_SHUFFLE_TABLE33, + REJECTION_SAMPLE_SHUFFLE_TABLE34, REJECTION_SAMPLE_SHUFFLE_TABLE35, + REJECTION_SAMPLE_SHUFFLE_TABLE36, REJECTION_SAMPLE_SHUFFLE_TABLE37, + REJECTION_SAMPLE_SHUFFLE_TABLE38, REJECTION_SAMPLE_SHUFFLE_TABLE39, + REJECTION_SAMPLE_SHUFFLE_TABLE40, REJECTION_SAMPLE_SHUFFLE_TABLE41, + REJECTION_SAMPLE_SHUFFLE_TABLE42, REJECTION_SAMPLE_SHUFFLE_TABLE43, + REJECTION_SAMPLE_SHUFFLE_TABLE44, REJECTION_SAMPLE_SHUFFLE_TABLE45, + REJECTION_SAMPLE_SHUFFLE_TABLE46, REJECTION_SAMPLE_SHUFFLE_TABLE47, + REJECTION_SAMPLE_SHUFFLE_TABLE48, REJECTION_SAMPLE_SHUFFLE_TABLE49, + REJECTION_SAMPLE_SHUFFLE_TABLE50, REJECTION_SAMPLE_SHUFFLE_TABLE51, + REJECTION_SAMPLE_SHUFFLE_TABLE52, REJECTION_SAMPLE_SHUFFLE_TABLE53, + REJECTION_SAMPLE_SHUFFLE_TABLE54, REJECTION_SAMPLE_SHUFFLE_TABLE55, + REJECTION_SAMPLE_SHUFFLE_TABLE56, REJECTION_SAMPLE_SHUFFLE_TABLE57, + REJECTION_SAMPLE_SHUFFLE_TABLE58, REJECTION_SAMPLE_SHUFFLE_TABLE59, + REJECTION_SAMPLE_SHUFFLE_TABLE60, REJECTION_SAMPLE_SHUFFLE_TABLE61, + REJECTION_SAMPLE_SHUFFLE_TABLE62, REJECTION_SAMPLE_SHUFFLE_TABLE63, + REJECTION_SAMPLE_SHUFFLE_TABLE64, REJECTION_SAMPLE_SHUFFLE_TABLE65, + REJECTION_SAMPLE_SHUFFLE_TABLE66, REJECTION_SAMPLE_SHUFFLE_TABLE67, + REJECTION_SAMPLE_SHUFFLE_TABLE68, REJECTION_SAMPLE_SHUFFLE_TABLE69, + REJECTION_SAMPLE_SHUFFLE_TABLE70, REJECTION_SAMPLE_SHUFFLE_TABLE71, + REJECTION_SAMPLE_SHUFFLE_TABLE72, REJECTION_SAMPLE_SHUFFLE_TABLE73, + REJECTION_SAMPLE_SHUFFLE_TABLE74, REJECTION_SAMPLE_SHUFFLE_TABLE75, + REJECTION_SAMPLE_SHUFFLE_TABLE76, REJECTION_SAMPLE_SHUFFLE_TABLE77, + REJECTION_SAMPLE_SHUFFLE_TABLE78, REJECTION_SAMPLE_SHUFFLE_TABLE79, + REJECTION_SAMPLE_SHUFFLE_TABLE80, REJECTION_SAMPLE_SHUFFLE_TABLE81, + REJECTION_SAMPLE_SHUFFLE_TABLE82, REJECTION_SAMPLE_SHUFFLE_TABLE83, + REJECTION_SAMPLE_SHUFFLE_TABLE84, REJECTION_SAMPLE_SHUFFLE_TABLE85, + REJECTION_SAMPLE_SHUFFLE_TABLE86, REJECTION_SAMPLE_SHUFFLE_TABLE87, + REJECTION_SAMPLE_SHUFFLE_TABLE88, REJECTION_SAMPLE_SHUFFLE_TABLE89, + REJECTION_SAMPLE_SHUFFLE_TABLE90, REJECTION_SAMPLE_SHUFFLE_TABLE91, + REJECTION_SAMPLE_SHUFFLE_TABLE92, REJECTION_SAMPLE_SHUFFLE_TABLE93, + REJECTION_SAMPLE_SHUFFLE_TABLE94, REJECTION_SAMPLE_SHUFFLE_TABLE95, + REJECTION_SAMPLE_SHUFFLE_TABLE96, REJECTION_SAMPLE_SHUFFLE_TABLE97, + REJECTION_SAMPLE_SHUFFLE_TABLE98, REJECTION_SAMPLE_SHUFFLE_TABLE99, + REJECTION_SAMPLE_SHUFFLE_TABLE100, REJECTION_SAMPLE_SHUFFLE_TABLE101, + REJECTION_SAMPLE_SHUFFLE_TABLE102, REJECTION_SAMPLE_SHUFFLE_TABLE103, + REJECTION_SAMPLE_SHUFFLE_TABLE104, REJECTION_SAMPLE_SHUFFLE_TABLE105, + REJECTION_SAMPLE_SHUFFLE_TABLE106, REJECTION_SAMPLE_SHUFFLE_TABLE107, + REJECTION_SAMPLE_SHUFFLE_TABLE108, REJECTION_SAMPLE_SHUFFLE_TABLE109, + REJECTION_SAMPLE_SHUFFLE_TABLE110, REJECTION_SAMPLE_SHUFFLE_TABLE111, + REJECTION_SAMPLE_SHUFFLE_TABLE112, REJECTION_SAMPLE_SHUFFLE_TABLE113, + REJECTION_SAMPLE_SHUFFLE_TABLE114, REJECTION_SAMPLE_SHUFFLE_TABLE115, + REJECTION_SAMPLE_SHUFFLE_TABLE116, REJECTION_SAMPLE_SHUFFLE_TABLE117, + REJECTION_SAMPLE_SHUFFLE_TABLE118, REJECTION_SAMPLE_SHUFFLE_TABLE119, + REJECTION_SAMPLE_SHUFFLE_TABLE120, REJECTION_SAMPLE_SHUFFLE_TABLE121, + REJECTION_SAMPLE_SHUFFLE_TABLE122, REJECTION_SAMPLE_SHUFFLE_TABLE123, + REJECTION_SAMPLE_SHUFFLE_TABLE124, REJECTION_SAMPLE_SHUFFLE_TABLE125, + REJECTION_SAMPLE_SHUFFLE_TABLE126, REJECTION_SAMPLE_SHUFFLE_TABLE127, + REJECTION_SAMPLE_SHUFFLE_TABLE128, REJECTION_SAMPLE_SHUFFLE_TABLE129, + REJECTION_SAMPLE_SHUFFLE_TABLE130, REJECTION_SAMPLE_SHUFFLE_TABLE131, + REJECTION_SAMPLE_SHUFFLE_TABLE132, REJECTION_SAMPLE_SHUFFLE_TABLE133, + REJECTION_SAMPLE_SHUFFLE_TABLE134, REJECTION_SAMPLE_SHUFFLE_TABLE135, + REJECTION_SAMPLE_SHUFFLE_TABLE136, REJECTION_SAMPLE_SHUFFLE_TABLE137, + REJECTION_SAMPLE_SHUFFLE_TABLE138, REJECTION_SAMPLE_SHUFFLE_TABLE139, + REJECTION_SAMPLE_SHUFFLE_TABLE140, REJECTION_SAMPLE_SHUFFLE_TABLE141, + REJECTION_SAMPLE_SHUFFLE_TABLE142, REJECTION_SAMPLE_SHUFFLE_TABLE143, + REJECTION_SAMPLE_SHUFFLE_TABLE144, REJECTION_SAMPLE_SHUFFLE_TABLE145, + REJECTION_SAMPLE_SHUFFLE_TABLE146, REJECTION_SAMPLE_SHUFFLE_TABLE147, + REJECTION_SAMPLE_SHUFFLE_TABLE148, REJECTION_SAMPLE_SHUFFLE_TABLE149, + REJECTION_SAMPLE_SHUFFLE_TABLE150, REJECTION_SAMPLE_SHUFFLE_TABLE151, + REJECTION_SAMPLE_SHUFFLE_TABLE152, REJECTION_SAMPLE_SHUFFLE_TABLE153, + REJECTION_SAMPLE_SHUFFLE_TABLE154, REJECTION_SAMPLE_SHUFFLE_TABLE155, + REJECTION_SAMPLE_SHUFFLE_TABLE156, REJECTION_SAMPLE_SHUFFLE_TABLE157, + REJECTION_SAMPLE_SHUFFLE_TABLE158, REJECTION_SAMPLE_SHUFFLE_TABLE159, + REJECTION_SAMPLE_SHUFFLE_TABLE160, REJECTION_SAMPLE_SHUFFLE_TABLE161, + REJECTION_SAMPLE_SHUFFLE_TABLE162, REJECTION_SAMPLE_SHUFFLE_TABLE163, + REJECTION_SAMPLE_SHUFFLE_TABLE164, REJECTION_SAMPLE_SHUFFLE_TABLE165, + REJECTION_SAMPLE_SHUFFLE_TABLE166, REJECTION_SAMPLE_SHUFFLE_TABLE167, + REJECTION_SAMPLE_SHUFFLE_TABLE168, REJECTION_SAMPLE_SHUFFLE_TABLE169, + REJECTION_SAMPLE_SHUFFLE_TABLE170, REJECTION_SAMPLE_SHUFFLE_TABLE171, + REJECTION_SAMPLE_SHUFFLE_TABLE172, REJECTION_SAMPLE_SHUFFLE_TABLE173, + REJECTION_SAMPLE_SHUFFLE_TABLE174, REJECTION_SAMPLE_SHUFFLE_TABLE175, + REJECTION_SAMPLE_SHUFFLE_TABLE176, REJECTION_SAMPLE_SHUFFLE_TABLE177, + REJECTION_SAMPLE_SHUFFLE_TABLE178, REJECTION_SAMPLE_SHUFFLE_TABLE179, + REJECTION_SAMPLE_SHUFFLE_TABLE180, REJECTION_SAMPLE_SHUFFLE_TABLE181, + REJECTION_SAMPLE_SHUFFLE_TABLE182, REJECTION_SAMPLE_SHUFFLE_TABLE183, + REJECTION_SAMPLE_SHUFFLE_TABLE184, REJECTION_SAMPLE_SHUFFLE_TABLE185, + REJECTION_SAMPLE_SHUFFLE_TABLE186, REJECTION_SAMPLE_SHUFFLE_TABLE187, + REJECTION_SAMPLE_SHUFFLE_TABLE188, REJECTION_SAMPLE_SHUFFLE_TABLE189, + REJECTION_SAMPLE_SHUFFLE_TABLE190, REJECTION_SAMPLE_SHUFFLE_TABLE191, + REJECTION_SAMPLE_SHUFFLE_TABLE192, REJECTION_SAMPLE_SHUFFLE_TABLE193, + REJECTION_SAMPLE_SHUFFLE_TABLE194, REJECTION_SAMPLE_SHUFFLE_TABLE195, + REJECTION_SAMPLE_SHUFFLE_TABLE196, REJECTION_SAMPLE_SHUFFLE_TABLE197, + REJECTION_SAMPLE_SHUFFLE_TABLE198, REJECTION_SAMPLE_SHUFFLE_TABLE199, + REJECTION_SAMPLE_SHUFFLE_TABLE200, REJECTION_SAMPLE_SHUFFLE_TABLE201, + REJECTION_SAMPLE_SHUFFLE_TABLE202, REJECTION_SAMPLE_SHUFFLE_TABLE203, + REJECTION_SAMPLE_SHUFFLE_TABLE204, REJECTION_SAMPLE_SHUFFLE_TABLE205, + REJECTION_SAMPLE_SHUFFLE_TABLE206, REJECTION_SAMPLE_SHUFFLE_TABLE207, + REJECTION_SAMPLE_SHUFFLE_TABLE208, REJECTION_SAMPLE_SHUFFLE_TABLE209, + REJECTION_SAMPLE_SHUFFLE_TABLE210, REJECTION_SAMPLE_SHUFFLE_TABLE211, + REJECTION_SAMPLE_SHUFFLE_TABLE212, REJECTION_SAMPLE_SHUFFLE_TABLE213, + REJECTION_SAMPLE_SHUFFLE_TABLE214, REJECTION_SAMPLE_SHUFFLE_TABLE215, + REJECTION_SAMPLE_SHUFFLE_TABLE216, REJECTION_SAMPLE_SHUFFLE_TABLE217, + REJECTION_SAMPLE_SHUFFLE_TABLE218, REJECTION_SAMPLE_SHUFFLE_TABLE219, + REJECTION_SAMPLE_SHUFFLE_TABLE220, REJECTION_SAMPLE_SHUFFLE_TABLE221, + REJECTION_SAMPLE_SHUFFLE_TABLE222, REJECTION_SAMPLE_SHUFFLE_TABLE223, + REJECTION_SAMPLE_SHUFFLE_TABLE224, REJECTION_SAMPLE_SHUFFLE_TABLE225, + REJECTION_SAMPLE_SHUFFLE_TABLE226, REJECTION_SAMPLE_SHUFFLE_TABLE227, + REJECTION_SAMPLE_SHUFFLE_TABLE228, REJECTION_SAMPLE_SHUFFLE_TABLE229, + REJECTION_SAMPLE_SHUFFLE_TABLE230, REJECTION_SAMPLE_SHUFFLE_TABLE231, + REJECTION_SAMPLE_SHUFFLE_TABLE232, REJECTION_SAMPLE_SHUFFLE_TABLE233, + REJECTION_SAMPLE_SHUFFLE_TABLE234, REJECTION_SAMPLE_SHUFFLE_TABLE235, + REJECTION_SAMPLE_SHUFFLE_TABLE236, REJECTION_SAMPLE_SHUFFLE_TABLE237, + REJECTION_SAMPLE_SHUFFLE_TABLE238, REJECTION_SAMPLE_SHUFFLE_TABLE239, + REJECTION_SAMPLE_SHUFFLE_TABLE240, REJECTION_SAMPLE_SHUFFLE_TABLE241, + REJECTION_SAMPLE_SHUFFLE_TABLE242, REJECTION_SAMPLE_SHUFFLE_TABLE243, + REJECTION_SAMPLE_SHUFFLE_TABLE244, REJECTION_SAMPLE_SHUFFLE_TABLE245, + REJECTION_SAMPLE_SHUFFLE_TABLE246, REJECTION_SAMPLE_SHUFFLE_TABLE247, + REJECTION_SAMPLE_SHUFFLE_TABLE248, REJECTION_SAMPLE_SHUFFLE_TABLE249, + REJECTION_SAMPLE_SHUFFLE_TABLE250, REJECTION_SAMPLE_SHUFFLE_TABLE251, + REJECTION_SAMPLE_SHUFFLE_TABLE252, REJECTION_SAMPLE_SHUFFLE_TABLE253, + REJECTION_SAMPLE_SHUFFLE_TABLE254, REJECTION_SAMPLE_SHUFFLE_TABLE255 + }; + static inline libcrux_ml_kem_vector_PortableVector zero(void) { libcrux_ml_kem_vector_PortableVector lit; diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index e81f1220f..a64f83394 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index 3c8aed7e7..e791132ba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ebdfa5a85..ddbcffd6a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 92b0d98d3..9c8bc0526 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -11,7 +11,1832 @@ #include "internal/libcrux_core.h" +static inline core_core_arch_x86___m256i zero(void) +{ + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static inline core_core_arch_x86___m256i +_veor5q_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i +xor5( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i +rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i +rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i +_vbcaxq_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i uu____0 = a; + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i +and_not_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) +{ + core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) +{ + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i +xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void +slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) +{ + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(a[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(a[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = + Eurydice_slice_subslice(a[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +slice_n(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) +{ + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) +{ + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out0, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at_mut(out1, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at_mut(out2, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at_mut(out3, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) +{ + return split_at_mut_4(a, mid); +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void +load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void +load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline core_core_arch_x86___m256i +rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___36int32_t_28int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___41int32_t_23int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___18int32_t_46int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___44int32_t_20int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___10int32_t_54int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___45int32_t_19int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___43int32_t_21int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___15int32_t_49int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___28int32_t_36int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___25int32_t_39int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___21int32_t_43int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___27int32_t_37int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___20int32_t_44int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___39int32_t_25int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___14int32_t_50int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i + uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); + core_core_arch_x86___m256i + uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); + core_core_arch_x86___m256i + uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); + core_core_arch_x86___m256i + uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); + core_core_arch_x86___m256i + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + core_core_arch_x86___m256i + uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i + uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i + uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i + uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i + uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i + uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i + uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i + uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i + uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i + uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i + uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i + uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i + uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i + uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i + uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i + uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i + uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i + uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i + uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i + uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i + uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i + uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i + uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i + uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i + uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + inline void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + core_core_arch_x86___m256i [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +inline void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) + { + size_t j = i; + core_core_arch_x86___m256i + uu____0 = + and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0; + } + } +} + +inline void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +) +{ + core_core_arch_x86___m256i + uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +inline void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void +load_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + load_block___136size_t(uu____0, buf); +} + +static inline void +load_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + } + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___136size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void +store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + uint8_t out2[200U] = { 0U }; + uint8_t out3[200U] = { 0U }; + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + out3, + uint8_t, + Eurydice_slice) + }; + store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) +{ + uint8_t ret0[4U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + uint8_t b[4U][200U]; + store_block_full___136size_t0(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) +{ + store_block___136size_t(a, b); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + store_block___136size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___136size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + store_block_full___136size_t0(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o); + memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, @@ -23,103 +1848,669 @@ libcrux_sha3_avx2_x4_shake256( Eurydice_slice out3 ) { - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, + buf); } -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); +} + +static inline void +load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void +load_block_full___168size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + load_block___168size_t(uu____0, buf); +} + +static inline void +load_block_full___168size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___168size_t(uu____0, uu____1); } inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + } + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___168size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3 ) { - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, + buf); +} + +static inline void +store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) +{ + store_block___168size_t(a, b); } inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3 ) { - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + store_block___168size_t0(s->st, out); } inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____0 = split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____1 = split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o1); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3 ) { - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8eacdba44..1f229a757 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -12,10 +12,88 @@ extern "C" { #endif -#include "libcrux_mlkem_avx2.h" +#include "libcrux_sha3.h" +#include "libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "eurydice_glue.h" +typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s +{ core_core_arch_x86___m256i st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +); + +void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +); + void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, @@ -28,30 +106,57 @@ libcrux_sha3_avx2_x4_shake256( Eurydice_slice out3 ); -libcrux_sha3_avx2_x4_incremental_KeccakState4 +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3 ); +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3 ); +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e68465eb6..5144cdcb2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -11,2359 +11,39 @@ #include "internal/libcrux_core.h" -static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e -) -{ - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c -) -{ - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c -) -{ - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) -{ - core_core_arch_arm_shared_neon_uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_constant(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) -{ - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor0(core_core_arch_arm_shared_neon_uint64x2_t a, core_core_arch_arm_shared_neon_uint64x2_t b) -{ - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static inline void -slice_2(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) -{ - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = - Eurydice_slice_subslice(a[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void -slice_n(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_2(Eurydice_slice out[2U], size_t mid) -{ - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out0, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at_mut(out1, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_n(Eurydice_slice a[2U], size_t mid) -{ - return split_at_mut_2(a, mid); -} - -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void -load_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)72U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___72size_t(uu____0, uu____1); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); - core_core_arch_arm_shared_neon_uint64x2_t - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - core_core_arch_arm_shared_neon_uint64x2_t - uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t - uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t - uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t - uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t - uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t - uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t - uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t - uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t - uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t - uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t - uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t - uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t - uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t - uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t - uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t - uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t - uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t - uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t - uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t - uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_arm_shared_neon_uint64x2_t - uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_arm_shared_neon_uint64x2_t - uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_arm_shared_neon_uint64x2_t - uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_arm_shared_neon_uint64x2_t - uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_arm_shared_neon_uint64x2_t - uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -inline void -libcrux_sha3_generic_keccak_pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - core_core_arch_arm_shared_neon_uint64x2_t [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -inline void -libcrux_sha3_generic_keccak_chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_arm_shared_neon_uint64x2_t [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { - size_t j = i; - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } -} - -inline void -libcrux_sha3_generic_keccak_iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - size_t i -) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -inline void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - libcrux_sha3_generic_keccak_pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - libcrux_sha3_generic_keccak_chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - libcrux_sha3_generic_keccak_iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___72size_t0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___72size_t(uu____0, buf); -} - -static inline void -load_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___72size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___72size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___72size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___72size_t0(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___72size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___72size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___72size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___72size_t0(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, - o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(s, - o1); - } - } -} - -inline void -libcrux_sha3_neon_keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____0, - out); -} - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - uint8_t dummy[64U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice) }; - libcrux_sha3_neon_keccakx2___72size_t_6uint8_t(uu____0, buf); -} - -static inline void -load_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)136U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___136size_t(uu____0, buf); -} - -static inline void -load_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___136size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___136size_t0(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___136size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___136size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___136size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___136size_t0(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, - o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, - o1); - } - } -} - -inline void -libcrux_sha3_neon_keccakx2___136size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____0, - out); + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice) }; - libcrux_sha3_neon_keccakx2___136size_t_6uint8_t(uu____0, buf); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, - o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, - o1); - } - } + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_neon_keccakx2___136size_t_31uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____0, - out); -} - -void libcrux_sha3_neon_x2_shake256( Eurydice_slice input0, Eurydice_slice input1, @@ -2371,1357 +51,129 @@ libcrux_sha3_neon_x2_shake256( Eurydice_slice out1 ) { - Eurydice_slice buf0[2U] = { input0, input1 }; - Eurydice_slice buf[2U] = { out0, out1 }; - libcrux_sha3_neon_keccakx2___136size_t_31uint8_t(buf0, buf); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +inline libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); -} - -static inline void -load_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)168U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block_full___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___168size_t(uu____0, buf); -} - -static inline void -load_block_full___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___168size_t(uu____0, uu____1); + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___168size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, Eurydice_slice data1 ) { - Eurydice_slice buf[2U] = { data0, data1 }; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t(s, - buf); -} - -static inline void -store_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___168size_t(a, b); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, Eurydice_slice out1 ) { - Eurydice_slice buf[2U] = { out0, out1 }; - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, - buf); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___168size_t0(s->st, out); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____0 = split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, - o0); - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____1 = split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, - o1); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, - o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, Eurydice_slice out1 ) { - Eurydice_slice buf[2U] = { out0, out1 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, - buf); -} - -static inline void -load_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)144U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___144size_t0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___144size_t(uu____0, buf); -} - -static inline void -load_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___144size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___144size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___144size_t0(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___144size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___144size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___144size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___144size_t0(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, - o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(s, - o1); - } - } -} - -inline void -libcrux_sha3_neon_keccakx2___144size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____0, - out); + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice) }; - libcrux_sha3_neon_keccakx2___144size_t_6uint8_t(uu____0, buf); -} - -static inline void -load_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)104U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___104size_t0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___104size_t(uu____0, buf); -} - -static inline void -load_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___104size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___104size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___104size_t0(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___104size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___104size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___104size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___104size_t0(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, - o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(s, - o1); - } - } -} - -inline void -libcrux_sha3_neon_keccakx2___104size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____0, - out); + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice) }; - libcrux_sha3_neon_keccakx2___104size_t_6uint8_t(uu____0, buf); + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 323d5ff46..c21ad1aa3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -13,161 +13,13 @@ extern "C" { #endif #include "libcrux_sha3.h" -#include "libcrux_intrinsics_neon.h" #include "libcrux_core.h" #include "eurydice_glue.h" -typedef struct -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s -{ core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - void -); - -void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - -void -libcrux_sha3_neon_keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]); - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - -void -libcrux_sha3_neon_keccakx2___136size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - -void -libcrux_sha3_neon_keccakx2___136size_t_31uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - void libcrux_sha3_neon_x2_shake256( Eurydice_slice input0, @@ -176,155 +28,36 @@ libcrux_sha3_neon_x2_shake256( Eurydice_slice out1 ); -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState2; -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void); -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -); - void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, Eurydice_slice data1 ); -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, Eurydice_slice out1 ); -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, Eurydice_slice out1 ); -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - -void -libcrux_sha3_neon_keccakx2___144size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - -void -libcrux_sha3_neon_keccakx2___104size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -); - void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) From bc9b3ac0fc7e2e4f57fc6e5a7d1becb211459409 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 17:58:11 -0700 Subject: [PATCH 68/94] Restore some config tweaks, reinstate the build of the sha3 test --- libcrux-ml-kem/c.yaml | 4 + libcrux-ml-kem/c/CMakeLists.txt | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 97 + libcrux-ml-kem/c/libcrux_intrinsics_neon.h | 347 - libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 10024 ++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 1 - libcrux-ml-kem/c/libcrux_sha3_avx2.h | 1 - 7 files changed, 10126 insertions(+), 350 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_intrinsics_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.c diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 576c291e1..1656862c1 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,10 +1,14 @@ files: # Intrinsics, in their own separate files. - name: libcrux_intrinsics_neon + library: true + inline_static: true api: - [libcrux_intrinsics, arm64] - name: libcrux_intrinsics_avx2 + library: true + inline_static: true api: - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index c954d734e..b842fd5c3 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -15,7 +15,7 @@ include_directories( ${PROJECT_SOURCE_DIR}/karamel/include ) file(GLOB SOURCES - ${PROJECT_SOURCE_DIR}/core.c + ${PROJECT_SOURCE_DIR}/libcrux_core.c ${PROJECT_SOURCE_DIR}/libcrux_sha3.c ) # file(GLOB VEC128_SOURCES diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..e8b09e5d2 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -0,0 +1,97 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_mlkem_avx2_H +#define __internal_libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem_avx2.h" +#include "eurydice_glue.h" + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_intrinsics_neon.h b/libcrux-ml-kem/c/libcrux_intrinsics_neon.h deleted file mode 100644 index 21a2a3d15..000000000 --- a/libcrux-ml-kem/c/libcrux_intrinsics_neon.h +++ /dev/null @@ -1,347 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_intrinsics_neon_H -#define __libcrux_intrinsics_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vaddq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vaddq_u32( - core_core_arch_arm_shared_neon_uint32x4_t x0, - core_core_arch_arm_shared_neon_uint32x4_t x1 -); - -extern uint16_t -libcrux_intrinsics_arm64__vaddv_u16(core_core_arch_arm_shared_neon_uint16x4_t x0); - -extern int16_t -libcrux_intrinsics_arm64__vaddvq_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vandq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vandq_u16( - core_core_arch_arm_shared_neon_uint16x8_t x0, - core_core_arch_arm_shared_neon_uint16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vandq_u32( - core_core_arch_arm_shared_neon_uint32x4_t x0, - core_core_arch_arm_shared_neon_uint32x4_t x1 -); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vbicq_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1 -); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vcgeq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vdupq_n_s16(int16_t x0); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t x0); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t x0); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__veorq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__veorq_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1 -); - -extern core_core_arch_arm_shared_neon_uint16x4_t -libcrux_intrinsics_arm64__vget_high_u16(core_core_arch_arm_shared_neon_uint16x8_t x0); - -extern core_core_arch_arm_shared_neon_int16x4_t -libcrux_intrinsics_arm64__vget_low_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_uint16x4_t -libcrux_intrinsics_arm64__vget_low_u16(core_core_arch_arm_shared_neon_uint16x8_t x0); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice x0); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0); - -extern core_core_arch_arm_shared_neon_uint8x16_t -libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice x0); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vmlal_high_s16( - core_core_arch_arm_shared_neon_int32x4_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1, - core_core_arch_arm_shared_neon_int16x8_t x2 -); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vmlal_s16( - core_core_arch_arm_shared_neon_int32x4_t x0, - core_core_arch_arm_shared_neon_int16x4_t x1, - core_core_arch_arm_shared_neon_int16x4_t x2 -); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vmull_high_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vmull_s16( - core_core_arch_arm_shared_neon_int16x4_t x0, - core_core_arch_arm_shared_neon_int16x4_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vmulq_n_s16(core_core_arch_arm_shared_neon_int16x8_t x0, int16_t x1); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vmulq_n_u16( - core_core_arch_arm_shared_neon_uint16x8_t x0, - uint16_t x1 -); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vmulq_n_u32( - core_core_arch_arm_shared_neon_uint32x4_t x0, - uint32_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vmulq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vqdmulhq_n_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - int16_t x1 -); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vqdmulhq_n_s32( - core_core_arch_arm_shared_neon_int32x4_t x0, - int32_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vqdmulhq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_uint8x16_t -libcrux_intrinsics_arm64__vqtbl1q_u8( - core_core_arch_arm_shared_neon_uint8x16_t x0, - core_core_arch_arm_shared_neon_uint8x16_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vreinterpretq_s16_s32(core_core_arch_arm_shared_neon_int32x4_t x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vreinterpretq_s16_s64(core_core_arch_arm_shared_neon_int64x2_t x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vreinterpretq_s16_u16(core_core_arch_arm_shared_neon_uint16x8_t x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vreinterpretq_s16_u32(core_core_arch_arm_shared_neon_uint32x4_t x0); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vreinterpretq_s16_u8(core_core_arch_arm_shared_neon_uint8x16_t x0); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vreinterpretq_s32_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vreinterpretq_s32_u32(core_core_arch_arm_shared_neon_uint32x4_t x0); - -extern core_core_arch_arm_shared_neon_int64x2_t -libcrux_intrinsics_arm64__vreinterpretq_s64_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_int64x2_t -libcrux_intrinsics_arm64__vreinterpretq_s64_s32(core_core_arch_arm_shared_neon_int32x4_t x0); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vreinterpretq_u16_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vreinterpretq_u16_u8(core_core_arch_arm_shared_neon_uint8x16_t x0); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vreinterpretq_u32_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vreinterpretq_u32_s32(core_core_arch_arm_shared_neon_int32x4_t x0); - -extern core_core_arch_arm_shared_neon_uint8x16_t -libcrux_intrinsics_arm64__vreinterpretq_u8_s16(core_core_arch_arm_shared_neon_int16x8_t x0); - -extern core_core_arch_arm_shared_neon_uint8x16_t -libcrux_intrinsics_arm64__vreinterpretq_u8_s64(core_core_arch_arm_shared_neon_int64x2_t x0); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vshlq_n_u32(int32_t x0, core_core_arch_arm_shared_neon_uint32x4_t x1); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vshlq_n_u64(int32_t x0, core_core_arch_arm_shared_neon_uint64x2_t x1); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vshlq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vshlq_u16( - core_core_arch_arm_shared_neon_uint16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vshrq_n_s16(int32_t x0, core_core_arch_arm_shared_neon_int16x8_t x1); - -extern core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vshrq_n_u16(int32_t x0, core_core_arch_arm_shared_neon_uint16x8_t x1); - -extern core_core_arch_arm_shared_neon_uint32x4_t -libcrux_intrinsics_arm64__vshrq_n_u32(int32_t x0, core_core_arch_arm_shared_neon_uint32x4_t x1); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vshrq_n_u64(int32_t x0, core_core_arch_arm_shared_neon_uint64x2_t x1); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vsliq_n_s32( - int32_t x0, - core_core_arch_arm_shared_neon_int32x4_t x1, - core_core_arch_arm_shared_neon_int32x4_t x2 -); - -extern core_core_arch_arm_shared_neon_int64x2_t -libcrux_intrinsics_arm64__vsliq_n_s64( - int32_t x0, - core_core_arch_arm_shared_neon_int64x2_t x1, - core_core_arch_arm_shared_neon_int64x2_t x2 -); - -extern void -libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice x0, - core_core_arch_arm_shared_neon_uint64x2_t x1 -); - -extern void -libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_slice x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern void -libcrux_intrinsics_arm64__vst1q_u8( - Eurydice_slice x0, - core_core_arch_arm_shared_neon_uint8x16_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vsubq_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vtrn1q_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vtrn1q_s32( - core_core_arch_arm_shared_neon_int32x4_t x0, - core_core_arch_arm_shared_neon_int32x4_t x1 -); - -extern core_core_arch_arm_shared_neon_int64x2_t -libcrux_intrinsics_arm64__vtrn1q_s64( - core_core_arch_arm_shared_neon_int64x2_t x0, - core_core_arch_arm_shared_neon_int64x2_t x1 -); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vtrn1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1 -); - -extern core_core_arch_arm_shared_neon_int16x8_t -libcrux_intrinsics_arm64__vtrn2q_s16( - core_core_arch_arm_shared_neon_int16x8_t x0, - core_core_arch_arm_shared_neon_int16x8_t x1 -); - -extern core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vtrn2q_s32( - core_core_arch_arm_shared_neon_int32x4_t x0, - core_core_arch_arm_shared_neon_int32x4_t x1 -); - -extern core_core_arch_arm_shared_neon_int64x2_t -libcrux_intrinsics_arm64__vtrn2q_s64( - core_core_arch_arm_shared_neon_int64x2_t x0, - core_core_arch_arm_shared_neon_int64x2_t x1 -); - -extern core_core_arch_arm_shared_neon_uint64x2_t -libcrux_intrinsics_arm64__vtrn2q_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1 -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c new file mode 100644 index 000000000..b9c5387be --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -0,0 +1,10024 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) +{ + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_avx2_zero(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) +{ + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i + sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + v_minus_field_modulus, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, + field_modulus); + return + libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + t = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i uu____1 = t; + core_core_arch_x86___m256i + t0 = + libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i + quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, + t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = quotient; + core_core_arch_x86___m256i + quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i + value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)2); + core_core_arch_x86___m256i + field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)4); + core_core_arch_x86___m256i + shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i + mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + shifted, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i + shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + shifted_to_positive_in_range, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + prod13 = + libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i + uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, + -zeta3, + zeta3, + zeta3, + -zeta2, + -zeta2, + zeta2, + zeta2, + -zeta1, + -zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, + -zeta1, + -zeta1, + -zeta1, + zeta1, + zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + -zeta0, + -zeta0, + zeta0, + zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +) +{ + core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i uu____0 = value_low; + core_core_arch_x86___m128i + k = + libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i uu____1 = k; + core_core_arch_x86___m128i + k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i uu____0 = rhs; + core_core_arch_x86___m128i + rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i + upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum0; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, + zeta3, + (int16_t)0, + (int16_t)0, + zeta2, + zeta2, + (int16_t)0, + (int16_t)0, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0)); + core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, + zeta1, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0)); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i uu____0 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients0, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) +{ + core_core_arch_x86___m256i uu____0 = v; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, + v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i + result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + result, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, + result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0, + (int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0); + core_core_arch_x86___m256i + lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i + lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + lhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i + lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i + lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i + rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i + rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + rhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i + rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i + rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + rhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i + left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i + right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i + right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i uu____0 = right0; + core_core_arch_x86___m256i + right1 = + libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, + (int32_t)zeta3, + -(int32_t)zeta2, + (int32_t)zeta2, + -(int32_t)zeta1, + (int32_t)zeta1, + -(int32_t)zeta0, + (int32_t)zeta0)); + core_core_arch_x86___m256i + products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i + products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); + core_core_arch_x86___m256i uu____1 = rhs; + core_core_arch_x86___m256i + rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2)); + core_core_arch_x86___m256i + products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i + products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); + core_core_arch_x86___m256i + products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + products_right0, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, + products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return + libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], + rhs[0U], + zeta0, + zeta1, + zeta2, + zeta3); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + core_core_arch_x86___m256i + lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i + high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lsb_to_msb, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = { 0U }; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) +{ + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U, + (int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i + coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t serialized[16U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0)); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)4, + (int32_t)0)); + core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, + serialized, + uint8_t, + Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)16U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients_in_msb, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____15, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, + adjacent_4_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_8_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined1, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [10U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) +{ + uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + core_core_arch_x86___m128i + coefficients = + libcrux_intrinsics_avx2_mm_set_epi8(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + core_core_arch_x86___m256i + coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i + coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients_loaded, + coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_loaded0; + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)15, + (int8_t)14, + (int8_t)13, + (int8_t)12, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)9, + (int8_t)8, + (int8_t)7, + (int8_t)6, + (int8_t)7, + (int8_t)6, + (int8_t)5, + (int8_t)4, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m256i uu____16 = coefficients0; + core_core_arch_x86___m256i + coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U, + (int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, + coefficients1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [20U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, + 8U, + 8U, + 7U, + 7U, + 6U, + 6U, + 5U, + 4U, + 3U, + 3U, + 2U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 13U, + 12U, + 12U, + 11U, + 10U, + 9U, + 9U, + 8U, + 8U, + 7U, + 7U, + 6U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) +{ + int16_t output[16U] = { 0U }; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, + output, + int16_t, + Eurydice_slice), + v); + memcpy(ret, output, (size_t)16U * sizeof (int16_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) +{ + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); + return lit; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + int16_t array[16U]; + libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector + input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + result = libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + & (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + & (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + & (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + & (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +) +{ + memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); + int16_t ret[16U]; + libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); + return + libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, + ret, + int16_t, + Eurydice_slice)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [24U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, + 10U, + 10U, + 9U, + 8U, + 7U, + 7U, + 6U, + 5U, + 4U, + 4U, + 3U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 12U, + 11U, + 11U, + 10U, + 9U, + 8U, + 8U, + 7U, + 6U, + 5U, + 5U, + 4U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +inline size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i + compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + lower_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + upper_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + potential_coefficients, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, + ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +) +{ + return self[0U]; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +) +{ + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); +} + +static core_core_arch_x86___m256i +to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a +) +{ + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); + core_core_arch_x86___m256i + fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + uint8_t dummy_out0[504U] = { 0U }; + uint8_t dummy_out1[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____1, + uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + uint8_t dummy_out0[168U] = { 0U }; + uint8_t dummy_out1[168U] = { 0U }; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [168U], + Eurydice_slice), + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; + uint8_t ret0[168U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [168U], void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)168U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[168U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [168U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____1, + uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[2U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + uint8_t dummy_out0[192U] = { 0U }; + uint8_t dummy_out1[192U] = { 0U }; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [192U], + Eurydice_slice), + (size_t)1U, + uint8_t [192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + uint8_t ret0[192U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [192U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)192U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[192U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [192U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)192U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct +__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} +__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; + +static core_core_arch_x86___m256i +montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + fer); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + t = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, zeta_r); + b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static core_core_arch_x86___m256i +to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + uint8_t dummy_out0[128U] = { 0U }; + uint8_t dummy_out1[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, zeta_r); + return + ( + (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static core_core_arch_x86___m256i +decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + uu____0 = decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + core_core_arch_x86___m256i + tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &tmp); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficients = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice); + uint8_t ret2[504U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[504U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [504U], void *); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____3, + uu____4, + uu____5, + uu____6, + Eurydice_array_to_slice((size_t)504U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [168U], + Eurydice_slice), + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; + uint8_t ret0[168U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [168U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[168U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [168U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)168U, ret1, uint8_t, Eurydice_slice); + uint8_t ret2[168U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [168U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)168U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[168U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [168U], void *); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____3, + uu____4, + uu____5, + uu____6, + Eurydice_array_to_slice((size_t)168U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[4U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice); + uint8_t ret2[128U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[128U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [128U], void *); + libcrux_sha3_avx2_x4_shake256(uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + Eurydice_array_to_slice((size_t)128U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + uint8_t dummy_out0[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice); + uint8_t ret2[504U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____2, + uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + uint8_t dummy_out0[168U] = { 0U }; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [168U], + Eurydice_slice), + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; + uint8_t ret0[168U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [168U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[168U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [168U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, ret1, uint8_t, Eurydice_slice); + uint8_t ret2[168U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [168U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)168U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[3U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + uint8_t dummy_out0[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice); + uint8_t ret2[128U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); + Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0e7fba041..57d80532e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -14,7 +14,6 @@ extern "C" { #include "libcrux_sha3_avx2.h" #include "libcrux_sha3.h" -#include "libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "eurydice_glue.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1f229a757..585705b9d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -13,7 +13,6 @@ extern "C" { #endif #include "libcrux_sha3.h" -#include "libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "eurydice_glue.h" From af4e0cf4fdc40b5aca4cebe317747ff17310e983 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 18:13:24 -0700 Subject: [PATCH 69/94] Tweaks, good progress on whole mlkem compilation --- libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/CMakeLists.txt | 25 ++++++---- libcrux-ml-kem/c/eurydice_glue.h | 2 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 46 ++++++------------- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 - libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 + libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 - libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 + 8 files changed, 37 insertions(+), 48 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 1656862c1..57fa11e57 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -28,7 +28,7 @@ files: monomorphizations_using: - [libcrux_sha3, neon, "*"] - [libcrux_sha3, simd, arm64, "*"] - include_in_c: + include_in_h: - '"intrinsics/libcrux_intrinsics_arm64.h"' - name: libcrux_sha3_avx2 @@ -41,7 +41,7 @@ files: - [libcrux_sha3, simd, avx2, "*"] monomorphizations_using: - [libcrux_sha3, simd, avx2, "*"] - include_in_c: + include_in_h: - '"intrinsics/libcrux_intrinsics_avx2.h"' # Common parts of SHA3 (this catches stuff that hasn't matched above) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index b842fd5c3..672fca9ca 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.10) -project(libcrux-sha3 +project(libcrux-ml-kem VERSION 0.1.0 LANGUAGES C CXX ) @@ -16,12 +16,17 @@ include_directories( ) file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_core.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c + ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c ${PROJECT_SOURCE_DIR}/libcrux_sha3.c ) # file(GLOB VEC128_SOURCES # libcrux_sha3_neon.c # ) file(GLOB SOURCES_vec256 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c ) @@ -31,18 +36,18 @@ if(${CMAKE_SYSTEM_NAME} MATCHES Linux) ) endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) -add_library(sha3_vec256 OBJECT ${SOURCES_vec256}) -add_library(sha3 SHARED ${SOURCES}) -add_library(sha3_static STATIC ${SOURCES}) +add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +add_library(ml_kem SHARED ${SOURCES}) +add_library(ml_kem_static STATIC ${SOURCES}) -target_compile_options(sha3_vec256 PRIVATE +target_compile_options(ml_kem_vec256 PRIVATE -mavx -mavx2 ) # if(LIBCRUX_VEC256) -target_sources(sha3_static PRIVATE $) -target_sources(sha3 PRIVATE $) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) # endif() # --- Tests @@ -65,11 +70,11 @@ DOWNLOAD_EXTRACT_TIMESTAMP TRUE ) FetchContent_MakeAvailable(json) -add_executable(sha3_test +add_executable(ml_kem_test ${PROJECT_SOURCE_DIR}/tests/sha3.cc ) -target_link_libraries(sha3_test PRIVATE - sha3_static +target_link_libraries(ml_kem_test PRIVATE + ml_kem_static gtest_main nlohmann_json::nlohmann_json ) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 0235fbeea..27776d624 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -35,7 +35,7 @@ typedef struct { #define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) #define EURYDICE_SLICE_LEN(s, _) s.len #define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) -#define Eurydice_slice_index_outparam(s, i, dst, t, _ret_t) (memcpy(dst, ((t*) s.ptr)[i], sizeof(t))) +#define Eurydice_slice_index_outparam(s, i, dst, t, _ret_t) (memcpy(dst, (s.ptr + i * sizeof(t)), sizeof(t))) #define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index 235dc9318..57ff9cc0f 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -345,27 +345,16 @@ libcrux_intrinsics_avx2_mm256_xor_si256( static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ return _mm_movemask_epi8(a); } - + // Shift operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srai_epi16(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srai_epi16(b,a); -} +#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b,a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi16(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srli_epi16(b,a); -} +#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b,a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi16(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_slli_epi16(b,a); -} -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_slli_epi32(b,a); -} +#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b,a)) + +#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b,a)) static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ @@ -374,15 +363,9 @@ libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i #define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srai_epi32(b,a); -} +#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b,a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi32(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srli_epi32(b,a); -} +#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b,a)) static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_sllv_epi32( @@ -450,13 +433,13 @@ libcrux_intrinsics_avx2_mm_packs_epi16( } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b) \ +#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ (_mm256_shuffle_epi32(b,a)) - -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b)\ + +#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ (_mm256_extracti128_si256(b,a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b) \ +#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ (_mm256_permute4x64_epi64(b,a)) #define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) @@ -464,10 +447,11 @@ libcrux_intrinsics_avx2_mm_packs_epi16( #define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ a,\ b,\ - c \ + c,\ + _\ ) (_mm256_inserti128_si256(b,c,a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b, c) \ +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b,c,_) \ (_mm256_blend_epi16(b,c,a)) diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 9c8bc0526..e74c8cc33 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,8 +5,6 @@ KaRaMeL version: 04cb86b9 */ -#include "intrinsics/libcrux_intrinsics_avx2.h" - #include "libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 585705b9d..2c199c687 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -12,6 +12,8 @@ extern "C" { #endif +#include "intrinsics/libcrux_intrinsics_avx2.h" + #include "libcrux_sha3.h" #include "libcrux_core.h" #include "eurydice_glue.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5144cdcb2..a7da9d0a6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,8 +5,6 @@ KaRaMeL version: 04cb86b9 */ -#include "intrinsics/libcrux_intrinsics_arm64.h" - #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c21ad1aa3..072fe23f2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -12,6 +12,8 @@ extern "C" { #endif +#include "intrinsics/libcrux_intrinsics_arm64.h" + #include "libcrux_sha3.h" #include "libcrux_core.h" #include "eurydice_glue.h" From a0b0b93442c86b0dad2277befbb1e4131d0466b8 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 19:34:11 -0700 Subject: [PATCH 70/94] Work around aeneasverif/eurydice#12 --- libcrux-ml-kem/c/eurydice_glue.h | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 30 ++++++++++ libcrux-ml-kem/c/libcrux_core.c | 72 ++++++++++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem1024.c | 10 +--- libcrux-ml-kem/c/libcrux_mlkem512.c | 10 +--- libcrux-ml-kem/c/libcrux_mlkem768.c | 10 +--- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 30 ++-------- libcrux-ml-kem/src/ind_cca.rs | 4 +- 8 files changed, 118 insertions(+), 52 deletions(-) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 27776d624..f4f754acb 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -61,8 +61,8 @@ typedef struct { .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) #define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + .fst = { .ptr = slice.ptr, .len = mid }, \ + .snd = { .ptr = slice.ptr + mid * sizeof(element_type), .len = slice.len - mid }}) // Can't have a flexible array as a member of a union -- this violates strict aliasing rules. diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index dbb88c5df..ca9ed855d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -57,6 +57,11 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U] +); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, @@ -75,6 +80,11 @@ typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s } K___uint8_t_768size_t__uint8_t_800size_t_; +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U] +); + uint8_t *libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *self @@ -101,6 +111,11 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); +libcrux_ml_kem_types_MlKemPublicKey____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uint8_t value[1568U] +); + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, @@ -119,6 +134,11 @@ typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s } K___uint8_t_1536size_t__uint8_t_1568size_t_; +libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t value[1568U] +); + uint8_t *libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self @@ -138,6 +158,11 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); +libcrux_ml_kem_types_MlKemPublicKey____1184size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uint8_t value[1184U] +); + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, @@ -156,6 +181,11 @@ typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s } K___uint8_t_1152size_t__uint8_t_1184size_t_; +libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t value[1088U] +); + uint8_t *libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 689fb6501..df53862c5 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -57,6 +57,18 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); } +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U] +) +{ + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof (uint8_t)); + return lit; +} + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, @@ -78,6 +90,18 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U] +) +{ + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof (uint8_t)); + return lit; +} + uint8_t *libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *self @@ -134,6 +158,18 @@ libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8 memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); } +libcrux_ml_kem_types_MlKemPublicKey____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uint8_t value[1568U] +) +{ + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, @@ -155,6 +191,18 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } +libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t value[1568U] +) +{ + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + uint8_t *libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self @@ -211,6 +259,18 @@ libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); } +libcrux_ml_kem_types_MlKemPublicKey____1184size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uint8_t value[1184U] +) +{ + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, @@ -232,6 +292,18 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } +libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t value[1088U] +) +{ + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof (uint8_t)); + return lit; +} + uint8_t *libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index fde6f5e71..1da67faee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1500,10 +1500,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; @@ -1934,10 +1931,7 @@ generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ha memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); } static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index a6cd6a365..4cfaa1d44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1375,10 +1375,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; @@ -1809,10 +1806,7 @@ generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ha memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); } static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 1771062cd..afe614bf9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -2302,10 +2302,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; @@ -2773,10 +2770,7 @@ generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ha memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); } static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b9c5387be..88537acc3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -3846,10 +3846,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5112,10 +5109,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; @@ -7162,10 +7156,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7757,10 +7748,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; @@ -9198,10 +9186,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9699,10 +9684,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index f3c6de701..004030438 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -236,7 +236,7 @@ fn generate_keypair_generic< let private_key: MlKemPrivateKey = MlKemPrivateKey::from(secret_key_serialized); - MlKemKeyPair::from(private_key, public_key.into()) + MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } pub(crate) fn encapsulate< @@ -402,7 +402,7 @@ fn encapsulate_generic< >(public_key.as_slice(), randomness, pseudorandomness); let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; shared_secret_array.copy_from_slice(shared_secret); - (ciphertext.into(), shared_secret_array) + (MlKemCiphertext::from(ciphertext), shared_secret_array) } pub(crate) fn decapsulate< From 381a0a4a2e6d4db44962a5477920cf605b9793da Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 19:46:49 -0700 Subject: [PATCH 71/94] Use a two-dimensional array now that it's supported --- libcrux-ml-kem/c/CMakeLists.txt | 1 + libcrux-ml-kem/c/libcrux_polynomial.c | 1677 +++-------------- libcrux-ml-kem/src/vector/rej_sample_table.rs | 1273 +++++-------- 3 files changed, 763 insertions(+), 2188 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 672fca9ca..75d8660c0 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -9,6 +9,7 @@ project(libcrux-ml-kem ) set(CMAKE_C_FLAGS " -Wall ") +set(CMAKE_COLOR_DIAGNOSTICS "ON") include_directories( ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/internal diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index fe53c8081..5714d1fc4 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -37,1426 +37,271 @@ libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = (int16_t)1522, (int16_t)1628 }; -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE0[16U] = - { - 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE1[16U] = - { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE2[16U] = - { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE3[16U] = - { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE4[16U] = - { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE5[16U] = - { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE6[16U] = - { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE7[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE8[16U] = - { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE9[16U] = - { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE10[16U] = - { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE11[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE12[16U] = - { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE13[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE14[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE15[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE16[16U] = - { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE17[16U] = - { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE18[16U] = - { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE19[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE20[16U] = - { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE21[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE22[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE23[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE24[16U] = - { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE25[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE26[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE27[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE28[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE29[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE30[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE31[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE32[16U] = - { - 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE33[16U] = - { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE34[16U] = - { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE35[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE36[16U] = - { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE37[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE38[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE39[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE40[16U] = - { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE41[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE42[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE43[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE44[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE45[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE46[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE47[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE48[16U] = - { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE49[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE50[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE51[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE52[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE53[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE54[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE55[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE56[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE57[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE58[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE59[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE60[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE61[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE62[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE63[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE64[16U] = - { - 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE65[16U] = - { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE66[16U] = - { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE67[16U] = - { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE68[16U] = - { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE69[16U] = - { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE70[16U] = - { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE71[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE72[16U] = - { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE73[16U] = - { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE74[16U] = - { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE75[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE76[16U] = - { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE77[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE78[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE79[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE80[16U] = - { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE81[16U] = - { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE82[16U] = - { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE83[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE84[16U] = - { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE85[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE86[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE87[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE88[16U] = - { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE89[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE90[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE91[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE92[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE93[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE94[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE95[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE96[16U] = - { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE97[16U] = - { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE98[16U] = - { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE99[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE100[16U] = - { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE101[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE102[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE103[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE104[16U] = - { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE105[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE106[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE107[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE108[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE109[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE110[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE111[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE112[16U] = - { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE113[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE114[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE115[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE116[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE117[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE118[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE119[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE120[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE121[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE122[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE123[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE124[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE125[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE126[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE127[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE128[16U] = - { - 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE129[16U] = - { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE130[16U] = - { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE131[16U] = - { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE132[16U] = - { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE133[16U] = - { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE134[16U] = - { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE135[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE136[16U] = - { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE137[16U] = - { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE138[16U] = - { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE139[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE140[16U] = - { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE141[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE142[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE143[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE144[16U] = - { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE145[16U] = - { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE146[16U] = - { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE147[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE148[16U] = - { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE149[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE150[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE151[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE152[16U] = - { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE153[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE154[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE155[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE156[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE157[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE158[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE159[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE160[16U] = - { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE161[16U] = - { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE162[16U] = - { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE163[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE164[16U] = - { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE165[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE166[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE167[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE168[16U] = - { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE169[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE170[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE171[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE172[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE173[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE174[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE175[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE176[16U] = - { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE177[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE178[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE179[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE180[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE181[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE182[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE183[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE184[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE185[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE186[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE187[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE188[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE189[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE190[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE191[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE192[16U] = - { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE193[16U] = - { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE194[16U] = - { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE195[16U] = - { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE196[16U] = - { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE197[16U] = - { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE198[16U] = - { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE199[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE200[16U] = - { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE201[16U] = - { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE202[16U] = - { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE203[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE204[16U] = - { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE205[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE206[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE207[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE208[16U] = - { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE209[16U] = - { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE210[16U] = - { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE211[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE212[16U] = - { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE213[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE214[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE215[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE216[16U] = - { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE217[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE218[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE219[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE220[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE221[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE222[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE223[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE224[16U] = - { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE225[16U] = - { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE226[16U] = - { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE227[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE228[16U] = - { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE229[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE230[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE231[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE232[16U] = - { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE233[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE234[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE235[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE236[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE237[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE238[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE239[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE240[16U] = - { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE241[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE242[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE243[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE244[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE245[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE246[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE247[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE248[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE249[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE250[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE251[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE252[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE253[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE254[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -static const -uint8_t -REJECTION_SAMPLE_SHUFFLE_TABLE255[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U }; - const uint8_t libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = { - REJECTION_SAMPLE_SHUFFLE_TABLE0, REJECTION_SAMPLE_SHUFFLE_TABLE1, - REJECTION_SAMPLE_SHUFFLE_TABLE2, REJECTION_SAMPLE_SHUFFLE_TABLE3, - REJECTION_SAMPLE_SHUFFLE_TABLE4, REJECTION_SAMPLE_SHUFFLE_TABLE5, - REJECTION_SAMPLE_SHUFFLE_TABLE6, REJECTION_SAMPLE_SHUFFLE_TABLE7, - REJECTION_SAMPLE_SHUFFLE_TABLE8, REJECTION_SAMPLE_SHUFFLE_TABLE9, - REJECTION_SAMPLE_SHUFFLE_TABLE10, REJECTION_SAMPLE_SHUFFLE_TABLE11, - REJECTION_SAMPLE_SHUFFLE_TABLE12, REJECTION_SAMPLE_SHUFFLE_TABLE13, - REJECTION_SAMPLE_SHUFFLE_TABLE14, REJECTION_SAMPLE_SHUFFLE_TABLE15, - REJECTION_SAMPLE_SHUFFLE_TABLE16, REJECTION_SAMPLE_SHUFFLE_TABLE17, - REJECTION_SAMPLE_SHUFFLE_TABLE18, REJECTION_SAMPLE_SHUFFLE_TABLE19, - REJECTION_SAMPLE_SHUFFLE_TABLE20, REJECTION_SAMPLE_SHUFFLE_TABLE21, - REJECTION_SAMPLE_SHUFFLE_TABLE22, REJECTION_SAMPLE_SHUFFLE_TABLE23, - REJECTION_SAMPLE_SHUFFLE_TABLE24, REJECTION_SAMPLE_SHUFFLE_TABLE25, - REJECTION_SAMPLE_SHUFFLE_TABLE26, REJECTION_SAMPLE_SHUFFLE_TABLE27, - REJECTION_SAMPLE_SHUFFLE_TABLE28, REJECTION_SAMPLE_SHUFFLE_TABLE29, - REJECTION_SAMPLE_SHUFFLE_TABLE30, REJECTION_SAMPLE_SHUFFLE_TABLE31, - REJECTION_SAMPLE_SHUFFLE_TABLE32, REJECTION_SAMPLE_SHUFFLE_TABLE33, - REJECTION_SAMPLE_SHUFFLE_TABLE34, REJECTION_SAMPLE_SHUFFLE_TABLE35, - REJECTION_SAMPLE_SHUFFLE_TABLE36, REJECTION_SAMPLE_SHUFFLE_TABLE37, - REJECTION_SAMPLE_SHUFFLE_TABLE38, REJECTION_SAMPLE_SHUFFLE_TABLE39, - REJECTION_SAMPLE_SHUFFLE_TABLE40, REJECTION_SAMPLE_SHUFFLE_TABLE41, - REJECTION_SAMPLE_SHUFFLE_TABLE42, REJECTION_SAMPLE_SHUFFLE_TABLE43, - REJECTION_SAMPLE_SHUFFLE_TABLE44, REJECTION_SAMPLE_SHUFFLE_TABLE45, - REJECTION_SAMPLE_SHUFFLE_TABLE46, REJECTION_SAMPLE_SHUFFLE_TABLE47, - REJECTION_SAMPLE_SHUFFLE_TABLE48, REJECTION_SAMPLE_SHUFFLE_TABLE49, - REJECTION_SAMPLE_SHUFFLE_TABLE50, REJECTION_SAMPLE_SHUFFLE_TABLE51, - REJECTION_SAMPLE_SHUFFLE_TABLE52, REJECTION_SAMPLE_SHUFFLE_TABLE53, - REJECTION_SAMPLE_SHUFFLE_TABLE54, REJECTION_SAMPLE_SHUFFLE_TABLE55, - REJECTION_SAMPLE_SHUFFLE_TABLE56, REJECTION_SAMPLE_SHUFFLE_TABLE57, - REJECTION_SAMPLE_SHUFFLE_TABLE58, REJECTION_SAMPLE_SHUFFLE_TABLE59, - REJECTION_SAMPLE_SHUFFLE_TABLE60, REJECTION_SAMPLE_SHUFFLE_TABLE61, - REJECTION_SAMPLE_SHUFFLE_TABLE62, REJECTION_SAMPLE_SHUFFLE_TABLE63, - REJECTION_SAMPLE_SHUFFLE_TABLE64, REJECTION_SAMPLE_SHUFFLE_TABLE65, - REJECTION_SAMPLE_SHUFFLE_TABLE66, REJECTION_SAMPLE_SHUFFLE_TABLE67, - REJECTION_SAMPLE_SHUFFLE_TABLE68, REJECTION_SAMPLE_SHUFFLE_TABLE69, - REJECTION_SAMPLE_SHUFFLE_TABLE70, REJECTION_SAMPLE_SHUFFLE_TABLE71, - REJECTION_SAMPLE_SHUFFLE_TABLE72, REJECTION_SAMPLE_SHUFFLE_TABLE73, - REJECTION_SAMPLE_SHUFFLE_TABLE74, REJECTION_SAMPLE_SHUFFLE_TABLE75, - REJECTION_SAMPLE_SHUFFLE_TABLE76, REJECTION_SAMPLE_SHUFFLE_TABLE77, - REJECTION_SAMPLE_SHUFFLE_TABLE78, REJECTION_SAMPLE_SHUFFLE_TABLE79, - REJECTION_SAMPLE_SHUFFLE_TABLE80, REJECTION_SAMPLE_SHUFFLE_TABLE81, - REJECTION_SAMPLE_SHUFFLE_TABLE82, REJECTION_SAMPLE_SHUFFLE_TABLE83, - REJECTION_SAMPLE_SHUFFLE_TABLE84, REJECTION_SAMPLE_SHUFFLE_TABLE85, - REJECTION_SAMPLE_SHUFFLE_TABLE86, REJECTION_SAMPLE_SHUFFLE_TABLE87, - REJECTION_SAMPLE_SHUFFLE_TABLE88, REJECTION_SAMPLE_SHUFFLE_TABLE89, - REJECTION_SAMPLE_SHUFFLE_TABLE90, REJECTION_SAMPLE_SHUFFLE_TABLE91, - REJECTION_SAMPLE_SHUFFLE_TABLE92, REJECTION_SAMPLE_SHUFFLE_TABLE93, - REJECTION_SAMPLE_SHUFFLE_TABLE94, REJECTION_SAMPLE_SHUFFLE_TABLE95, - REJECTION_SAMPLE_SHUFFLE_TABLE96, REJECTION_SAMPLE_SHUFFLE_TABLE97, - REJECTION_SAMPLE_SHUFFLE_TABLE98, REJECTION_SAMPLE_SHUFFLE_TABLE99, - REJECTION_SAMPLE_SHUFFLE_TABLE100, REJECTION_SAMPLE_SHUFFLE_TABLE101, - REJECTION_SAMPLE_SHUFFLE_TABLE102, REJECTION_SAMPLE_SHUFFLE_TABLE103, - REJECTION_SAMPLE_SHUFFLE_TABLE104, REJECTION_SAMPLE_SHUFFLE_TABLE105, - REJECTION_SAMPLE_SHUFFLE_TABLE106, REJECTION_SAMPLE_SHUFFLE_TABLE107, - REJECTION_SAMPLE_SHUFFLE_TABLE108, REJECTION_SAMPLE_SHUFFLE_TABLE109, - REJECTION_SAMPLE_SHUFFLE_TABLE110, REJECTION_SAMPLE_SHUFFLE_TABLE111, - REJECTION_SAMPLE_SHUFFLE_TABLE112, REJECTION_SAMPLE_SHUFFLE_TABLE113, - REJECTION_SAMPLE_SHUFFLE_TABLE114, REJECTION_SAMPLE_SHUFFLE_TABLE115, - REJECTION_SAMPLE_SHUFFLE_TABLE116, REJECTION_SAMPLE_SHUFFLE_TABLE117, - REJECTION_SAMPLE_SHUFFLE_TABLE118, REJECTION_SAMPLE_SHUFFLE_TABLE119, - REJECTION_SAMPLE_SHUFFLE_TABLE120, REJECTION_SAMPLE_SHUFFLE_TABLE121, - REJECTION_SAMPLE_SHUFFLE_TABLE122, REJECTION_SAMPLE_SHUFFLE_TABLE123, - REJECTION_SAMPLE_SHUFFLE_TABLE124, REJECTION_SAMPLE_SHUFFLE_TABLE125, - REJECTION_SAMPLE_SHUFFLE_TABLE126, REJECTION_SAMPLE_SHUFFLE_TABLE127, - REJECTION_SAMPLE_SHUFFLE_TABLE128, REJECTION_SAMPLE_SHUFFLE_TABLE129, - REJECTION_SAMPLE_SHUFFLE_TABLE130, REJECTION_SAMPLE_SHUFFLE_TABLE131, - REJECTION_SAMPLE_SHUFFLE_TABLE132, REJECTION_SAMPLE_SHUFFLE_TABLE133, - REJECTION_SAMPLE_SHUFFLE_TABLE134, REJECTION_SAMPLE_SHUFFLE_TABLE135, - REJECTION_SAMPLE_SHUFFLE_TABLE136, REJECTION_SAMPLE_SHUFFLE_TABLE137, - REJECTION_SAMPLE_SHUFFLE_TABLE138, REJECTION_SAMPLE_SHUFFLE_TABLE139, - REJECTION_SAMPLE_SHUFFLE_TABLE140, REJECTION_SAMPLE_SHUFFLE_TABLE141, - REJECTION_SAMPLE_SHUFFLE_TABLE142, REJECTION_SAMPLE_SHUFFLE_TABLE143, - REJECTION_SAMPLE_SHUFFLE_TABLE144, REJECTION_SAMPLE_SHUFFLE_TABLE145, - REJECTION_SAMPLE_SHUFFLE_TABLE146, REJECTION_SAMPLE_SHUFFLE_TABLE147, - REJECTION_SAMPLE_SHUFFLE_TABLE148, REJECTION_SAMPLE_SHUFFLE_TABLE149, - REJECTION_SAMPLE_SHUFFLE_TABLE150, REJECTION_SAMPLE_SHUFFLE_TABLE151, - REJECTION_SAMPLE_SHUFFLE_TABLE152, REJECTION_SAMPLE_SHUFFLE_TABLE153, - REJECTION_SAMPLE_SHUFFLE_TABLE154, REJECTION_SAMPLE_SHUFFLE_TABLE155, - REJECTION_SAMPLE_SHUFFLE_TABLE156, REJECTION_SAMPLE_SHUFFLE_TABLE157, - REJECTION_SAMPLE_SHUFFLE_TABLE158, REJECTION_SAMPLE_SHUFFLE_TABLE159, - REJECTION_SAMPLE_SHUFFLE_TABLE160, REJECTION_SAMPLE_SHUFFLE_TABLE161, - REJECTION_SAMPLE_SHUFFLE_TABLE162, REJECTION_SAMPLE_SHUFFLE_TABLE163, - REJECTION_SAMPLE_SHUFFLE_TABLE164, REJECTION_SAMPLE_SHUFFLE_TABLE165, - REJECTION_SAMPLE_SHUFFLE_TABLE166, REJECTION_SAMPLE_SHUFFLE_TABLE167, - REJECTION_SAMPLE_SHUFFLE_TABLE168, REJECTION_SAMPLE_SHUFFLE_TABLE169, - REJECTION_SAMPLE_SHUFFLE_TABLE170, REJECTION_SAMPLE_SHUFFLE_TABLE171, - REJECTION_SAMPLE_SHUFFLE_TABLE172, REJECTION_SAMPLE_SHUFFLE_TABLE173, - REJECTION_SAMPLE_SHUFFLE_TABLE174, REJECTION_SAMPLE_SHUFFLE_TABLE175, - REJECTION_SAMPLE_SHUFFLE_TABLE176, REJECTION_SAMPLE_SHUFFLE_TABLE177, - REJECTION_SAMPLE_SHUFFLE_TABLE178, REJECTION_SAMPLE_SHUFFLE_TABLE179, - REJECTION_SAMPLE_SHUFFLE_TABLE180, REJECTION_SAMPLE_SHUFFLE_TABLE181, - REJECTION_SAMPLE_SHUFFLE_TABLE182, REJECTION_SAMPLE_SHUFFLE_TABLE183, - REJECTION_SAMPLE_SHUFFLE_TABLE184, REJECTION_SAMPLE_SHUFFLE_TABLE185, - REJECTION_SAMPLE_SHUFFLE_TABLE186, REJECTION_SAMPLE_SHUFFLE_TABLE187, - REJECTION_SAMPLE_SHUFFLE_TABLE188, REJECTION_SAMPLE_SHUFFLE_TABLE189, - REJECTION_SAMPLE_SHUFFLE_TABLE190, REJECTION_SAMPLE_SHUFFLE_TABLE191, - REJECTION_SAMPLE_SHUFFLE_TABLE192, REJECTION_SAMPLE_SHUFFLE_TABLE193, - REJECTION_SAMPLE_SHUFFLE_TABLE194, REJECTION_SAMPLE_SHUFFLE_TABLE195, - REJECTION_SAMPLE_SHUFFLE_TABLE196, REJECTION_SAMPLE_SHUFFLE_TABLE197, - REJECTION_SAMPLE_SHUFFLE_TABLE198, REJECTION_SAMPLE_SHUFFLE_TABLE199, - REJECTION_SAMPLE_SHUFFLE_TABLE200, REJECTION_SAMPLE_SHUFFLE_TABLE201, - REJECTION_SAMPLE_SHUFFLE_TABLE202, REJECTION_SAMPLE_SHUFFLE_TABLE203, - REJECTION_SAMPLE_SHUFFLE_TABLE204, REJECTION_SAMPLE_SHUFFLE_TABLE205, - REJECTION_SAMPLE_SHUFFLE_TABLE206, REJECTION_SAMPLE_SHUFFLE_TABLE207, - REJECTION_SAMPLE_SHUFFLE_TABLE208, REJECTION_SAMPLE_SHUFFLE_TABLE209, - REJECTION_SAMPLE_SHUFFLE_TABLE210, REJECTION_SAMPLE_SHUFFLE_TABLE211, - REJECTION_SAMPLE_SHUFFLE_TABLE212, REJECTION_SAMPLE_SHUFFLE_TABLE213, - REJECTION_SAMPLE_SHUFFLE_TABLE214, REJECTION_SAMPLE_SHUFFLE_TABLE215, - REJECTION_SAMPLE_SHUFFLE_TABLE216, REJECTION_SAMPLE_SHUFFLE_TABLE217, - REJECTION_SAMPLE_SHUFFLE_TABLE218, REJECTION_SAMPLE_SHUFFLE_TABLE219, - REJECTION_SAMPLE_SHUFFLE_TABLE220, REJECTION_SAMPLE_SHUFFLE_TABLE221, - REJECTION_SAMPLE_SHUFFLE_TABLE222, REJECTION_SAMPLE_SHUFFLE_TABLE223, - REJECTION_SAMPLE_SHUFFLE_TABLE224, REJECTION_SAMPLE_SHUFFLE_TABLE225, - REJECTION_SAMPLE_SHUFFLE_TABLE226, REJECTION_SAMPLE_SHUFFLE_TABLE227, - REJECTION_SAMPLE_SHUFFLE_TABLE228, REJECTION_SAMPLE_SHUFFLE_TABLE229, - REJECTION_SAMPLE_SHUFFLE_TABLE230, REJECTION_SAMPLE_SHUFFLE_TABLE231, - REJECTION_SAMPLE_SHUFFLE_TABLE232, REJECTION_SAMPLE_SHUFFLE_TABLE233, - REJECTION_SAMPLE_SHUFFLE_TABLE234, REJECTION_SAMPLE_SHUFFLE_TABLE235, - REJECTION_SAMPLE_SHUFFLE_TABLE236, REJECTION_SAMPLE_SHUFFLE_TABLE237, - REJECTION_SAMPLE_SHUFFLE_TABLE238, REJECTION_SAMPLE_SHUFFLE_TABLE239, - REJECTION_SAMPLE_SHUFFLE_TABLE240, REJECTION_SAMPLE_SHUFFLE_TABLE241, - REJECTION_SAMPLE_SHUFFLE_TABLE242, REJECTION_SAMPLE_SHUFFLE_TABLE243, - REJECTION_SAMPLE_SHUFFLE_TABLE244, REJECTION_SAMPLE_SHUFFLE_TABLE245, - REJECTION_SAMPLE_SHUFFLE_TABLE246, REJECTION_SAMPLE_SHUFFLE_TABLE247, - REJECTION_SAMPLE_SHUFFLE_TABLE248, REJECTION_SAMPLE_SHUFFLE_TABLE249, - REJECTION_SAMPLE_SHUFFLE_TABLE250, REJECTION_SAMPLE_SHUFFLE_TABLE251, - REJECTION_SAMPLE_SHUFFLE_TABLE252, REJECTION_SAMPLE_SHUFFLE_TABLE253, - REJECTION_SAMPLE_SHUFFLE_TABLE254, REJECTION_SAMPLE_SHUFFLE_TABLE255 + { + 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, + { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }, + { + 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }, + { + 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }, + { + 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }, + { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U } }; static inline libcrux_ml_kem_vector_PortableVector zero(void) diff --git a/libcrux-ml-kem/src/vector/rej_sample_table.rs b/libcrux-ml-kem/src/vector/rej_sample_table.rs index c096be3f2..1678df0d4 100644 --- a/libcrux-ml-kem/src/vector/rej_sample_table.rs +++ b/libcrux-ml-kem/src/vector/rej_sample_table.rs @@ -15,1020 +15,749 @@ // let index_vec = unsafe { vld1q_u8(index.as_ptr() as *const u8) }; // End of index table lookup calculation -// XXX: Eurydice can't handle the multi-dimensional array. So we construct it in -// two steps. -const REJECTION_SAMPLE_SHUFFLE_TABLE0: [u8; 16] = [ +pub(super) const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ +[ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE1: [u8; 16] = [ +], +[ 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE2: [u8; 16] = [ +], +[ 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE3: [u8; 16] = [ +], +[ 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE4: [u8; 16] = [ +], +[ 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE5: [u8; 16] = [ +], +[ 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE6: [u8; 16] = [ +], +[ 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE7: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE8: [u8; 16] = [ +], +[ 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE9: [u8; 16] = [ +], +[ 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE10: [u8; 16] = [ +], +[ 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE11: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE12: [u8; 16] = [ +], +[ 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE13: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE14: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE15: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE16: [u8; 16] = [ +], +[ 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE17: [u8; 16] = [ +], +[ 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE18: [u8; 16] = [ +], +[ 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE19: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE20: [u8; 16] = [ +], +[ 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE21: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE22: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE23: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE24: [u8; 16] = [ +], +[ 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE25: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE26: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE27: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE28: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE29: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE30: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE31: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE32: [u8; 16] = [ +], +[ 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE33: [u8; 16] = [ +], +[ 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE34: [u8; 16] = [ +], +[ 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE35: [u8; 16] = [ +], +[ 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE36: [u8; 16] = [ +], +[ 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE37: [u8; 16] = [ +], +[ 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE38: [u8; 16] = [ +], +[ 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE39: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE40: [u8; 16] = [ +], +[ 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE41: [u8; 16] = [ +], +[ 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE42: [u8; 16] = [ +], +[ 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE43: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE44: [u8; 16] = [ +], +[ 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE45: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE46: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE47: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE48: [u8; 16] = [ +], +[ 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE49: [u8; 16] = [ +], +[ 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE50: [u8; 16] = [ +], +[ 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE51: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE52: [u8; 16] = [ +], +[ 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE53: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE54: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE55: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE56: [u8; 16] = [ +], +[ 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE57: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE58: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE59: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE60: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE61: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE62: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE63: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE64: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], +[ 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE65: [u8; 16] = [ +], +[ 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE66: [u8; 16] = [ +], +[ 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE67: [u8; 16] = [ +], +[ 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE68: [u8; 16] = [ +], +[ 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE69: [u8; 16] = [ +], +[ 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE70: [u8; 16] = [ +], +[ 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE71: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE72: [u8; 16] = [ +], +[ 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE73: [u8; 16] = [ +], +[ 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE74: [u8; 16] = [ +], +[ 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE75: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE76: [u8; 16] = [ +], +[ 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE77: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE78: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE79: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE80: [u8; 16] = [ +], +[ 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE81: [u8; 16] = [ +], +[ 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE82: [u8; 16] = [ +], +[ 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE83: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE84: [u8; 16] = [ +], +[ 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE85: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE86: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE87: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE88: [u8; 16] = [ +], +[ 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE89: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE90: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE91: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE92: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE93: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE94: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE95: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE96: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], +[ 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE97: [u8; 16] = [ +], +[ 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE98: [u8; 16] = [ +], +[ 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE99: [u8; 16] = [ +], +[ 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE100: [u8; 16] = [ +], +[ 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE101: [u8; 16] = [ +], +[ 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE102: [u8; 16] = [ +], +[ 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE103: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE104: [u8; 16] = [ +], +[ 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE105: [u8; 16] = [ +], +[ 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE106: [u8; 16] = [ +], +[ 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE107: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE108: [u8; 16] = [ +], +[ 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE109: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE110: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE111: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE112: [u8; 16] = [ +], +[ 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE113: [u8; 16] = [ +], +[ 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE114: [u8; 16] = [ +], +[ 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE115: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE116: [u8; 16] = [ +], +[ 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE117: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE118: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE119: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE120: [u8; 16] = [ +], +[ 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE121: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE122: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE123: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE124: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE125: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE126: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE127: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE128: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], +[ 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE129: [u8; 16] = [ +], +[ 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE130: [u8; 16] = [ +], +[ 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE131: [u8; 16] = [ +], +[ 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE132: [u8; 16] = [ +], +[ 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE133: [u8; 16] = [ +], +[ 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE134: [u8; 16] = [ +], +[ 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE135: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE136: [u8; 16] = [ +], +[ 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE137: [u8; 16] = [ +], +[ 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE138: [u8; 16] = [ +], +[ 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE139: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE140: [u8; 16] = [ +], +[ 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE141: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE142: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE143: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE144: [u8; 16] = [ +], +[ 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE145: [u8; 16] = [ +], +[ 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE146: [u8; 16] = [ +], +[ 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE147: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE148: [u8; 16] = [ +], +[ 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE149: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE150: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE151: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE152: [u8; 16] = [ +], +[ 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE153: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE154: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE155: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE156: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE157: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE158: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE159: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE160: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], +[ 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE161: [u8; 16] = [ +], +[ 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE162: [u8; 16] = [ +], +[ 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE163: [u8; 16] = [ +], +[ 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE164: [u8; 16] = [ +], +[ 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE165: [u8; 16] = [ +], +[ 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE166: [u8; 16] = [ +], +[ 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE167: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE168: [u8; 16] = [ +], +[ 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE169: [u8; 16] = [ +], +[ 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE170: [u8; 16] = [ +], +[ 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE171: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE172: [u8; 16] = [ +], +[ 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE173: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE174: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE175: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE176: [u8; 16] = [ +], +[ 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE177: [u8; 16] = [ +], +[ 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE178: [u8; 16] = [ +], +[ 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE179: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE180: [u8; 16] = [ +], +[ 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE181: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE182: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE183: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE184: [u8; 16] = [ +], +[ 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE185: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE186: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE187: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE188: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE189: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE190: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE191: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE192: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], +[ 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE193: [u8; 16] = [ +], +[ 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE194: [u8; 16] = [ +], +[ 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE195: [u8; 16] = [ +], +[ 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE196: [u8; 16] = [ +], +[ 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE197: [u8; 16] = [ +], +[ 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE198: [u8; 16] = [ +], +[ 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE199: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE200: [u8; 16] = [ +], +[ 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE201: [u8; 16] = [ +], +[ 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE202: [u8; 16] = [ +], +[ 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE203: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE204: [u8; 16] = [ +], +[ 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE205: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE206: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE207: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE208: [u8; 16] = [ +], +[ 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE209: [u8; 16] = [ +], +[ 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE210: [u8; 16] = [ +], +[ 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE211: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE212: [u8; 16] = [ +], +[ 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE213: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE214: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE215: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE216: [u8; 16] = [ +], +[ 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE217: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE218: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE219: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE220: [u8; 16] = [ +], +[ 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE221: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE222: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE223: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE224: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], +[ 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE225: [u8; 16] = [ +], +[ 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE226: [u8; 16] = [ +], +[ 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE227: [u8; 16] = [ +], +[ 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE228: [u8; 16] = [ +], +[ 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE229: [u8; 16] = [ +], +[ 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE230: [u8; 16] = [ +], +[ 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE231: [u8; 16] = [ +], +[ 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE232: [u8; 16] = [ +], +[ 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE233: [u8; 16] = [ +], +[ 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE234: [u8; 16] = [ +], +[ 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE235: [u8; 16] = [ +], +[ 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE236: [u8; 16] = [ +], +[ 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE237: [u8; 16] = [ +], +[ 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE238: [u8; 16] = [ +], +[ 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE239: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE240: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], +[ 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE241: [u8; 16] = [ +], +[ 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE242: [u8; 16] = [ +], +[ 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE243: [u8; 16] = [ +], +[ 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE244: [u8; 16] = [ +], +[ 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE245: [u8; 16] = [ +], +[ 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE246: [u8; 16] = [ +], +[ 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE247: [u8; 16] = - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE248: [u8; 16] = [ +], + [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], +[ 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE249: [u8; 16] = [ +], +[ 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE250: [u8; 16] = [ +], +[ 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE251: [u8; 16] = - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE252: [u8; 16] = [ +], + [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], +[ 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -]; -const REJECTION_SAMPLE_SHUFFLE_TABLE253: [u8; 16] = - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE254: [u8; 16] = - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff]; -const REJECTION_SAMPLE_SHUFFLE_TABLE255: [u8; 16] = - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; - -pub(super) const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ - REJECTION_SAMPLE_SHUFFLE_TABLE0, - REJECTION_SAMPLE_SHUFFLE_TABLE1, - REJECTION_SAMPLE_SHUFFLE_TABLE2, - REJECTION_SAMPLE_SHUFFLE_TABLE3, - REJECTION_SAMPLE_SHUFFLE_TABLE4, - REJECTION_SAMPLE_SHUFFLE_TABLE5, - REJECTION_SAMPLE_SHUFFLE_TABLE6, - REJECTION_SAMPLE_SHUFFLE_TABLE7, - REJECTION_SAMPLE_SHUFFLE_TABLE8, - REJECTION_SAMPLE_SHUFFLE_TABLE9, - REJECTION_SAMPLE_SHUFFLE_TABLE10, - REJECTION_SAMPLE_SHUFFLE_TABLE11, - REJECTION_SAMPLE_SHUFFLE_TABLE12, - REJECTION_SAMPLE_SHUFFLE_TABLE13, - REJECTION_SAMPLE_SHUFFLE_TABLE14, - REJECTION_SAMPLE_SHUFFLE_TABLE15, - REJECTION_SAMPLE_SHUFFLE_TABLE16, - REJECTION_SAMPLE_SHUFFLE_TABLE17, - REJECTION_SAMPLE_SHUFFLE_TABLE18, - REJECTION_SAMPLE_SHUFFLE_TABLE19, - REJECTION_SAMPLE_SHUFFLE_TABLE20, - REJECTION_SAMPLE_SHUFFLE_TABLE21, - REJECTION_SAMPLE_SHUFFLE_TABLE22, - REJECTION_SAMPLE_SHUFFLE_TABLE23, - REJECTION_SAMPLE_SHUFFLE_TABLE24, - REJECTION_SAMPLE_SHUFFLE_TABLE25, - REJECTION_SAMPLE_SHUFFLE_TABLE26, - REJECTION_SAMPLE_SHUFFLE_TABLE27, - REJECTION_SAMPLE_SHUFFLE_TABLE28, - REJECTION_SAMPLE_SHUFFLE_TABLE29, - REJECTION_SAMPLE_SHUFFLE_TABLE30, - REJECTION_SAMPLE_SHUFFLE_TABLE31, - REJECTION_SAMPLE_SHUFFLE_TABLE32, - REJECTION_SAMPLE_SHUFFLE_TABLE33, - REJECTION_SAMPLE_SHUFFLE_TABLE34, - REJECTION_SAMPLE_SHUFFLE_TABLE35, - REJECTION_SAMPLE_SHUFFLE_TABLE36, - REJECTION_SAMPLE_SHUFFLE_TABLE37, - REJECTION_SAMPLE_SHUFFLE_TABLE38, - REJECTION_SAMPLE_SHUFFLE_TABLE39, - REJECTION_SAMPLE_SHUFFLE_TABLE40, - REJECTION_SAMPLE_SHUFFLE_TABLE41, - REJECTION_SAMPLE_SHUFFLE_TABLE42, - REJECTION_SAMPLE_SHUFFLE_TABLE43, - REJECTION_SAMPLE_SHUFFLE_TABLE44, - REJECTION_SAMPLE_SHUFFLE_TABLE45, - REJECTION_SAMPLE_SHUFFLE_TABLE46, - REJECTION_SAMPLE_SHUFFLE_TABLE47, - REJECTION_SAMPLE_SHUFFLE_TABLE48, - REJECTION_SAMPLE_SHUFFLE_TABLE49, - REJECTION_SAMPLE_SHUFFLE_TABLE50, - REJECTION_SAMPLE_SHUFFLE_TABLE51, - REJECTION_SAMPLE_SHUFFLE_TABLE52, - REJECTION_SAMPLE_SHUFFLE_TABLE53, - REJECTION_SAMPLE_SHUFFLE_TABLE54, - REJECTION_SAMPLE_SHUFFLE_TABLE55, - REJECTION_SAMPLE_SHUFFLE_TABLE56, - REJECTION_SAMPLE_SHUFFLE_TABLE57, - REJECTION_SAMPLE_SHUFFLE_TABLE58, - REJECTION_SAMPLE_SHUFFLE_TABLE59, - REJECTION_SAMPLE_SHUFFLE_TABLE60, - REJECTION_SAMPLE_SHUFFLE_TABLE61, - REJECTION_SAMPLE_SHUFFLE_TABLE62, - REJECTION_SAMPLE_SHUFFLE_TABLE63, - REJECTION_SAMPLE_SHUFFLE_TABLE64, - REJECTION_SAMPLE_SHUFFLE_TABLE65, - REJECTION_SAMPLE_SHUFFLE_TABLE66, - REJECTION_SAMPLE_SHUFFLE_TABLE67, - REJECTION_SAMPLE_SHUFFLE_TABLE68, - REJECTION_SAMPLE_SHUFFLE_TABLE69, - REJECTION_SAMPLE_SHUFFLE_TABLE70, - REJECTION_SAMPLE_SHUFFLE_TABLE71, - REJECTION_SAMPLE_SHUFFLE_TABLE72, - REJECTION_SAMPLE_SHUFFLE_TABLE73, - REJECTION_SAMPLE_SHUFFLE_TABLE74, - REJECTION_SAMPLE_SHUFFLE_TABLE75, - REJECTION_SAMPLE_SHUFFLE_TABLE76, - REJECTION_SAMPLE_SHUFFLE_TABLE77, - REJECTION_SAMPLE_SHUFFLE_TABLE78, - REJECTION_SAMPLE_SHUFFLE_TABLE79, - REJECTION_SAMPLE_SHUFFLE_TABLE80, - REJECTION_SAMPLE_SHUFFLE_TABLE81, - REJECTION_SAMPLE_SHUFFLE_TABLE82, - REJECTION_SAMPLE_SHUFFLE_TABLE83, - REJECTION_SAMPLE_SHUFFLE_TABLE84, - REJECTION_SAMPLE_SHUFFLE_TABLE85, - REJECTION_SAMPLE_SHUFFLE_TABLE86, - REJECTION_SAMPLE_SHUFFLE_TABLE87, - REJECTION_SAMPLE_SHUFFLE_TABLE88, - REJECTION_SAMPLE_SHUFFLE_TABLE89, - REJECTION_SAMPLE_SHUFFLE_TABLE90, - REJECTION_SAMPLE_SHUFFLE_TABLE91, - REJECTION_SAMPLE_SHUFFLE_TABLE92, - REJECTION_SAMPLE_SHUFFLE_TABLE93, - REJECTION_SAMPLE_SHUFFLE_TABLE94, - REJECTION_SAMPLE_SHUFFLE_TABLE95, - REJECTION_SAMPLE_SHUFFLE_TABLE96, - REJECTION_SAMPLE_SHUFFLE_TABLE97, - REJECTION_SAMPLE_SHUFFLE_TABLE98, - REJECTION_SAMPLE_SHUFFLE_TABLE99, - REJECTION_SAMPLE_SHUFFLE_TABLE100, - REJECTION_SAMPLE_SHUFFLE_TABLE101, - REJECTION_SAMPLE_SHUFFLE_TABLE102, - REJECTION_SAMPLE_SHUFFLE_TABLE103, - REJECTION_SAMPLE_SHUFFLE_TABLE104, - REJECTION_SAMPLE_SHUFFLE_TABLE105, - REJECTION_SAMPLE_SHUFFLE_TABLE106, - REJECTION_SAMPLE_SHUFFLE_TABLE107, - REJECTION_SAMPLE_SHUFFLE_TABLE108, - REJECTION_SAMPLE_SHUFFLE_TABLE109, - REJECTION_SAMPLE_SHUFFLE_TABLE110, - REJECTION_SAMPLE_SHUFFLE_TABLE111, - REJECTION_SAMPLE_SHUFFLE_TABLE112, - REJECTION_SAMPLE_SHUFFLE_TABLE113, - REJECTION_SAMPLE_SHUFFLE_TABLE114, - REJECTION_SAMPLE_SHUFFLE_TABLE115, - REJECTION_SAMPLE_SHUFFLE_TABLE116, - REJECTION_SAMPLE_SHUFFLE_TABLE117, - REJECTION_SAMPLE_SHUFFLE_TABLE118, - REJECTION_SAMPLE_SHUFFLE_TABLE119, - REJECTION_SAMPLE_SHUFFLE_TABLE120, - REJECTION_SAMPLE_SHUFFLE_TABLE121, - REJECTION_SAMPLE_SHUFFLE_TABLE122, - REJECTION_SAMPLE_SHUFFLE_TABLE123, - REJECTION_SAMPLE_SHUFFLE_TABLE124, - REJECTION_SAMPLE_SHUFFLE_TABLE125, - REJECTION_SAMPLE_SHUFFLE_TABLE126, - REJECTION_SAMPLE_SHUFFLE_TABLE127, - REJECTION_SAMPLE_SHUFFLE_TABLE128, - REJECTION_SAMPLE_SHUFFLE_TABLE129, - REJECTION_SAMPLE_SHUFFLE_TABLE130, - REJECTION_SAMPLE_SHUFFLE_TABLE131, - REJECTION_SAMPLE_SHUFFLE_TABLE132, - REJECTION_SAMPLE_SHUFFLE_TABLE133, - REJECTION_SAMPLE_SHUFFLE_TABLE134, - REJECTION_SAMPLE_SHUFFLE_TABLE135, - REJECTION_SAMPLE_SHUFFLE_TABLE136, - REJECTION_SAMPLE_SHUFFLE_TABLE137, - REJECTION_SAMPLE_SHUFFLE_TABLE138, - REJECTION_SAMPLE_SHUFFLE_TABLE139, - REJECTION_SAMPLE_SHUFFLE_TABLE140, - REJECTION_SAMPLE_SHUFFLE_TABLE141, - REJECTION_SAMPLE_SHUFFLE_TABLE142, - REJECTION_SAMPLE_SHUFFLE_TABLE143, - REJECTION_SAMPLE_SHUFFLE_TABLE144, - REJECTION_SAMPLE_SHUFFLE_TABLE145, - REJECTION_SAMPLE_SHUFFLE_TABLE146, - REJECTION_SAMPLE_SHUFFLE_TABLE147, - REJECTION_SAMPLE_SHUFFLE_TABLE148, - REJECTION_SAMPLE_SHUFFLE_TABLE149, - REJECTION_SAMPLE_SHUFFLE_TABLE150, - REJECTION_SAMPLE_SHUFFLE_TABLE151, - REJECTION_SAMPLE_SHUFFLE_TABLE152, - REJECTION_SAMPLE_SHUFFLE_TABLE153, - REJECTION_SAMPLE_SHUFFLE_TABLE154, - REJECTION_SAMPLE_SHUFFLE_TABLE155, - REJECTION_SAMPLE_SHUFFLE_TABLE156, - REJECTION_SAMPLE_SHUFFLE_TABLE157, - REJECTION_SAMPLE_SHUFFLE_TABLE158, - REJECTION_SAMPLE_SHUFFLE_TABLE159, - REJECTION_SAMPLE_SHUFFLE_TABLE160, - REJECTION_SAMPLE_SHUFFLE_TABLE161, - REJECTION_SAMPLE_SHUFFLE_TABLE162, - REJECTION_SAMPLE_SHUFFLE_TABLE163, - REJECTION_SAMPLE_SHUFFLE_TABLE164, - REJECTION_SAMPLE_SHUFFLE_TABLE165, - REJECTION_SAMPLE_SHUFFLE_TABLE166, - REJECTION_SAMPLE_SHUFFLE_TABLE167, - REJECTION_SAMPLE_SHUFFLE_TABLE168, - REJECTION_SAMPLE_SHUFFLE_TABLE169, - REJECTION_SAMPLE_SHUFFLE_TABLE170, - REJECTION_SAMPLE_SHUFFLE_TABLE171, - REJECTION_SAMPLE_SHUFFLE_TABLE172, - REJECTION_SAMPLE_SHUFFLE_TABLE173, - REJECTION_SAMPLE_SHUFFLE_TABLE174, - REJECTION_SAMPLE_SHUFFLE_TABLE175, - REJECTION_SAMPLE_SHUFFLE_TABLE176, - REJECTION_SAMPLE_SHUFFLE_TABLE177, - REJECTION_SAMPLE_SHUFFLE_TABLE178, - REJECTION_SAMPLE_SHUFFLE_TABLE179, - REJECTION_SAMPLE_SHUFFLE_TABLE180, - REJECTION_SAMPLE_SHUFFLE_TABLE181, - REJECTION_SAMPLE_SHUFFLE_TABLE182, - REJECTION_SAMPLE_SHUFFLE_TABLE183, - REJECTION_SAMPLE_SHUFFLE_TABLE184, - REJECTION_SAMPLE_SHUFFLE_TABLE185, - REJECTION_SAMPLE_SHUFFLE_TABLE186, - REJECTION_SAMPLE_SHUFFLE_TABLE187, - REJECTION_SAMPLE_SHUFFLE_TABLE188, - REJECTION_SAMPLE_SHUFFLE_TABLE189, - REJECTION_SAMPLE_SHUFFLE_TABLE190, - REJECTION_SAMPLE_SHUFFLE_TABLE191, - REJECTION_SAMPLE_SHUFFLE_TABLE192, - REJECTION_SAMPLE_SHUFFLE_TABLE193, - REJECTION_SAMPLE_SHUFFLE_TABLE194, - REJECTION_SAMPLE_SHUFFLE_TABLE195, - REJECTION_SAMPLE_SHUFFLE_TABLE196, - REJECTION_SAMPLE_SHUFFLE_TABLE197, - REJECTION_SAMPLE_SHUFFLE_TABLE198, - REJECTION_SAMPLE_SHUFFLE_TABLE199, - REJECTION_SAMPLE_SHUFFLE_TABLE200, - REJECTION_SAMPLE_SHUFFLE_TABLE201, - REJECTION_SAMPLE_SHUFFLE_TABLE202, - REJECTION_SAMPLE_SHUFFLE_TABLE203, - REJECTION_SAMPLE_SHUFFLE_TABLE204, - REJECTION_SAMPLE_SHUFFLE_TABLE205, - REJECTION_SAMPLE_SHUFFLE_TABLE206, - REJECTION_SAMPLE_SHUFFLE_TABLE207, - REJECTION_SAMPLE_SHUFFLE_TABLE208, - REJECTION_SAMPLE_SHUFFLE_TABLE209, - REJECTION_SAMPLE_SHUFFLE_TABLE210, - REJECTION_SAMPLE_SHUFFLE_TABLE211, - REJECTION_SAMPLE_SHUFFLE_TABLE212, - REJECTION_SAMPLE_SHUFFLE_TABLE213, - REJECTION_SAMPLE_SHUFFLE_TABLE214, - REJECTION_SAMPLE_SHUFFLE_TABLE215, - REJECTION_SAMPLE_SHUFFLE_TABLE216, - REJECTION_SAMPLE_SHUFFLE_TABLE217, - REJECTION_SAMPLE_SHUFFLE_TABLE218, - REJECTION_SAMPLE_SHUFFLE_TABLE219, - REJECTION_SAMPLE_SHUFFLE_TABLE220, - REJECTION_SAMPLE_SHUFFLE_TABLE221, - REJECTION_SAMPLE_SHUFFLE_TABLE222, - REJECTION_SAMPLE_SHUFFLE_TABLE223, - REJECTION_SAMPLE_SHUFFLE_TABLE224, - REJECTION_SAMPLE_SHUFFLE_TABLE225, - REJECTION_SAMPLE_SHUFFLE_TABLE226, - REJECTION_SAMPLE_SHUFFLE_TABLE227, - REJECTION_SAMPLE_SHUFFLE_TABLE228, - REJECTION_SAMPLE_SHUFFLE_TABLE229, - REJECTION_SAMPLE_SHUFFLE_TABLE230, - REJECTION_SAMPLE_SHUFFLE_TABLE231, - REJECTION_SAMPLE_SHUFFLE_TABLE232, - REJECTION_SAMPLE_SHUFFLE_TABLE233, - REJECTION_SAMPLE_SHUFFLE_TABLE234, - REJECTION_SAMPLE_SHUFFLE_TABLE235, - REJECTION_SAMPLE_SHUFFLE_TABLE236, - REJECTION_SAMPLE_SHUFFLE_TABLE237, - REJECTION_SAMPLE_SHUFFLE_TABLE238, - REJECTION_SAMPLE_SHUFFLE_TABLE239, - REJECTION_SAMPLE_SHUFFLE_TABLE240, - REJECTION_SAMPLE_SHUFFLE_TABLE241, - REJECTION_SAMPLE_SHUFFLE_TABLE242, - REJECTION_SAMPLE_SHUFFLE_TABLE243, - REJECTION_SAMPLE_SHUFFLE_TABLE244, - REJECTION_SAMPLE_SHUFFLE_TABLE245, - REJECTION_SAMPLE_SHUFFLE_TABLE246, - REJECTION_SAMPLE_SHUFFLE_TABLE247, - REJECTION_SAMPLE_SHUFFLE_TABLE248, - REJECTION_SAMPLE_SHUFFLE_TABLE249, - REJECTION_SAMPLE_SHUFFLE_TABLE250, - REJECTION_SAMPLE_SHUFFLE_TABLE251, - REJECTION_SAMPLE_SHUFFLE_TABLE252, - REJECTION_SAMPLE_SHUFFLE_TABLE253, - REJECTION_SAMPLE_SHUFFLE_TABLE254, - REJECTION_SAMPLE_SHUFFLE_TABLE255, +], + [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], + [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], ]; From 0ac31ce82b980d758de713390bf993a2821708d4 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 19:52:02 -0700 Subject: [PATCH 72/94] It compiles --- libcrux-ml-kem/c/CMakeLists.txt | 1 + libcrux-ml-kem/c/eurydice_glue.h | 2 ++ libcrux-ml-kem/c/libcrux_platform.c | 8 ++++++++ 3 files changed, 11 insertions(+) create mode 100644 libcrux-ml-kem/c/libcrux_platform.c diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 75d8660c0..de45adfbc 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -17,6 +17,7 @@ include_directories( ) file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_core.c + ${PROJECT_SOURCE_DIR}/libcrux_platform.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index f4f754acb..51eec3b8b 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -100,6 +100,8 @@ core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { return x; } +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { return __builtin_popcount(x0); } + // unsigned overflow wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } diff --git a/libcrux-ml-kem/c/libcrux_platform.c b/libcrux-ml-kem/c/libcrux_platform.c new file mode 100644 index 000000000..b1f487d73 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_platform.c @@ -0,0 +1,8 @@ +// HAND-WRITTEN FILE + +#include + +bool libcrux_platform_platform_simd256_support(void) { + // TODO: query cpuid and cache the results!! + return true; +} From d89558cb1b469ff23efd6d90c61151d8f96aa5d0 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 29 May 2024 20:04:44 -0700 Subject: [PATCH 73/94] zomg --- libcrux-ml-kem/c/tests/sha3.cc | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/libcrux-ml-kem/c/tests/sha3.cc b/libcrux-ml-kem/c/tests/sha3.cc index 2671564df..7184a6754 100644 --- a/libcrux-ml-kem/c/tests/sha3.cc +++ b/libcrux-ml-kem/c/tests/sha3.cc @@ -3,6 +3,7 @@ #include #include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" using namespace std; @@ -56,3 +57,28 @@ TEST(Sha3Test, ConsistencyTest) 32), 0); } + +#define KYBER768_SECRETKEYBYTES 2400 +#define KYBER768_PUBLICKEYBYTES 1184 +#define KYBER768_CIPHERTEXTBYTES 1088 +#define KYBER768_SHAREDSECRETBYTES 32 + +TEST(Kyber768Test, ConsistencyTest) +{ + uint8_t randomness[64] = { 0 }; + uint8_t publicKey[KYBER768_PUBLICKEYBYTES]; + uint8_t secretKey[KYBER768_SECRETKEYBYTES]; + + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t kp = + libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + + uint8_t ciphertext[KYBER768_CIPHERTEXTBYTES]; + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ cipher_and_shared_secret = + libcrux_ml_kem_mlkem768_encapsulate(&kp.pk, randomness); + + uint8_t sharedSecret2[KYBER768_SHAREDSECRETBYTES]; + libcrux_ml_kem_mlkem768_decapsulate(&kp.sk, &cipher_and_shared_secret.fst, sharedSecret2); + + EXPECT_EQ(0, memcmp(cipher_and_shared_secret.snd, sharedSecret2, KYBER768_SHAREDSECRETBYTES)); +} + From 3b85af7bdd085c4a1ae49c5e2e117a61ef34b297 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 30 May 2024 08:14:25 +0200 Subject: [PATCH 74/94] updated C build and mlkem tests --- libcrux-ml-kem/c-snapshot/core.c | 34 - libcrux-ml-kem/c-snapshot/core.h | 38 - libcrux-ml-kem/c-snapshot/eurydice_glue.h | 220 - libcrux-ml-kem/c-snapshot/internal/core.h | 31 - .../c-snapshot/internal/libcrux_mlkem1027.h | 31 - .../internal/libcrux_mlkem_vector.h | 35 - .../c-snapshot/libcrux_intrinsics_avx2.h | 334 - libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c | 4223 ---------- libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h | 1649 ---- libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c | 7430 ----------------- libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h | 1518 ---- libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c | 4005 --------- libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h | 805 -- libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c | 4265 ---------- libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h | 860 -- .../c-snapshot/libcrux_mlkem_constants.h | 40 - .../c-snapshot/libcrux_mlkem_ctops.c | 44 - .../c-snapshot/libcrux_mlkem_ctops.h | 34 - .../c-snapshot/libcrux_mlkem_sha3.h | 30 - .../c-snapshot/libcrux_mlkem_sha3_avx2.h | 25 - .../c-snapshot/libcrux_mlkem_vector.c | 1365 --- .../c-snapshot/libcrux_mlkem_vector.h | 198 - libcrux-ml-kem/c-snapshot/libcrux_platform.h | 26 - libcrux-ml-kem/c-snapshot/libcrux_sha3.h | 68 - libcrux-ml-kem/c.sh | 20 +- libcrux-ml-kem/c/CMakeLists.txt | 20 +- libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 4 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_platform.h | 4 +- libcrux-ml-kem/c/libcrux_polynomial.c | 4 +- libcrux-ml-kem/c/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.c | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- libcrux-ml-kem/c/tests/mlkem768.cc | 302 + libcrux-ml-kem/c/tests/mlkem768_nistkats.json | 802 ++ 53 files changed, 1178 insertions(+), 27374 deletions(-) delete mode 100644 libcrux-ml-kem/c-snapshot/core.c delete mode 100644 libcrux-ml-kem/c-snapshot/core.h delete mode 100644 libcrux-ml-kem/c-snapshot/eurydice_glue.h delete mode 100644 libcrux-ml-kem/c-snapshot/internal/core.h delete mode 100644 libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h delete mode 100644 libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_platform.h delete mode 100644 libcrux-ml-kem/c-snapshot/libcrux_sha3.h create mode 100644 libcrux-ml-kem/c/tests/mlkem768.cc create mode 100644 libcrux-ml-kem/c/tests/mlkem768_nistkats.json diff --git a/libcrux-ml-kem/c-snapshot/core.c b/libcrux-ml-kem/c-snapshot/core.c deleted file mode 100644 index ef9f514c0..000000000 --- a/libcrux-ml-kem/c-snapshot/core.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/core.h" - -typedef size_t RangeTo__size_t; - -typedef size_t RangeFrom__size_t; - -typedef struct Option__size_t_s -{ - core_option_Option__size_t_tags tag; - size_t f0; -} -Option__size_t; - -typedef struct Option__uint32_t_s -{ - core_option_Option__size_t_tags tag; - uint32_t f0; -} -Option__uint32_t; - -typedef struct Option__int32_t_s -{ - core_option_Option__size_t_tags tag; - int32_t f0; -} -Option__int32_t; - diff --git a/libcrux-ml-kem/c-snapshot/core.h b/libcrux-ml-kem/c-snapshot/core.h deleted file mode 100644 index 88909dbc1..000000000 --- a/libcrux-ml-kem/c-snapshot/core.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __core_H -#define __core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef struct core_ops_range_Range__size_t_s -{ - size_t start; - size_t end; -} -core_ops_range_Range__size_t; - -extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); - -extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); - -#define core_option_None 0 -#define core_option_Some 1 - -typedef uint8_t core_option_Option__size_t_tags; - -#if defined(__cplusplus) -} -#endif - -#define __core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/eurydice_glue.h b/libcrux-ml-kem/c-snapshot/eurydice_glue.h deleted file mode 100644 index c8b0825db..000000000 --- a/libcrux-ml-kem/c-snapshot/eurydice_glue.h +++ /dev/null @@ -1,220 +0,0 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) - -// SLICES, ARRAYS, ETC. - -// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. -// the number of elements in the slice (this is NOT the number of bytes). This design choice has two -// important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it -// by sizeof t, where t is the type of the elements. -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end -// index in x (excluded). The argument x must be suitably cast to something that can decay (see -// remark above about how pointer arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) -#define EURYDICE_SLICE_LEN(s, _) s.len -#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) - -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) - -// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. -typedef struct -{ - uint8_t tag; - uint8_t case_Ok[]; -} -result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { - uint32_t x = htobe32(src); - memcpy(dst, &x, 4); -} - -static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) -{ - return x; -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } - -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { - *x0 = *x0 + *x1; -} - -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } - -// ITERATORS - -#define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ - ((iter_ptr)->start == (iter_ptr)->end) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ - ) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter - -typedef struct { - Eurydice_slice slice; - size_t chunk_size; -} Eurydice_chunks; - - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static -// inline function cannot receive a type as an argument. Instead, we receive the element size and -// use it to peform manual offset computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); - chunks->slice = ((Eurydice_slice) { - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size - }); - return curr_chunk; -} - -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ - .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ - .chunk_size = sz_ }) -#define core_slice_iter_Chunks Eurydice_chunks -#define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t)) })) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ - core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) - -typedef struct { - Eurydice_slice s; - size_t index; -} Eurydice_slice_iterator; - -#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) -#define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ - (((iter)->index == (iter)->s.len) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) - -// MISC - -#define core_fmt_Formatter void - - -// VECTORS - -/* For now these are passed by value -- three words. We could conceivably change - * the representation to heap-allocate this struct and only pass around the - * pointer (one word). */ -typedef struct { - void *ptr; - size_t len; /* the number of elements */ - size_t alloc_size; /* the size of the allocation, in number of BYTES */ -} Eurydice_vec_s, *Eurydice_vec; - -/* Here, we set everything to zero rather than use a non-standard GCC - * statement-expression -- this suitably initializes ptr to NULL and len and - * size to 0. */ -#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size/sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX/2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t*)v->ptr)[v->len] = x; \ - v->len++; \ - } while (0) - -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ - } while (0) - -#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] -#define EURYDICE_VEC_LEN(v, t) (v)->len - -/* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) - -#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) - -#if defined(__cplusplus) -} -#endif diff --git a/libcrux-ml-kem/c-snapshot/internal/core.h b/libcrux-ml-kem/c-snapshot/internal/core.h deleted file mode 100644 index e6217d8fd..000000000 --- a/libcrux-ml-kem/c-snapshot/internal/core.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_core_H -#define __internal_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../core.h" -#include "eurydice_glue.h" - -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); - -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - -#define CORE_NUM__U32_8__BITS (32U) - -#if defined(__cplusplus) -} -#endif - -#define __internal_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h b/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h deleted file mode 100644 index 79804a82f..000000000 --- a/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem1027.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_libcrux_mlkem1027_H -#define __internal_libcrux_mlkem1027_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/core.h" -#include "../libcrux_mlkem1027.h" -#include "eurydice_glue.h" - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem1027_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h b/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h deleted file mode 100644 index bb57a1f88..000000000 --- a/libcrux-ml-kem/c-snapshot/internal/libcrux_mlkem_vector.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __internal_libcrux_mlkem_vector_H -#define __internal_libcrux_mlkem_vector_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_mlkem_vector.h" -#include "eurydice_glue.h" - -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; - -typedef struct core_option_Option__Eurydice_slice_uint8_t_s -{ - core_option_Option__size_t_tags tag; - Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_vector_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h deleted file mode 100644 index d75aa05af..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_intrinsics_avx2.h +++ /dev/null @@ -1,334 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_intrinsics_avx2_H -#define __libcrux_intrinsics_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srai_epi16(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi16(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16( - int16_t x0, - int16_t x1, - int16_t x2, - int16_t x3, - int16_t x4, - int16_t x5, - int16_t x6, - int16_t x7, - int16_t x8, - int16_t x9, - int16_t x10, - int16_t x11, - int16_t x12, - int16_t x13, - int16_t x14, - int16_t x15 -); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mullo_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mulhi_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_sub_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_add_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_inserti128_si256( - int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m128i x2 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_blend_epi16( - int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m256i x2 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi8( - int8_t x0, - int8_t x1, - int8_t x2, - int8_t x3, - int8_t x4, - int8_t x5, - int8_t x6, - int8_t x7, - int8_t x8, - int8_t x9, - int8_t x10, - int8_t x11, - int8_t x12, - int8_t x13, - int8_t x14, - int8_t x15, - int8_t x16, - int8_t x17, - int8_t x18, - int8_t x19, - int8_t x20, - int8_t x21, - int8_t x22, - int8_t x23, - int8_t x24, - int8_t x25, - int8_t x26, - int8_t x27, - int8_t x28, - int8_t x29, - int8_t x30, - int8_t x31 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srai_epi32(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32( - int32_t x0, - int32_t x1, - int32_t x2, - int32_t x3, - int32_t x4, - int32_t x5, - int32_t x6, - int32_t x7 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi16(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_packs_epi16( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern void -libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64(int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_set_epi8( - uint8_t x0, - uint8_t x1, - uint8_t x2, - uint8_t x3, - uint8_t x4, - uint8_t x5, - uint8_t x6, - uint8_t x7, - uint8_t x8, - uint8_t x9, - uint8_t x10, - uint8_t x11, - uint8_t x12, - uint8_t x13, - uint8_t x14, - uint8_t x15 -); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8( - core_core_arch_x86___m128i x0, - core_core_arch_x86___m128i x1 -); - -extern void -libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice x0, - core_core_arch_x86___m256i x1 -); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16( - core_core_arch_x86___m256i x0, - core_core_arch_x86___m256i x1 -); - -extern void -libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice x0, core_core_arch_x86___m128i x1); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c b/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c deleted file mode 100644 index 1ab72ed56..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.c +++ /dev/null @@ -1,4223 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_ml_kem.h" - -#include "internal/libcrux_mlkem_vector.h" -#include "internal/core.h" - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -) -{ - return self[0U]; -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) -{ - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_avx2_zero(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) -{ - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i - sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - v_minus_field_modulus, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, - field_modulus); - return - libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - t = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i uu____1 = t; - core_core_arch_x86___m256i - t0 = - libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i - quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, - t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = quotient; - core_core_arch_x86___m256i - quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i - value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)2); - core_core_arch_x86___m256i - field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)4); - core_core_arch_x86___m256i - shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i - mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - shifted, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i - shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - shifted_to_positive_in_range, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - lhs, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - prod13 = - libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); - core_core_arch_x86___m256i - uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); - return - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, - -zeta3, - zeta3, - zeta3, - -zeta2, - -zeta2, - zeta2, - zeta2, - -zeta1, - -zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, - -zeta1, - -zeta1, - -zeta1, - zeta1, - zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - -zeta0, - -zeta0, - zeta0, - zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, - vector, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -) -{ - core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i uu____0 = value_low; - core_core_arch_x86___m128i - k = - libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i uu____1 = k; - core_core_arch_x86___m128i - k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i uu____0 = rhs; - core_core_arch_x86___m128i - rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i - upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients, - core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum0; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, - zeta3, - (int16_t)0, - (int16_t)0, - zeta2, - zeta2, - (int16_t)0, - (int16_t)0, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0)); - core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, - zeta1, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0)); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i uu____0 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients0, - core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) -{ - core_core_arch_x86___m256i uu____0 = v; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, - v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i - result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - result, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, - result0, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0, - (int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0); - core_core_arch_x86___m256i - lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i - lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - lhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i - lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i - lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i - rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i - rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - rhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i - rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i - rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - rhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i - left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i - right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i - right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i uu____0 = right0; - core_core_arch_x86___m256i - right1 = - libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, - (int32_t)zeta3, - -(int32_t)zeta2, - (int32_t)zeta2, - -(int32_t)zeta1, - (int32_t)zeta1, - -(int32_t)zeta0, - (int32_t)zeta0)); - core_core_arch_x86___m256i - products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i - products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); - core_core_arch_x86___m256i uu____1 = rhs; - core_core_arch_x86___m256i - rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2)); - core_core_arch_x86___m256i - products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i - products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); - core_core_arch_x86___m256i - products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - products_right0, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, - products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return - libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], - rhs[0U], - zeta0, - zeta1, - zeta2, - zeta3); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - core_core_arch_x86___m256i - lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i - high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lsb_to_msb, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = { 0U }; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) -{ - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); - core_core_arch_x86___m256i - shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U, - (int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U); - core_core_arch_x86___m256i - coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -typedef struct Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_8size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t serialized[16U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0)); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)4, - (int32_t)0)); - core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, - serialized, - uint8_t, - Eurydice_slice), - combined0); - uint8_t ret0[8U]; - Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)16U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); - core_core_arch_x86___m256i - coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients_in_msb, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____15, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -typedef struct Result__uint8_t_10size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_10size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, - adjacent_4_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_8_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined1, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - Result__uint8_t_10size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [10U], - void *); - unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) -{ - uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - core_core_arch_x86___m128i - coefficients = - libcrux_intrinsics_avx2_mm_set_epi8(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); - core_core_arch_x86___m256i - coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i - coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients_loaded, - coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_loaded0; - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)15, - (int8_t)14, - (int8_t)13, - (int8_t)12, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)9, - (int8_t)8, - (int8_t)7, - (int8_t)6, - (int8_t)7, - (int8_t)6, - (int8_t)5, - (int8_t)4, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m256i uu____16 = coefficients0; - core_core_arch_x86___m256i - coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U, - (int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, - coefficients1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -typedef struct Result__uint8_t_20size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_20size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - Result__uint8_t_20size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [20U], - void *); - unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(9U, - 8U, - 8U, - 7U, - 7U, - 6U, - 6U, - 5U, - 4U, - 3U, - 3U, - 2U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 13U, - 12U, - 12U, - 11U, - 10U, - 9U, - 9U, - 8U, - 8U, - 7U, - 7U, - 6U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, - coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) -{ - int16_t output[16U] = { 0U }; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, - output, - int16_t, - Eurydice_slice), - v); - memcpy(ret, output, (size_t)16U * sizeof (int16_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) -{ - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); - return lit; -} - -inline void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ - int16_t array[16U]; - libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector - input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - result = libcrux_ml_kem_vector_avx2_portable_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) - & (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) - & (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) - & (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -inline void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -) -{ - memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); - int16_t ret[16U]; - libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); - return - libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, - ret, - int16_t, - Eurydice_slice)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -typedef struct Result__uint8_t_24size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__uint8_t_24size_t__core_array_TryFromSliceError; - -static void -unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - Result__uint8_t_24size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [24U], - void *); - unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(11U, - 10U, - 10U, - 9U, - 8U, - 7U, - 7U, - 6U, - 5U, - 4U, - 4U, - 3U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 12U, - 11U, - 11U, - 10U, - 9U, - 8U, - 8U, - 7U, - 6U, - 5U, - 5U, - 4U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U] = - { - 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U] = - { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U] = - { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U] = - { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U] = - { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U] = - { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U] = - { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U] = - { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U] = - { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U] = - { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U] = - { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U] = - { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U] = - { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U] = - { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U] = - { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U] = - { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U] = - { - 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U] = - { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U] = - { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U] = - { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U] = - { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U] = - { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U] = - { - 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U] = - { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U] = - { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U] = - { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U] = - { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U] = - { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U] = - { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U] = - { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U] = - { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U] = - { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U] = - { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U] = - { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U] = - { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U] = - { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U] = - { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U] = - { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U] = - { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U] = - { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U] = - { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U] = - { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U] = - { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U] = - { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U] = - { - 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U] = - { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U] = - { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U] = - { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U] = - { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U] = - { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U] = - { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U] = - { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U] = - { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U] = - { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U] = - { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U] = - { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U] = - { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U] = - { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U] = - { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U] = - { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U] = - { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U] = - { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U] = - { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U] = - { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U] = - { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U] = - { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U] = - { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U] = - { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U] = - { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U] = - { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U] = - { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U] = - { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U] = - { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U] = - { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U] = - { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U] = - { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U] = - { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U] = - { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U] = - { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U] = - { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U] = - { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U] = - { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U] = - { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U] = - { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U] = - { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U] = - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U] = - { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U] = - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U] = - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U] = - { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U] = - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U] = - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U] = - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U] = - { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U] = - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U] = - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U] = - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U] = - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U] = - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U] = - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U] = - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U] = - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U] = - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U] = - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U] = - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U] = - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U] = - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U] = - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = - { - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255 - }; - -inline size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i - compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - lower_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - upper_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - potential_coefficients, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, - ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( - libcrux_ml_kem_vector_PortableVector *self -) -{ - return self[0U]; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_zero(); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_from_i16_array(array); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - return libcrux_ml_kem_vector_add(lhs, rhs); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - return libcrux_ml_kem_vector_sub(lhs, rhs); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_multiply_by_constant(v, c); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_cond_subtract_3329(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_barrett_reduce(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t r -) -{ - return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress_1(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_1(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_4(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_5(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_10(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_11(a); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_deserialize_12(a); -} - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return libcrux_ml_kem_vector_rej_sample(a, out); -} - -const -int16_t -libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, - (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, - (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, - (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, - (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, - (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, - (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, - (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, - (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, - (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, - (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, - (int16_t)1522, (int16_t)1628 - }; - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -) -{ - return self[0U]; -} - diff --git a/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h b/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h deleted file mode 100644 index cd701d66b..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_ml_kem.h +++ /dev/null @@ -1,1649 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_ml_kem_H -#define __libcrux_ml_kem_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_intrinsics_avx2.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) - -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -); - -typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_avx2_portable_PortableVector; - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); - -void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -); - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE0[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE1[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE2[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE3[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE4[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE5[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE6[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE7[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE8[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE9[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE10[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE11[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE12[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE13[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE14[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE15[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE16[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE17[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE18[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE19[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE20[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE21[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE22[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE23[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE24[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE25[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE26[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE27[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE28[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE29[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE30[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE31[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE32[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE33[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE34[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE35[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE36[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE37[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE38[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE39[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE40[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE41[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE42[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE43[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE44[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE45[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE46[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE47[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE48[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE49[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE50[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE51[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE52[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE53[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE54[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE55[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE56[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE57[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE58[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE59[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE60[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE61[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE62[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE63[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE64[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE65[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE66[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE67[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE68[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE69[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE70[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE71[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE72[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE73[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE74[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE75[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE76[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE77[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE78[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE79[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE80[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE81[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE82[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE83[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE84[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE85[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE86[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE87[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE88[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE89[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE90[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE91[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE92[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE93[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE94[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE95[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE96[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE97[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE98[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE99[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE100[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE101[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE102[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE103[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE104[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE105[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE106[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE107[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE108[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE109[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE110[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE111[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE112[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE113[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE114[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE115[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE116[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE117[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE118[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE119[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE120[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE121[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE122[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE123[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE124[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE125[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE126[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE127[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE128[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE129[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE130[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE131[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE132[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE133[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE134[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE135[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE136[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE137[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE138[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE139[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE140[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE141[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE142[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE143[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE144[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE145[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE146[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE147[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE148[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE149[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE150[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE151[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE152[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE153[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE154[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE155[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE156[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE157[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE158[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE159[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE160[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE161[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE162[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE163[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE164[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE165[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE166[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE167[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE168[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE169[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE170[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE171[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE172[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE173[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE174[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE175[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE176[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE177[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE178[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE179[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE180[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE181[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE182[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE183[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE184[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE185[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE186[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE187[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE188[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE189[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE190[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE191[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE192[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE193[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE194[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE195[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE196[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE197[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE198[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE199[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE200[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE201[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE202[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE203[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE204[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE205[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE206[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE207[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE208[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE209[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE210[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE211[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE212[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE213[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE214[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE215[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE216[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE217[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE218[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE219[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE220[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE221[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE222[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE223[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE224[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE225[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE226[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE227[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE228[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE229[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE230[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE231[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE232[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE233[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE234[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE235[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE236[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE237[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE238[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE239[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE240[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE241[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE242[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE243[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE244[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE245[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE246[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE247[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE248[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE249[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE250[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE251[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE252[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE253[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE254[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE255[16U]; - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; - -size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -); - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___core__clone__Clone_for_libcrux_ml_kem__vector__PortableVector__1__clone( - libcrux_ml_kem_vector_PortableVector *self -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO( - void -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array( - Eurydice_slice array -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t r -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -); - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); - -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_ml_kem_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c deleted file mode 100644 index f19524ef4..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.c +++ /dev/null @@ -1,7430 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/libcrux_mlkem1027.h" - -#include "internal/core.h" -#include "libcrux_hacl_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( - void -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a -) -{ - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); - core_core_arch_x86___m256i - fm = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &fm); -} - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_shift_right___15int32_t(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -) -{ - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t(a); - libcrux_ml_kem_vector_PortableVector - fm = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &fm); -} - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if - (libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - state = - libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)4U, - uu____0, - libcrux_sha3_avx2_x4_incremental_KeccakState4); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -) -{ - uint8_t ret0[4U][504U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, - (size_t)4U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -) -{ - uint8_t ret0[4U][168U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, - (size_t)4U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice a -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] - )); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) -{ - uint8_t out[34U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) -{ - uint8_t out[33U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t ret0[4U][128U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)4U, input, ret0, void *); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [128U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - fer); -} - -inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, - zeta_r); - b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &t); - return - ( - (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer, - size_t _initial_coefficient_bound -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -) -{ - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - libcrux_sha3_portable_KeccakState1 state[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[4U]; - memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; - memcpy(lit.shake128_state, uu____1, (size_t)4U * sizeof (libcrux_sha3_portable_KeccakState1)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)4U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[4U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, - fer); -} - -inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, - zeta_r); - b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, - &t); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &t); - return - ( - (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[4U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1536U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -) -{ - return self->value; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -inline K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - a_minus_b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &b)); - b = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, - zeta_r); - return - ( - (K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), - (int16_t)1665); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - tmp = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - core_core_arch_x86___m256i - tmp0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &tmp); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficients = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -inline K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, - &a); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &b)); - b = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, - zeta_r); - return - ( - (K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___bitwise_and_with_constant(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ZERO(), - &v), - (int16_t)1665); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)10, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___10int32_t(v); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)11, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___11int32_t(v); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)4, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___4int32_t(v); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)5, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_compress___5int32_t(v); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficients = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, - result); - return result; -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) -{ - uint8_t out[1600U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); - decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t(v); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); - decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t(v); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -inline void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); - decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t(v); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); - decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t(v); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h deleted file mode 100644 index c7610d578..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem1027.h +++ /dev/null @@ -1,1518 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem1027_H -#define __libcrux_mlkem1027_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_platform.h" -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_ctops.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_ml_kem.h" -#include "libcrux_intrinsics_avx2.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ core_core_arch_x86___m256i coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector( - void -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[384U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s -{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___shift_right___15int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], - uint8_t ret[1536U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemPublicKey____1568size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice a -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, - int16_t fer -); - -typedef struct -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; - -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self -); - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s -{ - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} -K___uint8_t_1536size_t__uint8_t_1568size_t_; - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -); - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s -{ libcrux_sha3_portable_KeccakState1 shake128_state[4U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -); - -typedef struct K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s -{ - libcrux_ml_kem_vector_PortableVector fst; - libcrux_ml_kem_vector_PortableVector snd; -} -K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; - -K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ntt_ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -); - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -K___uint8_t_1536size_t__uint8_t_1568size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t _layer -); - -K___libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -); - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemCiphertext____1568size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -K___libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___10int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___11int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], - Eurydice_slice out -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___4int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress___5int32_t(libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - size_t _ -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - size_t _ -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_4size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1027_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c deleted file mode 100644 index e61287cb2..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.c +++ /dev/null @@ -1,4005 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_mlkem512.h" - -#include "internal/libcrux_mlkem1027.h" -#include "libcrux_hacl_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - state = - libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)2U, - uu____0, - libcrux_sha3_avx2_x4_incremental_KeccakState4); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -) -{ - uint8_t ret0[2U][504U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, - (size_t)2U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -) -{ - uint8_t ret0[2U][168U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, - (size_t)2U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t ret0[2U][192U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)192U, (size_t)2U, input, ret0, void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [192U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); - return uu____0; -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -) -{ - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - libcrux_sha3_portable_KeccakState1 state[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[2U]; - memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; - memcpy(lit.shake128_state, uu____1, (size_t)2U * sizeof (libcrux_sha3_portable_KeccakState1)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)2U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[2U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)192U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); - return uu____0; -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[2U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[768U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -) -{ - return self->value; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t ret0[2U][128U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)2U, input, ret0, void *); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) -{ - uint8_t out[800U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -) -{ - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h deleted file mode 100644 index 5e7cba29c..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem512.h +++ /dev/null @@ -1,805 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem512_H -#define __libcrux_mlkem512_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_platform.h" -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_ctops.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_mlkem768.h" -#include "libcrux_mlkem1027.h" -#include "libcrux_ml_kem.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], - uint8_t ret[768U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } -libcrux_ml_kem_types_MlKemPublicKey____800size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s -{ - uint8_t fst[768U]; - uint8_t snd[800U]; -} -K___uint8_t_768size_t__uint8_t_800size_t_; - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -); - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s -{ libcrux_sha3_portable_KeccakState1 shake128_state[2U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -K___uint8_t_768size_t__uint8_t_800size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -); - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } -libcrux_ml_kem_types_MlKemCiphertext____768size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_2size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c deleted file mode 100644 index 46e008c13..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.c +++ /dev/null @@ -1,4265 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_mlkem768.h" - -#include "internal/libcrux_mlkem1027.h" -#include "libcrux_hacl_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if - (libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - state = - libcrux_sha3_avx2_x4_incremental_shake128_absorb_finalxN((size_t)3U, - uu____0, - libcrux_sha3_avx2_x4_incremental_KeccakState4); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -) -{ - uint8_t ret0[3U][504U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze3xN((size_t)504U, - (size_t)3U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -) -{ - uint8_t ret0[3U][168U]; - libcrux_sha3_avx2_x4_incremental_shake128_squeezexN((size_t)168U, - (size_t)3U, - self, - ret0, - void *); - memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t ret0[3U][128U]; - libcrux_sha3_avx2_x4_shake256xN((size_t)128U, (size_t)3U, input, ret0, void *); - memcpy(ret, ret0, (size_t)3U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -) -{ - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _j -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - libcrux_sha3_portable_KeccakState1 state[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } - libcrux_sha3_portable_KeccakState1 uu____1[3U]; - memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; - memcpy(lit.shake128_state, uu____1, (size_t)3U * sizeof (libcrux_sha3_portable_KeccakState1)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_sha3_portable_KeccakState1 *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -inline bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -inline void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*uu____4)(int16_t x0[272U]) = - libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - for (size_t i_array_map = (size_t)0U; i_array_map < (size_t)3U; i_array_map++) - { - uu____5[i_array_map] = uu____4(uu____3[i_array_map]); - } - memcpy(ret, - uu____5, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(i, - A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = out[i0]; - libcrux_sha3_portable_shake256((size_t)128U, - uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice), - void *); - } - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -inline void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy(error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -) -{ - return self->value; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)128U, digest, input, void *); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, - out); -} - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; - libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) -{ - uint8_t out[1120U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); - } - return libcrux_ml_kem_constant_time_ops_is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _ -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256((size_t)32U, digest, input, void *); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - } - else - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h deleted file mode 100644 index 7ca71a018..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem768.h +++ /dev/null @@ -1,860 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem768_H -#define __libcrux_mlkem768_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_platform.h" -#include "libcrux_mlkem_vector.h" -#include "libcrux_mlkem_ctops.h" -#include "libcrux_mlkem_constants.h" -#include "libcrux_mlkem1027.h" -#include "libcrux_ml_kem.h" -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], - uint8_t ret[1152U] -); - -void -libcrux_ml_kem_ind_cpa_serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } -libcrux_ml_kem_types_MlKemPublicKey____1184size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s -{ - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -); - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -); - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _j -); - -void -libcrux_ml_kem_matrix_sample_matrix_A_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - size_t _i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s -{ libcrux_sha3_portable_KeccakState1 shake128_state[3U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -); - -bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_xof_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - int16_t s[272U] -); - -void -libcrux_ml_kem_sampling_sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -void -libcrux_ml_kem_matrix_sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - size_t _i -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_As_plus_e_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_matrix_compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -K___uint8_t_1152size_t__uint8_t_1184size_t_ -libcrux_ml_kem_ind_cpa_generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -); - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } -libcrux_ml_kem_types_MlKemCiphertext____1088size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - size_t _i -); - -void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - size_t _i -); - -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_vector_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _i -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_matrix_compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_ind_cpa_compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_ind_cpa_encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - size_t _ -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure__libcrux_ml_kem_vector_PortableVector_3size_t( - size_t _ -); - -void -libcrux_ml_kem_ind_cpa_deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_matrix_compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -); - -void -libcrux_ml_kem_ind_cpa_decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h deleted file mode 100644 index 8ca89d66c..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_constants.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_constants_H -#define __libcrux_mlkem_constants_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_CONSTANTS__FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_constants_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c deleted file mode 100644 index 997f534fd..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "libcrux_mlkem_ctops.h" - -#include "internal/core.h" - -uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) -{ - uint16_t value0 = (uint16_t)value; - uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; - return (uint8_t)result; -} - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -) -{ - uint8_t - mask = core_num__u8_6__wrapping_sub(libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); - uint8_t out[32U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) - { - size_t i0 = i; - uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); - out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); - } - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h deleted file mode 100644 index 309c331ad..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_ctops.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_ctops_H -#define __libcrux_mlkem_ctops_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_mlkem_constants.h" -#include "core.h" -#include "eurydice_glue.h" - -uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value); - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_ctops_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h deleted file mode 100644 index d4f207ec8..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_sha3_H -#define __libcrux_mlkem_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s -{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } -libcrux_ml_kem_hash_functions_neon_Simd128Hash; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h deleted file mode 100644 index c6e3cdb02..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_sha3_avx2.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_sha3_avx2_H -#define __libcrux_mlkem_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c deleted file mode 100644 index bd9851398..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.c +++ /dev/null @@ -1,1365 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#include "internal/libcrux_mlkem_vector.h" - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void) -{ - libcrux_ml_kem_vector_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -typedef struct Result__int16_t_16size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; - union { - int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; - } - val; -} -Result__int16_t_16size_t__core_array_TryFromSliceError; - -static void -unwrap__int16_t_16size_t__core_array_TryFromSliceError( - Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -) -{ - if (self.tag == core_result_Ok) - { - int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) -{ - libcrux_ml_kem_vector_PortableVector lit; - int16_t ret[16U]; - Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - int16_t [16U], - void *); - unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); - return lit; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) - { - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; - } - } - return v; -} - -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) -{ - int32_t - t = - (int32_t)value - * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER - + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); - int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) -{ - int32_t - k = - (int32_t)(int16_t)value - * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t - k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); - int16_t value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); - return value_high - c; -} - -inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) -{ - return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * (int32_t)fer); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); - v.elements[i0] = uu____0; - } - return v; -} - -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) -{ - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient((uint16_t)v.elements[i0]); - v.elements[i0] = (int16_t)uu____0; - } - return v; -} - -inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value) -{ - return value & ((1U << (uint32_t)n) - 1U); -} - -int16_t -libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) -{ - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return - (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits(coefficient_bits, - (uint32_t)compressed); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); - v.elements[2U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); - v.elements[3U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); - v.elements[6U] = v.elements[4U] - t1; - v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); - v.elements[7U] = v.elements[5U] - t2; - v.elements[5U] = v.elements[5U] + t2; - int16_t - t3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], - zeta2); - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], - zeta2); - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], - zeta3); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t - t6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], - zeta3); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); - v.elements[4U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); - v.elements[5U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); - v.elements[6U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); - v.elements[7U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t - t3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], - zeta1); - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], - zeta1); - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], - zeta1); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t - t6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], - zeta1); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); - v.elements[8U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); - v.elements[9U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[10U], zeta); - v.elements[10U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[11U], zeta); - v.elements[11U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[12U], zeta); - v.elements[12U] = v.elements[4U] - t3; - v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[13U], zeta); - v.elements[13U] = v.elements[5U] - t4; - v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[14U], zeta); - v.elements[14U] = v.elements[6U] - t5; - v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[15U], zeta); - v.elements[15U] = v.elements[7U] - t6; - v.elements[7U] = v.elements[7U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t - uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[0U] + v.elements[2U]); - v.elements[0U] = uu____0; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[2U] = uu____1; - int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t - uu____2 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[1U] + v.elements[3U]); - v.elements[1U] = uu____2; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[3U] = uu____3; - int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t - uu____4 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[4U] + v.elements[6U]); - v.elements[4U] = uu____4; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); - v.elements[6U] = uu____5; - int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t - uu____6 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[5U] + v.elements[7U]); - v.elements[5U] = uu____6; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); - v.elements[7U] = uu____7; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t - uu____8 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)2U]); - v.elements[(size_t)8U + (size_t)0U] = uu____8; - int16_t uu____9 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); - v.elements[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t - uu____10 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)3U]); - v.elements[(size_t)8U + (size_t)1U] = uu____10; - int16_t uu____11 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); - v.elements[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t - uu____12 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)4U] - + v.elements[(size_t)8U + (size_t)6U]); - v.elements[(size_t)8U + (size_t)4U] = uu____12; - int16_t uu____13 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); - v.elements[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t - uu____14 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)5U] - + v.elements[(size_t)8U + (size_t)7U]); - v.elements[(size_t)8U + (size_t)5U] = uu____14; - int16_t uu____15 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); - v.elements[(size_t)8U + (size_t)7U] = uu____15; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -) -{ - int16_t a_minus_b = v.elements[4U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[4U]; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[4U] = uu____0; - int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[5U]; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[5U] = uu____1; - int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[6U]; - int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); - v.elements[6U] = uu____2; - int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[7U]; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); - v.elements[7U] = uu____3; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; - v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); - v.elements[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; - v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); - v.elements[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; - v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U - + (size_t)2U] - + v.elements[(size_t)8U + (size_t)6U]; - int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); - v.elements[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; - v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U - + (size_t)3U] - + v.elements[(size_t)8U + (size_t)7U]; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); - v.elements[(size_t)8U + (size_t)7U] = uu____7; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta -) -{ - int16_t a_minus_b = v.elements[8U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[8U]; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); - v.elements[8U] = uu____0; - int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[9U]; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); - v.elements[9U] = uu____1; - int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[10U]; - int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); - v.elements[10U] = uu____2; - int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[11U]; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); - v.elements[11U] = uu____3; - int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; - v.elements[4U] = v.elements[4U] + v.elements[12U]; - int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); - v.elements[12U] = uu____4; - int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; - v.elements[5U] = v.elements[5U] + v.elements[13U]; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); - v.elements[13U] = uu____5; - int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; - v.elements[6U] = v.elements[6U] + v.elements[14U]; - int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); - v.elements[14U] = uu____6; - int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; - v.elements[7U] = v.elements[7U] + v.elements[15U]; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); - v.elements[15U] = uu____7; - return v; -} - -inline K___int16_t_int16_t -libcrux_ml_kem_vector_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -) -{ - int16_t a0 = _.fst; - int16_t a1 = _.snd; - int16_t b0 = _0.fst; - int16_t b1 = _0.snd; - int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t - uu____1 = - libcrux_ml_kem_vector_montgomery_reduce_element(uu____0 - + - (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a1 * (int32_t)b1) - * (int32_t)zeta); - return - ( - (K___int16_t_int16_t){ - .fst = uu____1, - .snd = libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a0 - * (int32_t)b1 - + (int32_t)a1 * (int32_t)b0) - } - ); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - libcrux_ml_kem_vector_PortableVector out = libcrux_ml_kem_vector_zero(); - K___int16_t_int16_t lit0; - lit0.fst = lhs->elements[0U]; - lit0.snd = lhs->elements[1U]; - K___int16_t_int16_t lit1; - lit1.fst = rhs->elements[0U]; - lit1.snd = rhs->elements[1U]; - K___int16_t_int16_t product = libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); - out.elements[0U] = product.fst; - out.elements[1U] = product.snd; - K___int16_t_int16_t lit2; - lit2.fst = lhs->elements[2U]; - lit2.snd = lhs->elements[3U]; - K___int16_t_int16_t lit3; - lit3.fst = rhs->elements[2U]; - lit3.snd = rhs->elements[3U]; - K___int16_t_int16_t - product0 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); - out.elements[2U] = product0.fst; - out.elements[3U] = product0.snd; - K___int16_t_int16_t lit4; - lit4.fst = lhs->elements[4U]; - lit4.snd = lhs->elements[5U]; - K___int16_t_int16_t lit5; - lit5.fst = rhs->elements[4U]; - lit5.snd = rhs->elements[5U]; - K___int16_t_int16_t product1 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); - out.elements[4U] = product1.fst; - out.elements[5U] = product1.snd; - K___int16_t_int16_t lit6; - lit6.fst = lhs->elements[6U]; - lit6.snd = lhs->elements[7U]; - K___int16_t_int16_t lit7; - lit7.fst = rhs->elements[6U]; - lit7.snd = rhs->elements[7U]; - K___int16_t_int16_t - product2 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); - out.elements[6U] = product2.fst; - out.elements[7U] = product2.snd; - K___int16_t_int16_t lit8; - lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; - lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; - K___int16_t_int16_t lit9; - lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; - lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; - K___int16_t_int16_t product3 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); - out.elements[(size_t)8U + (size_t)0U] = product3.fst; - out.elements[(size_t)8U + (size_t)1U] = product3.snd; - K___int16_t_int16_t lit10; - lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; - lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; - K___int16_t_int16_t lit11; - lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; - lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; - K___int16_t_int16_t - product4 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); - out.elements[(size_t)8U + (size_t)2U] = product4.fst; - out.elements[(size_t)8U + (size_t)3U] = product4.snd; - K___int16_t_int16_t lit12; - lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; - lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; - K___int16_t_int16_t lit13; - lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; - lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; - K___int16_t_int16_t - product5 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); - out.elements[(size_t)8U + (size_t)4U] = product5.fst; - out.elements[(size_t)8U + (size_t)5U] = product5.snd; - K___int16_t_int16_t lit14; - lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; - lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; - K___int16_t_int16_t lit; - lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; - lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; - K___int16_t_int16_t - product6 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); - out.elements[(size_t)8U + (size_t)6U] = product6.fst; - out.elements[(size_t)8U + (size_t)7U] = product6.snd; - return out; -} - -void libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) -{ - uint8_t result[2U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) - { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) -{ - libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { - size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); - } - for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); - } - return result; -} - -void libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) -{ - uint8_t result[8U] = { 0U }; - result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; - result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; - result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; - result[4U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[5U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; - result[6U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; - result[7U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); - return v; -} - -void -libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) -{ - uint8_t result[10U] = { 0U }; - result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); - result[1U] = - (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); - result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); - result[3U] = - (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); - result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); - result[5U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) - << 5U - | v.elements[(size_t)8U + (size_t)0U]); - result[6U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) - << 7U - | v.elements[(size_t)8U + (size_t)2U] << 2U) - | v.elements[(size_t)8U + (size_t)1U] >> 3U); - result[7U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | v.elements[(size_t)8U + (size_t)3U] >> 1U); - result[8U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) - << 6U - | v.elements[(size_t)8U + (size_t)5U] << 1U) - | v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)7U] - << 3U - | v.elements[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector v = libcrux_ml_kem_vector_zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t - uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t - uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t - uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t - uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t - uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) - << 3U; - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t - uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) - << 1U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t - uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) - << 4U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t - uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) - << 2U; - uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); - return v; -} - -void -libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) -{ - uint8_t result[20U] = { 0U }; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); - result[3U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); - result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); - result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); - result[7U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); - result[8U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); - result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); - result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[11U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); - result[18U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); - result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t - uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t - uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t - uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t - uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); - result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)15) - << 6U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); - result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) - & (int16_t)63) - << 4U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); - result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t - uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) - << 2U; - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); - result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t - uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); - result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t - uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) - & (int16_t)15) - << 6U; - uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); - result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t - uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) - & (int16_t)63) - << 4U; - uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); - result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t - uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) - << 2U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); - result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; - return result; -} - -void -libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_vector_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) - & (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) - & (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) - & (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) - & (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -void -libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) -{ - uint8_t result[24U] = { 0U }; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); - result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); - result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); - result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); - result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); - result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); - result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); - result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); - result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); - result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); - result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[13U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)0U] - >> 8U - | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); - result[16U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)2U] - >> 8U - | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[19U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)4U] - >> 8U - | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); - result[22U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)6U] - >> 8U - | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector re = libcrux_ml_kem_vector_zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); - int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); - re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); - re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); - re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); - re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); - re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); - re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); - int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); - int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); - int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); - int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); - int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); - int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); - int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); - int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); - int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); - int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); - int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); - re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); - re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); - re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); - re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); - re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); - re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); - re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); - re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); - return re; -} - -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - diff --git a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h b/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h deleted file mode 100644 index 6501762e8..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_mlkem_vector.h +++ /dev/null @@ -1,198 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_mlkem_vector_H -#define __libcrux_mlkem_vector_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) - -typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_PortableVector; - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_zero(void); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v); - -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) - -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_PortableVector v); - -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) - -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); - -int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_PortableVector v); - -uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value); - -int16_t -libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta -); - -typedef struct K___int16_t_int16_t_s -{ - int16_t fst; - int16_t snd; -} -K___int16_t_int16_t; - -K___int16_t_int16_t -libcrux_ml_kem_vector_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector_serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]); - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); - -void -libcrux_ml_kem_vector_serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]); - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]); - -libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result); - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_vector_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_platform.h b/libcrux-ml-kem/c-snapshot/libcrux_platform.h deleted file mode 100644 index d1481c77f..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_platform.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_platform_H -#define __libcrux_platform_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern bool libcrux_platform_platform_simd256_support(void); - -extern bool libcrux_platform_platform_simd128_support(void); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_platform_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-snapshot/libcrux_sha3.h b/libcrux-ml-kem/c-snapshot/libcrux_sha3.h deleted file mode 100644 index 25a35dcc5..000000000 --- a/libcrux-ml-kem/c-snapshot/libcrux_sha3.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_sha3_H -#define __libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern void libcrux_sha3_portable_sha512(Eurydice_slice x0, Eurydice_slice x1); - -extern void libcrux_sha3_portable_sha256(Eurydice_slice x0, Eurydice_slice x1); - -#define libcrux_sha3_portable_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_portable_shake256_(x_0, x_1, x_2) - -extern void libcrux_sha3_portable_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); - -extern libcrux_sha3_portable_KeccakState1 -libcrux_sha3_portable_incremental_shake128_init(void); - -extern void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_portable_KeccakState1 *x0, - Eurydice_slice x1 -); - -extern void libcrux_sha3_neon_sha512(Eurydice_slice x0, Eurydice_slice x1); - -extern void libcrux_sha3_neon_sha256(Eurydice_slice x0, Eurydice_slice x1); - -#define libcrux_sha3_neon_shake256(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_shake256_(x_0, x_1, x_2) - -extern void libcrux_sha3_neon_shake256_(size_t x0, uint8_t *x1, Eurydice_slice x2); - -#define libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN(x_0, x_1, x_2, _ret_t) libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_(x_0, x_1, x_2) - -extern void -libcrux_sha3_neon_x2_incremental_shake128_absorb_finalxN_( - size_t x0, - uint8_t (*x1)[34U], - libcrux_sha3_neon_x2_incremental_KeccakState2 x2[2U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 4aad02b87..79ceb6d80 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -54,13 +54,13 @@ echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . -if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then - # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h - cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ - cp *.h $HACL_PACKAGES_HOME/libcrux/include - cp *.c $HACL_PACKAGES_HOME/libcrux/src -elif [[ "$no_hacl" = 0 ]]; then - echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 -else - echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 -fi +# if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then +# # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h +# cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ +# cp *.h $HACL_PACKAGES_HOME/libcrux/include +# cp *.c $HACL_PACKAGES_HOME/libcrux/src +# elif [[ "$no_hacl" = 0 ]]; then +# echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 +# else +# echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 +# fi diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index de45adfbc..d8637c9fd 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -38,18 +38,17 @@ if(${CMAKE_SYSTEM_NAME} MATCHES Linux) ) endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) -add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) add_library(ml_kem SHARED ${SOURCES}) add_library(ml_kem_static STATIC ${SOURCES}) +# if(LIBCRUX_VEC256) +add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) target_compile_options(ml_kem_vec256 PRIVATE -mavx -mavx2 ) - -# if(LIBCRUX_VEC256) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) # endif() # --- Tests @@ -73,10 +72,19 @@ DOWNLOAD_EXTRACT_TIMESTAMP TRUE FetchContent_MakeAvailable(json) add_executable(ml_kem_test - ${PROJECT_SOURCE_DIR}/tests/sha3.cc + ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc ) target_link_libraries(ml_kem_test PRIVATE ml_kem_static gtest_main nlohmann_json::nlohmann_json ) + +add_executable(sha3_test + ${PROJECT_SOURCE_DIR}/tests/sha3.cc +) +target_link_libraries(sha3_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ca9ed855d..38bc4b61d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index ace6f4826..c55b42414 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e8b09e5d2..a14c89370 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 63287b074..20ed6dc8e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index df53862c5..bef34d858 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 94ce0e0ee..7b036c030 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 1da67faee..2648231bb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c9e81b182..4e87e6e50 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 4cfaa1d44..62de61fcf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index bd94fd3ba..e2f899447 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index afe614bf9..727229b29 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index acbdfe9c5..c690fac1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 88537acc3..7b83b0c41 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 57d80532e..3c0acc20a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 3eff076f1..738415194 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h index 0e60b7cb9..f37ea0da5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 420eb1380..3387ac459 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 5714d1fc4..7a5a3333c 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index a64f83394..326874ca2 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index e791132ba..2805f7efd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ddbcffd6a..4392fd6a3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e74c8cc33..1c51402d2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2c199c687..abdb2d976 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a7da9d0a6..8bf3b70d0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 072fe23f2..8ba9e4dda 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc new file mode 100644 index 000000000..382e2a5c9 --- /dev/null +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -0,0 +1,302 @@ +/* + * Copyright 2023 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include +#include +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" +// #include "util.h" + +using namespace std; + +typedef vector bytes; + +vector +from_hex(const string &hex) +{ + if (hex.length() % 2 == 1) + { + throw invalid_argument("Odd-length hex string"); + } + + int len = static_cast(hex.length()) / 2; + vector out(len); + for (int i = 0; i < len; i += 1) + { + string byte = hex.substr(2 * i, 2); + out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); + } + + return out; +} + +string +bytes_to_hex(const vector &data) +{ + stringstream hex(ios_base::out); + hex.flags(ios::hex); + for (const auto &byte : data) + { + hex << setw(2) << setfill('0') << int(byte); + } + return hex.str(); +} + +class KAT +{ +public: + bytes key_generation_seed; + bytes sha3_256_hash_of_public_key; + bytes sha3_256_hash_of_secret_key; + bytes encapsulation_seed; + bytes sha3_256_hash_of_ciphertext; + bytes shared_secret; +}; + +vector +read_kats(string path) +{ + ifstream kat_file(path); + nlohmann::json kats_raw; + kat_file >> kats_raw; + + vector kats; + + // Read test group + for (auto &kat_raw : kats_raw.items()) + { + auto kat_raw_value = kat_raw.value(); + + kats.push_back(KAT{ + .key_generation_seed = from_hex(kat_raw_value["key_generation_seed"]), + .sha3_256_hash_of_public_key = + from_hex(kat_raw_value["sha3_256_hash_of_public_key"]), + .sha3_256_hash_of_secret_key = + from_hex(kat_raw_value["sha3_256_hash_of_secret_key"]), + .encapsulation_seed = from_hex(kat_raw_value["encapsulation_seed"]), + .sha3_256_hash_of_ciphertext = + from_hex(kat_raw_value["sha3_256_hash_of_ciphertext"]), + .shared_secret = from_hex(kat_raw_value["shared_secret"]), + }); + } + + return kats; +} + +// void +// modify_ciphertext(uint8_t* ciphertext, size_t ciphertext_size) +// { +// uint8_t randomness[3]; +// generate_random(randomness, 3); + +// uint8_t random_byte = randomness[0]; +// if (random_byte == 0) { +// random_byte += 1; +// } + +// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; + +// uint16_t random_position = random_u16 % ciphertext_size; + +// ciphertext[random_position] ^= random_byte; +// } + +// void +// modify_secret_key(uint8_t* secret_key, +// size_t secret_key_size, +// bool modify_implicit_rejection_value) +// { +// uint8_t randomness[3]; +// generate_random(randomness, 3); + +// uint8_t random_byte = randomness[0]; +// if (random_byte == 0) { +// random_byte += 1; +// } + +// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; + +// uint16_t random_position = 0; + +// if (modify_implicit_rejection_value == true) { +// random_position = (secret_key_size - 32) + (random_u16 % 32); +// } else { +// random_position = random_u16 % (secret_key_size - 32); +// } + +// secret_key[random_position] ^= random_byte; +// } + +// uint8_t* +// compute_implicit_rejection_shared_secret(uint8_t* ciphertext, +// size_t ciphertext_size, +// uint8_t* secret_key, +// size_t secret_key_size) +// { +// uint8_t* hashInput = new uint8_t[32 + ciphertext_size]; +// uint8_t* sharedSecret = new uint8_t[32]; + +// std::copy(secret_key + (secret_key_size - 32), +// secret_key + secret_key_size, +// hashInput); +// std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); + +// Hacl_Hash_SHA3_shake256_hacl( +// 32 + ciphertext_size, hashInput, 32, sharedSecret); + +// delete[] hashInput; +// return sharedSecret; +// } + +TEST(MlKem768Test, ConsistencyTest) +{ + uint8_t randomness[64]; + for (int i = 0; i < 64; i++) + randomness[i] = 13; + // generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + // printf("pk: "); + // print_hex_ln(1184, key_pair.pk.value); + // printf("sk: "); + // print_hex_ln(2400, key_pair.sk.value); + + // generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + // printf("ctxt: "); + // print_hex_ln(1088U, ctxt.fst.value); + // printf("secret: "); + // print_hex_ln(32, ctxt.snd); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + // printf("secret2: "); + // print_hex_ln(32, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + +// TEST(Kyber768Test, ModifiedCiphertextTest) +// { +// uint8_t randomness[64]; +// generate_random(randomness, 64); +// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + +// generate_random(randomness, 32); +// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + +// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; +// modify_ciphertext(ctxt.fst.value, +// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); +// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + +// EXPECT_NE(0, +// memcmp(ctxt.snd, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + +// uint8_t* implicitRejectionSharedSecret = +// compute_implicit_rejection_shared_secret( +// ctxt.fst.value, +// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, +// key_pair.sk.value, +// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); + +// EXPECT_EQ(0, +// memcmp(implicitRejectionSharedSecret, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +// delete[] implicitRejectionSharedSecret; +// } + +// TEST(Kyber768Test, ModifiedSecretKeyTest) +// { +// uint8_t randomness[64]; +// generate_random(randomness, 64); +// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + +// generate_random(randomness, 32); +// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + +// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; +// modify_secret_key( +// key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); +// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + +// EXPECT_NE(0, +// memcmp(ctxt.snd, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + +// modify_secret_key( +// ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); +// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + +// uint8_t* implicitRejectionSharedSecret = +// compute_implicit_rejection_shared_secret( +// ctxt.fst.value, +// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, +// key_pair.sk.value, +// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); +// EXPECT_EQ(0, +// memcmp(implicitRejectionSharedSecret, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +// delete[] implicitRejectionSharedSecret; +// } + +TEST(MlKem768Test, NISTKnownAnswerTest) +{ + // XXX: This should be done in a portable way. + auto kats = read_kats("tests/mlkem768_nistkats.json"); + + for (auto kat : kats) + { + auto key_pair = + libcrux_ml_kem_mlkem768_generate_key_pair(kat.key_generation_seed.data()); + uint8_t pk_hash[32]; + libcrux_sha3_sha256( + EURYDICE_SLICE(key_pair.pk.value, 0, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), + pk_hash); + EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); + uint8_t sk_hash[32]; + libcrux_sha3_sha256( + EURYDICE_SLICE(key_pair.sk.value, 0, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); + EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); + + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate( + &key_pair.pk, kat.encapsulation_seed.data()); + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + EURYDICE_SLICE(ctxt.fst.value, 0, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + // FIXME: REMOVE AGAIN + break; + } +} diff --git a/libcrux-ml-kem/c/tests/mlkem768_nistkats.json b/libcrux-ml-kem/c/tests/mlkem768_nistkats.json new file mode 100644 index 000000000..6a819f80d --- /dev/null +++ b/libcrux-ml-kem/c/tests/mlkem768_nistkats.json @@ -0,0 +1,802 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", + "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", + "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", + "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", + "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", + "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" + }, + { + "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", + "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", + "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", + "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", + "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", + "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", + "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", + "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", + "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", + "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", + "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" + }, + { + "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", + "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", + "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", + "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", + "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", + "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" + }, + { + "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", + "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", + "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", + "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", + "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", + "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" + }, + { + "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", + "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", + "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", + "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", + "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", + "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" + }, + { + "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", + "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", + "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", + "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", + "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", + "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" + }, + { + "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", + "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", + "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", + "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", + "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", + "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" + }, + { + "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", + "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", + "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", + "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", + "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", + "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" + }, + { + "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", + "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", + "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", + "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", + "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", + "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" + }, + { + "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", + "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", + "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", + "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", + "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", + "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" + }, + { + "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", + "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", + "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", + "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", + "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", + "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" + }, + { + "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", + "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", + "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", + "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", + "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", + "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" + }, + { + "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", + "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", + "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", + "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", + "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", + "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" + }, + { + "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", + "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", + "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", + "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", + "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", + "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" + }, + { + "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", + "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", + "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", + "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", + "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", + "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" + }, + { + "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", + "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", + "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", + "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", + "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", + "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" + }, + { + "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", + "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", + "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", + "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", + "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", + "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" + }, + { + "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", + "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", + "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", + "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", + "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", + "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" + }, + { + "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", + "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", + "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", + "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", + "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", + "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" + }, + { + "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", + "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", + "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", + "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", + "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", + "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" + }, + { + "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", + "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", + "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", + "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", + "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", + "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" + }, + { + "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", + "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", + "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", + "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", + "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", + "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" + }, + { + "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", + "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", + "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", + "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", + "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", + "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" + }, + { + "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", + "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", + "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", + "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", + "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", + "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" + }, + { + "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", + "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", + "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", + "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", + "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", + "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" + }, + { + "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", + "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", + "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", + "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", + "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", + "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" + }, + { + "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", + "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", + "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", + "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", + "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", + "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" + }, + { + "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", + "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", + "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", + "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", + "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", + "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" + }, + { + "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", + "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", + "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", + "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", + "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", + "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" + }, + { + "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", + "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", + "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", + "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", + "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", + "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" + }, + { + "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", + "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", + "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", + "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", + "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", + "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" + }, + { + "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", + "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", + "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", + "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", + "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", + "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" + }, + { + "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", + "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", + "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", + "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", + "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", + "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" + }, + { + "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", + "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", + "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", + "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", + "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", + "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" + }, + { + "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", + "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", + "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", + "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", + "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", + "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" + }, + { + "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", + "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", + "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", + "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", + "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", + "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" + }, + { + "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", + "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", + "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", + "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", + "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", + "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" + }, + { + "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", + "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", + "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", + "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", + "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", + "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" + }, + { + "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", + "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", + "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", + "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", + "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", + "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" + }, + { + "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", + "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", + "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", + "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", + "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", + "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" + }, + { + "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", + "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", + "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", + "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", + "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", + "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" + }, + { + "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", + "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", + "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", + "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", + "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", + "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" + }, + { + "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", + "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", + "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", + "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", + "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", + "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" + }, + { + "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", + "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", + "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", + "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", + "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", + "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" + }, + { + "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", + "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", + "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", + "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", + "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", + "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" + }, + { + "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", + "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", + "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", + "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", + "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", + "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" + }, + { + "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", + "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", + "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", + "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", + "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", + "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" + }, + { + "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", + "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", + "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", + "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", + "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", + "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" + }, + { + "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", + "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", + "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", + "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", + "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", + "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" + }, + { + "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", + "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", + "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", + "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", + "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", + "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" + }, + { + "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", + "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", + "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", + "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", + "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", + "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" + }, + { + "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", + "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", + "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", + "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", + "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", + "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" + }, + { + "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", + "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", + "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", + "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", + "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", + "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" + }, + { + "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", + "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", + "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", + "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", + "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", + "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" + }, + { + "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", + "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", + "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", + "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", + "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", + "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" + }, + { + "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", + "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", + "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", + "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", + "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", + "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" + }, + { + "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", + "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", + "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", + "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", + "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", + "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" + }, + { + "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", + "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", + "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", + "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", + "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", + "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" + }, + { + "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", + "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", + "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", + "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", + "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", + "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" + }, + { + "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", + "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", + "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", + "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", + "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", + "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" + }, + { + "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", + "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", + "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", + "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", + "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", + "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" + }, + { + "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", + "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", + "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", + "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", + "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", + "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" + }, + { + "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", + "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", + "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", + "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", + "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", + "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" + }, + { + "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", + "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", + "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", + "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", + "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", + "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" + }, + { + "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", + "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", + "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", + "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", + "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", + "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" + }, + { + "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", + "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", + "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", + "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", + "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", + "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" + }, + { + "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", + "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", + "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", + "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", + "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", + "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" + }, + { + "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", + "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", + "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", + "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", + "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", + "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" + }, + { + "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", + "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", + "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", + "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", + "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", + "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" + }, + { + "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", + "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", + "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", + "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", + "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", + "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" + }, + { + "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", + "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", + "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", + "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", + "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", + "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" + }, + { + "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", + "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", + "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", + "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", + "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", + "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" + }, + { + "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", + "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", + "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", + "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", + "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", + "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" + }, + { + "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", + "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", + "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", + "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", + "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", + "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" + }, + { + "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", + "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", + "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", + "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", + "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", + "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" + }, + { + "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", + "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", + "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", + "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", + "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", + "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" + }, + { + "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", + "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", + "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", + "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", + "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", + "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" + }, + { + "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", + "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", + "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", + "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", + "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", + "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" + }, + { + "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", + "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", + "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", + "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", + "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", + "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" + }, + { + "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", + "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", + "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", + "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", + "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", + "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" + }, + { + "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", + "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", + "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", + "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", + "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", + "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" + }, + { + "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", + "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", + "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", + "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", + "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", + "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" + }, + { + "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", + "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", + "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", + "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", + "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", + "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" + }, + { + "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", + "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", + "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", + "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", + "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", + "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" + }, + { + "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", + "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", + "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", + "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", + "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", + "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" + }, + { + "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", + "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", + "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", + "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", + "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", + "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" + }, + { + "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", + "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", + "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", + "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", + "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", + "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" + }, + { + "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", + "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", + "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", + "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", + "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", + "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" + }, + { + "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", + "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", + "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", + "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", + "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", + "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" + }, + { + "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", + "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", + "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", + "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", + "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", + "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" + }, + { + "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", + "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", + "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", + "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", + "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", + "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" + }, + { + "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", + "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", + "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", + "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", + "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", + "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" + }, + { + "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", + "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", + "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", + "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", + "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", + "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" + }, + { + "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", + "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", + "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", + "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", + "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", + "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" + }, + { + "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", + "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", + "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", + "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", + "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", + "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" + }, + { + "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", + "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", + "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", + "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", + "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", + "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" + }, + { + "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", + "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", + "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", + "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", + "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", + "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" + }, + { + "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", + "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", + "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", + "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", + "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", + "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" + }, + { + "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", + "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", + "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", + "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", + "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", + "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" + } +] From 8b112db84687b5c97cbc1b58a04bad313eae28ac Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 30 May 2024 10:01:46 -0700 Subject: [PATCH 75/94] Regenerate the code with revised general-purpose slice index operation --- libcrux-ml-kem/c/eurydice_glue.h | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 21 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 20 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 493 +++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_platform.h | 4 +- libcrux-ml-kem/c/libcrux_polynomial.c | 348 ++++++++----- libcrux-ml-kem/c/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.c | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- 26 files changed, 590 insertions(+), 384 deletions(-) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 51eec3b8b..dd4888af3 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -34,8 +34,12 @@ typedef struct { // remark above about how pointer arithmetic works in C), meaning either pointer or array type. #define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) #define EURYDICE_SLICE_LEN(s, _) s.len -#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) -#define Eurydice_slice_index_outparam(s, i, dst, t, _ret_t) (memcpy(dst, (s.ptr + i * sizeof(t)), sizeof(t))) +// This macro is a pain because in case the dereferenced element type is an +// array, you cannot simply write `t x` as it would yield `int[4] x` instead, +// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that +// adds an extra argument to this macro at the last minute so that we have the +// correct type of *pointers* to elements. +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t) s.ptr)[i]) #define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 38bc4b61d..ca9ed855d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index c55b42414..ace6f4826 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index a14c89370..e8b09e5d2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 20ed6dc8e..63287b074 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index bef34d858..afb756c99 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -50,8 +50,9 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - uint8_t uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t); + uint8_t + uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); @@ -120,10 +121,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_ for (size_t i = (size_t)0U; i < (size_t)768U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); r = (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } @@ -221,10 +222,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size for (size_t i = (size_t)0U; i < (size_t)1568U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); r = (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } @@ -322,10 +323,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size for (size_t i = (size_t)0U; i < (size_t)1088U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t); + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); r = (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t)); + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 7b036c030..94ce0e0ee 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 2648231bb..1da67faee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 4e87e6e50..c9e81b182 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 62de61fcf..4cfaa1d44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e2f899447..bd94fd3ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 727229b29..66ecf5c4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -1298,19 +1298,20 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); uint32_t uu____1 = uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; uint32_t uu____2 = uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; uint32_t random_bits_as_u32 = uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; @@ -1357,15 +1358,16 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vect uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); uint32_t uu____1 = uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; uint32_t random_bits_as_u24 = uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index c690fac1b..acbdfe9c5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 7b83b0c41..36f74f5ac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -900,21 +900,36 @@ libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libc inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t + uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, @@ -932,7 +947,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) uu____12, uu____13, uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); core_core_arch_x86___m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, @@ -1097,21 +1112,36 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t + uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, @@ -1129,7 +1159,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) uu____12, uu____13, uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); core_core_arch_x86___m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, @@ -1271,21 +1301,21 @@ libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libc inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8(uu____0, @@ -1303,7 +1333,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) uu____12, uu____13, uu____14, - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t)); + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); core_core_arch_x86___m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); core_core_arch_x86___m256i @@ -1771,112 +1801,132 @@ libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) result = libcrux_ml_kem_vector_avx2_portable_zero(); int16_t uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; int16_t uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; int16_t uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) << 10U; int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uu____5 = + uu____4 + | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; int16_t uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; int16_t uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; int16_t uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) << 9U; int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uu____12 = + uu____11 + | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; int16_t uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + int16_t + uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)7) << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; int16_t uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & (int16_t)1) << 10U; int16_t uu____23 = uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; int16_t uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + uint8_t + *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; int16_t uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + uint8_t + *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; int16_t uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) << 9U; int16_t uu____30 = uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; int16_t uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + uint8_t + *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; int16_t uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + uint8_t + *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; return result; } @@ -2665,12 +2715,18 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for Eurydice_slice out0 = uu____0.fst; Eurydice_slice out1 = uu____0.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____1, @@ -2765,12 +2821,18 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for Eurydice_slice out0 = uu____0.fst; Eurydice_slice out1 = uu____0.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; - uint8_t ret0[168U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [168U], void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)168U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[168U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [168U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____1, @@ -3057,12 +3119,18 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - uint8_t ret0[192U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [192U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)192U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[192U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [192U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)192U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), + uint8_t, + Eurydice_slice); Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256(uu____1, @@ -3102,19 +3170,20 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); uint32_t uu____1 = uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; uint32_t uu____2 = uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; uint32_t random_bits_as_u32 = uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; @@ -3161,15 +3230,16 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); uint32_t uu____1 = uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; uint32_t random_bits_as_u24 = uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; @@ -3944,12 +4014,18 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256(uu____1, @@ -6342,22 +6418,32 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for Eurydice_slice out2 = uu____2.fst; Eurydice_slice out3 = uu____2.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice); - uint8_t ret2[504U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[504U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [504U], void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice((size_t)504U, ret3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice)); memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); } @@ -6459,22 +6545,32 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for Eurydice_slice out2 = uu____2.fst; Eurydice_slice out3 = uu____2.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; - uint8_t ret0[168U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [168U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[168U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [168U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)168U, ret1, uint8_t, Eurydice_slice); - uint8_t ret2[168U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [168U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)168U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[168U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [168U], void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice((size_t)168U, ret3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice)); memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); } @@ -6743,17 +6839,24 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice); - uint8_t ret2[128U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[128U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [128U], void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____8 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____9 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); libcrux_sha3_avx2_x4_shake256(uu____3, uu____4, uu____5, @@ -6761,7 +6864,10 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for uu____7, uu____8, uu____9, - Eurydice_array_to_slice((size_t)128U, ret3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice)); memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); } @@ -8392,15 +8498,24 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for Eurydice_slice out1 = uu____1.fst; Eurydice_slice out2 = uu____1.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice); - uint8_t ret2[504U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____2, uu____3, uu____4, @@ -8500,15 +8615,24 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for Eurydice_slice out1 = uu____1.fst; Eurydice_slice out2 = uu____1.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; - uint8_t ret0[168U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [168U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[168U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [168U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, ret1, uint8_t, Eurydice_slice); - uint8_t ret2[168U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [168U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)168U, ret2, uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____2, uu____3, uu____4, @@ -8775,15 +8899,24 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice); - uint8_t ret2[128U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); - Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____7 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____8 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); libcrux_sha3_avx2_x4_shake256(uu____2, uu____3, uu____4, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 3c0acc20a..57d80532e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 738415194..3eff076f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h index f37ea0da5..0e60b7cb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 3387ac459..420eb1380 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 7a5a3333c..e31ba487f 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -1052,13 +1052,13 @@ static inline libcrux_ml_kem_vector_PortableVector deserialize_1(Eurydice_slice for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); } for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); } return result; @@ -1112,37 +1112,37 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m static inline libcrux_ml_kem_vector_PortableVector deserialize_4(Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); return v; } @@ -1205,61 +1205,81 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m static inline libcrux_ml_kem_vector_PortableVector deserialize_5(Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); uint8_t - uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & 3U) << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uu____1 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) + << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); uint8_t - uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & 15U) << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uu____4 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) + << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); uint8_t - uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & 1U) << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uu____6 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) + << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); uint8_t - uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & 7U) << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + uu____9 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) + << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + uint8_t + *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); uint8_t uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t) & 3U) + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & 3U) << 3U; - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t); + uint8_t + *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + uint8_t + *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); uint8_t uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t) & 15U) + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & 15U) << 1U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t); + uint8_t + *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); uint8_t uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t) & 1U) + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + & 1U) << 4U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t); + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + uint8_t + *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); uint8_t uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t) & 7U) + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & 7U) << 2U; - uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t); + uint8_t + *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t); + uint8_t + *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); return v; } @@ -1350,97 +1370,109 @@ static inline libcrux_ml_kem_vector_PortableVector deserialize_10(Eurydice_slice libcrux_ml_kem_vector_PortableVector result = zero(); int16_t uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); int16_t uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)15) + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; int16_t uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) & (int16_t)63) + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; int16_t uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); int16_t uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) & (int16_t)15) + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; int16_t uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)63) + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; int16_t uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) << 8U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t); + uint8_t + *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 6U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t); + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 4U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t); + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; int16_t uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t) + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t); + uint8_t + *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; int16_t uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) << 8U; - uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t); + uint8_t + *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); int16_t uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 6U; - uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t); + uint8_t + *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; int16_t uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 4U; - uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t); + uint8_t + *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; int16_t uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t) + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t); + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; return result; } @@ -1539,112 +1571,132 @@ static inline libcrux_ml_kem_vector_PortableVector deserialize_11(Eurydice_slice libcrux_ml_kem_vector_PortableVector result = zero(); int16_t uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; int16_t uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t) & (int16_t)63) + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; int16_t uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) << 10U; int16_t - uu____5 = uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + uu____5 = + uu____4 + | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; int16_t uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t) & (int16_t)15) + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; int16_t uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t) & (int16_t)127) + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; int16_t uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) << 9U; int16_t - uu____12 = uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); + uu____12 = + uu____11 + | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; int16_t uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t) & (int16_t)31) + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); + int16_t + uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t) & (int16_t)7) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)7) << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t); + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t); + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; int16_t uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t) & (int16_t)1) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & (int16_t)1) << 10U; int16_t uu____23 = uu____22 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t) << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t); + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; int16_t uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t); + uint8_t + *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; int16_t uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t); + uint8_t + *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; int16_t uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t) & (int16_t)3) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) << 9U; int16_t uu____30 = uu____29 - | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t) << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t); + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; int16_t uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t) + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t); + uint8_t + *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; int16_t uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t) + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t); + uint8_t + *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; return result; } @@ -1717,18 +1769,20 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector re = zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t); - int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t); - int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t + byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t); + int16_t + byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t *, uint8_t); re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); @@ -1737,18 +1791,30 @@ static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t); - int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t); - int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t); - int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t); - int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t); - int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t); - int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t); - int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t); - int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t); - int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t); - int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t); - int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t); + int16_t + byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t *, uint8_t); + int16_t + byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t *, uint8_t); + int16_t + byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t *, uint8_t); + int16_t + byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t *, uint8_t); + int16_t + byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t *, uint8_t); + int16_t + byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t *, uint8_t); + int16_t + byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t *, uint8_t); + int16_t + byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t *, uint8_t); + int16_t + byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t *, uint8_t); + int16_t + byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t *, uint8_t); + int16_t + byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t *, uint8_t); + int16_t + byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t *, uint8_t); re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); @@ -1793,9 +1859,9 @@ static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) else { Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____1; @@ -1810,7 +1876,7 @@ static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) if (uu____1) { int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; sampled++; } bool uu____3; @@ -1825,7 +1891,7 @@ static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) if (uu____3) { int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; sampled++; } } diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index 326874ca2..a64f83394 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index 2805f7efd..e791132ba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 4392fd6a3..ddbcffd6a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 1c51402d2..e74c8cc33 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index abdb2d976..2c199c687 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 8bf3b70d0..a7da9d0a6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 8ba9e4dda..072fe23f2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ From 34f92e1c28793c2353d66df21677cd5593829b46 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 30 May 2024 10:13:29 -0700 Subject: [PATCH 76/94] With loop unrolling --- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_polynomial.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 281 ++++--- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 290 ++++--- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 353 ++++---- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 776 ++++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_platform.h | 2 +- libcrux-ml-kem/c/libcrux_polynomial.c | 29 +- libcrux-ml-kem/c/libcrux_polynomial.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.c | 174 ++-- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 54 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 25 files changed, 1088 insertions(+), 905 deletions(-) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ca9ed855d..9aa756e5f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index ace6f4826..a602ad3b3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e8b09e5d2..963e10927 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 63287b074..b30f7d486 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index afb756c99..8081db044 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 94ce0e0ee..da93dfbea 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 1da67faee..a215e6880 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -75,11 +75,12 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568 { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -150,11 +151,12 @@ deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -234,16 +236,17 @@ compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector product = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], &u_as_ntt[i0]); libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product); - } + &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, @@ -330,11 +333,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -388,11 +392,12 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port ) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); memcpy(ret, ret0, (size_t)4U @@ -406,17 +411,19 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; memcpy(uu____1, state, @@ -435,14 +442,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[4U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); } @@ -453,8 +461,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { @@ -491,11 +501,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -504,8 +515,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz else { done = false; - } - } + }); return done; } @@ -516,14 +526,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[4U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); } @@ -534,8 +545,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { @@ -572,11 +585,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -585,8 +599,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz else { done = false; - } - } + }); return done; } @@ -646,11 +659,12 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi int16_t uu____3[4U][272U]; memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]); - } + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]);); memcpy(ret, ret0, (size_t)4U @@ -668,26 +682,31 @@ sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]);); + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } + seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -718,8 +737,7 @@ sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi { A_transpose[i1][j] = sample; } - } - } + }); memcpy(ret, A_transpose, (size_t)4U @@ -745,14 +763,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[4U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); } @@ -764,29 +783,34 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____1 = @@ -795,8 +819,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____2[4U]; memcpy(uu____2, @@ -832,29 +855,34 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____1 = @@ -862,8 +890,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1; - } + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____2[4U]; memcpy(uu____2, @@ -915,11 +942,12 @@ compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i0 = (size_t)0U; @@ -981,16 +1009,17 @@ compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector product = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], &r_as_ntt[i0]); libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product); - } + &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, @@ -1582,11 +1611,12 @@ compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i0 = (size_t)0U; @@ -2011,11 +2041,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c9e81b182..c415e78a8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 4cfaa1d44..c3d3686c9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -27,11 +27,12 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -91,11 +92,12 @@ deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -175,16 +177,17 @@ compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector product = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], &u_as_ntt[i0]); libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product); - } + &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, @@ -271,11 +274,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -329,11 +333,12 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port ) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); memcpy(ret, ret0, (size_t)2U @@ -347,17 +352,19 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; memcpy(uu____1, state, @@ -376,14 +383,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[2U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); } @@ -394,8 +402,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { @@ -432,11 +442,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -445,8 +456,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz else { done = false; - } - } + }); return done; } @@ -457,14 +467,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[2U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); } @@ -475,8 +486,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { @@ -513,11 +526,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -526,8 +540,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz else { done = false; - } - } + }); return done; } @@ -587,11 +600,12 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi int16_t uu____3[2U][272U]; memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]); - } + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]);); memcpy(ret, ret0, (size_t)2U @@ -609,26 +623,31 @@ sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]);); + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } + seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -659,8 +678,7 @@ sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi { A_transpose[i1][j] = sample; } - } - } + }); memcpy(ret, A_transpose, (size_t)2U @@ -686,14 +704,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[2U][192U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); } @@ -716,29 +735,34 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____1 = @@ -747,8 +771,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____2[2U]; memcpy(uu____2, @@ -783,14 +806,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[2U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); } @@ -802,29 +826,34 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____1 = @@ -832,8 +861,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1; - } + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____2[2U]; memcpy(uu____2, @@ -885,11 +913,12 @@ compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i0 = (size_t)0U; @@ -951,16 +980,17 @@ compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector product = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], &r_as_ntt[i0]); libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product); - } + &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, @@ -1457,11 +1487,12 @@ compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i0 = (size_t)0U; @@ -1886,11 +1917,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index bd94fd3ba..47a8fbb68 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 66ecf5c4e..5b4641ee3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -177,16 +177,17 @@ libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( size_t _initial_coefficient_bound ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; libcrux_ml_kem_vector_PortableVector uu____0 = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } + re->coefficients[round] = uu____0;); } void @@ -197,8 +198,10 @@ libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( size_t _initial_coefficient_bound ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; libcrux_ml_kem_vector_PortableVector @@ -207,8 +210,7 @@ libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } void @@ -219,8 +221,10 @@ libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( size_t _initial_coefficient_bound ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; libcrux_ml_kem_vector_PortableVector @@ -231,8 +235,7 @@ libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } void @@ -280,11 +283,12 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088 { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -467,11 +471,12 @@ deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -517,8 +522,10 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableV size_t _layer ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; libcrux_ml_kem_vector_PortableVector @@ -529,8 +536,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableV libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } void @@ -540,8 +546,10 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableV size_t _layer ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; libcrux_ml_kem_vector_PortableVector @@ -550,8 +558,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableV libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } void @@ -561,16 +568,17 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableV size_t _layer ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; libcrux_ml_kem_vector_PortableVector uu____0 = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } + re->coefficients[round] = uu____0;); } static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector @@ -671,16 +679,17 @@ compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector product = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], &u_as_ntt[i0]); libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product); - } + &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, @@ -695,8 +704,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_ ) { uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_PortableVector coefficient = @@ -723,8 +734,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_ core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, - void *); - } + void *);); memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); } @@ -846,11 +856,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; @@ -904,11 +915,12 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port ) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); memcpy(ret, ret0, (size_t)3U @@ -922,17 +934,19 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - state[i] = libcrux_sha3_portable_incremental_shake128_init(); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; memcpy(uu____1, state, @@ -951,14 +965,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[3U][504U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); } @@ -969,8 +984,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { @@ -1007,11 +1024,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -1020,8 +1038,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz else { done = false; - } - } + }); return done; } @@ -1032,14 +1049,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[3U][168U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); } @@ -1050,8 +1068,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { @@ -1088,11 +1108,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -1101,8 +1122,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz else { done = false; - } - } + }); return done; } @@ -1162,11 +1182,12 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi int16_t uu____3[3U][272U]; memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]); - } + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]);); memcpy(ret, ret0, (size_t)3U @@ -1184,26 +1205,31 @@ sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]);); + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } + seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -1234,8 +1260,7 @@ sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi { A_transpose[i1][j] = sample; } - } - } + }); memcpy(ret, A_transpose, (size_t)3U @@ -1261,14 +1286,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ ) { uint8_t out[3U][128U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice)); - } + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); } @@ -1469,29 +1495,34 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____1 = @@ -1500,8 +1531,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]); - } + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____2[3U]; memcpy(uu____2, @@ -1537,29 +1567,34 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____1 = @@ -1567,8 +1602,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1; - } + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____2[3U]; memcpy(uu____2, @@ -1620,11 +1654,12 @@ compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i0 = (size_t)0U; @@ -1683,8 +1718,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vec libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_PortableVector coefficient_compressed = @@ -1702,8 +1739,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vec libcrux_ml_kem_vector_PortableVector uu____0 = libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } + re.coefficients[i0] = uu____0;); return re; } @@ -1718,16 +1754,17 @@ compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector product = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], &r_as_ntt[i0]); libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product); - } + &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); result = libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, @@ -2386,11 +2423,12 @@ compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i0 = (size_t)0U; @@ -2852,11 +2890,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); for (size_t i = (size_t)0U; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index acbdfe9c5..a69080f07 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 36f74f5ac..378f68729 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -2378,10 +2378,11 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -2659,10 +2660,11 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy(ret, ret0, (size_t)2U @@ -2744,8 +2746,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { @@ -2782,11 +2786,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -2795,8 +2800,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ else { done = false; - } - } + }); return done; } @@ -2850,8 +2854,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { @@ -2888,11 +2894,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -2901,8 +2908,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ else { done = false; - } - } + }); return done; } @@ -2989,11 +2995,12 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1(uu____3[i]); - } + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1(uu____3[i]);); memcpy(ret, ret0, (size_t)2U @@ -3013,26 +3020,31 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0(A_transpose[i]);); + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } + seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3063,8 +3075,7 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu { A_transpose[i1][j] = sample; } - } - } + }); memcpy(ret, A_transpose, (size_t)2U @@ -3381,16 +3392,17 @@ ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; core_core_arch_x86___m256i uu____0 = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } + re->coefficients[round] = uu____0;); } static inline void @@ -3399,8 +3411,10 @@ ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; core_core_arch_x86___m256i @@ -3409,8 +3423,7 @@ ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } static inline void @@ -3419,8 +3432,10 @@ ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; core_core_arch_x86___m256i @@ -3431,8 +3446,7 @@ ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } static inline void @@ -3474,28 +3488,33 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = @@ -3504,8 +3523,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____2[2U]; memcpy(uu____2, @@ -3635,10 +3653,11 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i0 = (size_t)0U; @@ -3934,10 +3953,11 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -4059,28 +4079,33 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = @@ -4088,8 +4113,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1; - } + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____2[2U]; memcpy(uu____2, @@ -4139,8 +4163,10 @@ invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; core_core_arch_x86___m256i @@ -4151,8 +4177,7 @@ invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } static inline void @@ -4161,8 +4186,10 @@ invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; core_core_arch_x86___m256i @@ -4171,8 +4198,7 @@ invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } static inline void @@ -4181,16 +4207,17 @@ invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re ) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; core_core_arch_x86___m256i uu____0 = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } + re->coefficients[round] = uu____0;); } static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4300,10 +4327,11 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i0 = (size_t)0U; @@ -4368,8 +4396,10 @@ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -4386,8 +4416,7 @@ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_slice)); core_core_arch_x86___m256i uu____0 = decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } + re.coefficients[i0] = uu____0;); return re; } @@ -4437,13 +4466,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product); - } + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, @@ -5478,10 +5508,11 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -5832,10 +5863,11 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -5909,15 +5941,16 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product); - } + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; @@ -5930,8 +5963,10 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( ) { uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient = @@ -5958,8 +5993,7 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, - void *); - } + void *);); memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); } @@ -6140,10 +6174,11 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568 { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -6348,10 +6383,11 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy(ret, ret0, (size_t)4U @@ -6454,8 +6490,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { @@ -6492,11 +6530,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -6505,8 +6544,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ else { done = false; - } - } + }); return done; } @@ -6581,8 +6619,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { @@ -6619,11 +6659,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -6632,8 +6673,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ else { done = false; - } - } + }); return done; } @@ -6695,11 +6735,12 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1(uu____3[i]); - } + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1(uu____3[i]);); memcpy(ret, ret0, (size_t)4U @@ -6719,26 +6760,31 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0(A_transpose[i]);); + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } + seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6769,8 +6815,7 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu { A_transpose[i1][j] = sample; } - } - } + }); memcpy(ret, A_transpose, (size_t)4U @@ -6879,28 +6924,33 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = @@ -6909,8 +6959,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____2[4U]; memcpy(uu____2, @@ -6981,10 +7030,11 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i0 = (size_t)0U; @@ -7280,10 +7330,11 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536 { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -7340,28 +7391,33 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = @@ -7369,8 +7425,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1; - } + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____2[4U]; memcpy(uu____2, @@ -7444,10 +7499,11 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i0 = (size_t)0U; @@ -7510,13 +7566,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product); - } + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, @@ -7905,10 +7962,11 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -7981,10 +8039,11 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -8036,15 +8095,16 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product); - } + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; @@ -8227,10 +8287,11 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184 { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -8435,10 +8496,11 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy(ret, ret0, (size_t)3U @@ -8531,8 +8593,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { @@ -8569,11 +8633,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -8582,8 +8647,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ else { done = false; - } - } + }); return done; } @@ -8648,8 +8712,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ int16_t (*out)[272U] ) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { @@ -8686,11 +8752,12 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } - } - } + }); bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { @@ -8699,8 +8766,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ else { done = false; - } - } + }); return done; } @@ -8762,11 +8828,12 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1(uu____3[i]); - } + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1(uu____3[i]);); memcpy(ret, ret0, (size_t)3U @@ -8786,26 +8853,31 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0(A_transpose[i]);); + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } + seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8836,8 +8908,7 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu { A_transpose[i1][j] = sample; } - } - } + }); memcpy(ret, A_transpose, (size_t)3U @@ -8936,28 +9007,33 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = @@ -8966,8 +9042,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]); - } + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____2[3U]; memcpy(uu____2, @@ -9038,10 +9113,11 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i0 = (size_t)0U; @@ -9337,10 +9413,11 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152 { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -9397,28 +9474,33 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = @@ -9426,8 +9508,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1; - } + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____2[3U]; memcpy(uu____2, @@ -9501,10 +9582,11 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i0 = (size_t)0U; @@ -9567,13 +9649,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product); - } + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, @@ -9841,10 +9924,11 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_ { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -9906,10 +9990,11 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - } + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; @@ -9961,15 +10046,16 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product); - } + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 57d80532e..ecf17daec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 3eff076f1..b5af37f3c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h index 0e60b7cb9..f458aac48 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 420eb1380..0237027dc 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index e31ba487f..4ce0ae5d7 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -1018,20 +1018,22 @@ ntt_multiply0( static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) { uint8_t result[2U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { + KRML_MAYBE_FOR8(i, + (size_t)0U, + (size_t)8U, + (size_t)1U, size_t i0 = i; size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) - { + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); + KRML_MAYBE_FOR8(i, + (size_t)8U, + (size_t)16U, + (size_t)1U, size_t i0 = i; size_t uu____1 = (size_t)1U; result[uu____1] = (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U); - } + | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U);); memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); } @@ -1049,12 +1051,13 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m static inline libcrux_ml_kem_vector_PortableVector deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_PortableVector result = zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) - { + KRML_MAYBE_FOR8(i, + (size_t)0U, + (size_t)8U, + (size_t)1U, size_t i0 = i; uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U); - } + result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index a64f83394..7a5c9a696 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index e791132ba..ffc1bf395 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -1021,20 +1021,22 @@ libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, size_t j = i; uint64_t uu____0 = libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } + s->st[i1][j] = uu____0;);); } inline void @@ -1111,20 +1113,19 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; + size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)200U, - blocks[i0], + blocks[i], ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; } uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; @@ -1197,14 +1198,13 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -1257,14 +1257,13 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -1482,20 +1481,19 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; + size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)200U, - blocks[i0], + blocks[i], ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; } uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; @@ -1568,14 +1566,13 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -1628,14 +1625,13 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -1769,20 +1765,19 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; + size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)200U, - blocks[i0], + blocks[i], ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; } uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; @@ -1978,20 +1973,19 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; + size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)200U, - blocks[i0], + blocks[i], ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; } uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; @@ -2241,20 +2235,19 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; + size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)200U, - blocks[i0], + blocks[i], ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; } uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; @@ -2327,14 +2320,13 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -2387,14 +2379,13 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -2612,20 +2603,19 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; + size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)200U, - blocks[i0], + blocks[i], ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; } uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; @@ -2698,14 +2688,13 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -2758,14 +2747,13 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -3005,14 +2993,13 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, @@ -3035,14 +3022,13 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( uint8_t b[1U][200U]; libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); core_slice___Slice_T___copy_from_slice(uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ddbcffd6a..c33617199 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e74c8cc33..2e3bf6588 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ @@ -1275,20 +1275,22 @@ libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, size_t j = i; core_core_arch_x86___m256i uu____0 = and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } + s->st[i1][j] = uu____0;);); } inline void @@ -1371,8 +1373,10 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136 { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = @@ -1384,8 +1388,7 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136 Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); core_core_arch_x86___m256i (*uu____1)[5U] = s->st; uint8_t uu____2[4U][200U]; memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); @@ -1670,8 +1673,10 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4 { uint8_t b[4U][200U]; store_block_full___136size_t0(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1686,8 +1691,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4 core_ops_range_Range__size_t, Eurydice_slice), uint8_t, - void *); - } + void *);); } static inline void @@ -1724,8 +1728,10 @@ libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136 libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); uint8_t b[4U][200U]; store_block_full___136size_t0(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1740,8 +1746,7 @@ libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136 core_ops_range_Range__size_t, Eurydice_slice), uint8_t, - void *); - } + void *);); } inline void @@ -2173,8 +2178,10 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168 { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = @@ -2186,8 +2193,7 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168 Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; - } + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); core_core_arch_x86___m256i (*uu____1)[5U] = s->st; uint8_t uu____2[4U][200U]; memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2c199c687..593485d1b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a7da9d0a6..e59cda99e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 072fe23f2..e87dedbca 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 F* version: 58c915a8 KaRaMeL version: 04cb86b9 */ From 5b5b73edbdb12b60b384f4c77a387b9a1921fd2a Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 30 May 2024 19:22:51 +0200 Subject: [PATCH 77/94] benches --- libcrux-ml-kem/c/benches/mlkem768.cc | 73 +++++++++++ libcrux-ml-kem/c/benches/mlkem768_encaps.cc | 37 ++++++ libcrux-ml-kem/c/benches/mlkem768_keygen.cc | 33 +++++ libcrux-ml-kem/c/benches/sha3.cc | 128 ++++++++++++++++++++ 4 files changed, 271 insertions(+) create mode 100644 libcrux-ml-kem/c/benches/mlkem768.cc create mode 100644 libcrux-ml-kem/c/benches/mlkem768_encaps.cc create mode 100644 libcrux-ml-kem/c/benches/mlkem768_keygen.cc create mode 100644 libcrux-ml-kem/c/benches/sha3.cc diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc new file mode 100644 index 000000000..eea5cc264 --- /dev/null +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -0,0 +1,73 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" +#include "Hacl_Hash_SHA3_Scalar.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +static void +kyber768_key_generation(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + + for (auto _ : state) + { + key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + } +} + +static void +kyber768_encapsulation(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + } +} + +static void +kyber768_decapsulation(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + } +} + +BENCHMARK(kyber768_key_generation); +BENCHMARK(kyber768_encapsulation); +BENCHMARK(kyber768_decapsulation); + +BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc new file mode 100644 index 000000000..941d0538c --- /dev/null +++ b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc @@ -0,0 +1,37 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" +#include "Hacl_Hash_SHA3_Scalar.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +int main(int argc, char const *argv[]) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + + for (size_t i = 0; i < 100000; i++) + { + ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + } + + return 0; +} diff --git a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc new file mode 100644 index 000000000..a949a25b5 --- /dev/null +++ b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc @@ -0,0 +1,33 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" +#include "Hacl_Hash_SHA3_Scalar.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +int main(int argc, char const *argv[]) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + + for (size_t i = 0; i < 100000; i++) + { + key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + } + return 0; +} diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc new file mode 100644 index 000000000..4a609b85a --- /dev/null +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -0,0 +1,128 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3_avx2.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" +#include "Hacl_Hash_SHA3_Scalar.h" +#include "Hacl_Hash_SHA3_Simd256.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +static void +sha3_256_1184(benchmark::State &state) +{ + uint8_t digest[32]; + uint8_t input[1184]; + generate_random(input, 1184); + + libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); + + for (auto _ : state) + { + libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); + } +} + +static void +sha3_512_64(benchmark::State &state) +{ + uint8_t digest[64]; + uint8_t input[64]; + generate_random(input, 64); + + libcrux_sha3_portable_sha512(EURYDICE_SLICE(input, 0, 64), EURYDICE_SLICE(digest, 0, 64)); + + for (auto _ : state) + { + libcrux_sha3_portable_sha512(EURYDICE_SLICE(input, 0, 64), EURYDICE_SLICE(digest, 0, 64)); + } +} + +static void +shake128_34_504(benchmark::State &state) +{ + uint8_t digest0[504]; + uint8_t digest1[504]; + uint8_t digest2[504]; + uint8_t digest3[504]; + uint8_t input[34]; + generate_random(input, 34); + + // libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); + libcrux_sha3_avx2_x4_incremental_KeccakState4 st; + st.st = Hacl_Hash_SHA3_Simd256_state_malloc(); + Hacl_Hash_SHA3_Simd256_shake128_squeeze_nblocks(st.st, digest0, digest1, digest2, digest3, 504); + + for (auto _ : state) + { + libcrux_sha3_avx2_x4_incremental_KeccakState4 st; + st.st = Hacl_Hash_SHA3_Simd256_state_malloc(); + Hacl_Hash_SHA3_Simd256_shake128_squeeze_nblocks(st.st, digest0, digest1, digest2, digest3, 504); + } +} + +static void +shake256_1120_32(benchmark::State &state) +{ + uint8_t input[1120]; + generate_random(input, 1120); + + uint8_t digest0[32]; + uint8_t digest1[32]; + uint8_t digest2[32]; + uint8_t digest3[32]; + Eurydice_slice out0 = EURYDICE_SLICE(digest0, 0, 32); + Eurydice_slice out1 = EURYDICE_SLICE(digest1, 0, 32); + Eurydice_slice out2 = EURYDICE_SLICE(digest2, 0, 32); + Eurydice_slice out3 = EURYDICE_SLICE(digest3, 0, 32); + + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), out0, out1, out2, out3); + + for (auto _ : state) + { + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), out0, out1, out2, out3); + } +} + +static void +shake256_33_128(benchmark::State &state) +{ + uint8_t input[33]; + generate_random(input, 33); + + uint8_t digest0[128]; + uint8_t digest1[128]; + uint8_t digest2[128]; + uint8_t digest3[128]; + Eurydice_slice out0 = EURYDICE_SLICE(digest0, 0, 128); + Eurydice_slice out1 = EURYDICE_SLICE(digest1, 0, 128); + Eurydice_slice out2 = EURYDICE_SLICE(digest2, 0, 128); + Eurydice_slice out3 = EURYDICE_SLICE(digest3, 0, 128); + + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), out0, out1, out2, out3); + + for (auto _ : state) + { + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), out0, out1, out2, out3); + } +} + +BENCHMARK(sha3_256_1184); +BENCHMARK(sha3_512_64); +BENCHMARK(shake128_34_504); +BENCHMARK(shake256_1120_32); +BENCHMARK(shake256_33_128); + +BENCHMARK_MAIN(); From 08aee254cddf3d3dc7ccab6602d7d1873ecc2406 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 30 May 2024 19:36:51 +0200 Subject: [PATCH 78/94] bench --- libcrux-ml-kem/c/CMakeLists.txt | 62 +++++++++++++++++++++ libcrux-ml-kem/c/benches/mlkem768.cc | 1 - libcrux-ml-kem/c/benches/mlkem768_encaps.cc | 1 - libcrux-ml-kem/c/benches/mlkem768_keygen.cc | 1 - libcrux-ml-kem/c/benches/sha3.cc | 15 +++-- 5 files changed, 69 insertions(+), 11 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index d8637c9fd..06f26b4bd 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -88,3 +88,65 @@ target_link_libraries(sha3_test PRIVATE gtest_main nlohmann_json::nlohmann_json ) + +# --- Benchmarks + +FetchContent_Populate(benchmark + GIT_REPOSITORY https://github.com/google/benchmark.git + # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 + # But also: need the fix for https://github.com/google/benchmark/pull/1669 + GIT_TAG bc946b919cac6f25a199a526da571638cfde109f +) +add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) + +add_executable(ml_kem_bench + ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc +) +target_link_libraries(ml_kem_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_bench PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_keygen + ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc +) +target_link_libraries(ml_kem_keygen PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_keygen PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_encaps + ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc +) +target_link_libraries(ml_kem_encaps PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_encaps PRIVATE + -mavx + -mavx2 +) + +add_executable(sha3_bench + ${PROJECT_SOURCE_DIR}/benches/sha3.cc +) +target_link_libraries(sha3_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(sha3_bench PRIVATE + -mavx + -mavx2 +) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index eea5cc264..680f648e7 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -11,7 +11,6 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" -#include "Hacl_Hash_SHA3_Scalar.h" void generate_random(uint8_t *output, uint32_t output_len) { diff --git a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc index 941d0538c..53ae6af1d 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc @@ -11,7 +11,6 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" -#include "Hacl_Hash_SHA3_Scalar.h" void generate_random(uint8_t *output, uint32_t output_len) { diff --git a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc index a949a25b5..37eb855d2 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc @@ -11,7 +11,6 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" -#include "Hacl_Hash_SHA3_Scalar.h" void generate_random(uint8_t *output, uint32_t output_len) { diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 4a609b85a..8c2d80a8b 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -11,8 +11,7 @@ #include "libcrux_sha3_avx2.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" -#include "Hacl_Hash_SHA3_Scalar.h" -#include "Hacl_Hash_SHA3_Simd256.h" + void generate_random(uint8_t *output, uint32_t output_len) { @@ -61,15 +60,15 @@ shake128_34_504(benchmark::State &state) generate_random(input, 34); // libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); - libcrux_sha3_avx2_x4_incremental_KeccakState4 st; - st.st = Hacl_Hash_SHA3_Simd256_state_malloc(); - Hacl_Hash_SHA3_Simd256_shake128_squeeze_nblocks(st.st, digest0, digest1, digest2, digest3, 504); + libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504)); for (auto _ : state) { - libcrux_sha3_avx2_x4_incremental_KeccakState4 st; - st.st = Hacl_Hash_SHA3_Simd256_state_malloc(); - Hacl_Hash_SHA3_Simd256_shake128_squeeze_nblocks(st.st, digest0, digest1, digest2, digest3, 504); + libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504)); } } From 746f35697b50685225eec349cc541f472076ee44 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 30 May 2024 19:44:37 +0200 Subject: [PATCH 79/94] benches --- libcrux-ml-kem/c/benches/sha3.cc | 12 +++++++----- .../c/intrinsics/libcrux_intrinsics_avx2.h | 14 +++++++------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 8c2d80a8b..68de31f29 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -59,16 +59,18 @@ shake128_34_504(benchmark::State &state) uint8_t input[34]; generate_random(input, 34); + Eurydice_slice last[4] = {EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)}; + Eurydice_slice out[4] = {EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest1,0,504),EURYDICE_SLICE(digest2,0,504),EURYDICE_SLICE(digest3,0,504)}; // libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504)); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(&st,out); for (auto _ : state) { - libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504),EURYDICE_SLICE(digest,0,504)); + libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(&st,out); } } diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index 57ff9cc0f..eee258a04 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -165,22 +165,22 @@ libcrux_intrinsics_avx2_mm256_set_epi32( static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ - return _mm256_loadu_si256(a.ptr); + return _mm256_loadu_si256((const __m256i*) a.ptr); } static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ - return _mm256_loadu_si256(a.ptr); + return _mm256_loadu_si256((const __m256i*) a.ptr); } static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ - return _mm_loadu_si128(a.ptr); + return _mm_loadu_si128((const __m128i*) a.ptr); } static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128(a.ptr,b); + return _mm_storeu_si128((__m128i*) a.ptr,b); } static inline void @@ -188,7 +188,7 @@ libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_slice a, core_core_arch_x86___m256i b ){ - return _mm256_storeu_si256(a.ptr,b); + return _mm256_storeu_si256((__m256i*) a.ptr,b); } static inline void @@ -196,12 +196,12 @@ libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice a, core_core_arch_x86___m256i b ){ - return _mm256_storeu_si256(a.ptr,b); + return _mm256_storeu_si256((__m256i*) a.ptr,b); } static inline void libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128(a.ptr,b); + return _mm_storeu_si128((__m128i*) a.ptr,b); } // Arithmetic: Add, Sub From 87a5209f7b7bdbe9ad22fbfcedbc2dec8368ceab Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 30 May 2024 21:15:14 +0200 Subject: [PATCH 80/94] a snapshot of hand edits to speed up sha3 --- .../c-sha3-speedup/#libcrux_sha3_avx2.h# | 181 + .../c-sha3-speedup/.#libcrux_sha3_avx2.h | 1 + libcrux-ml-kem/c-sha3-speedup/.gitignore | 1 + libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt | 154 + .../c-sha3-speedup/CMakeLists.txt.bench | 185 + .../c-sha3-speedup/CMakeLists.txt.bench~ | 185 + libcrux-ml-kem/c-sha3-speedup/avx2 | 489 + .../c-sha3-speedup/benches/mlkem768.cc | 72 + .../c-sha3-speedup/benches/mlkem768_encaps.cc | 36 + .../c-sha3-speedup/benches/mlkem768_keygen.cc | 32 + libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc | 127 + libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h | 246 + .../c-sha3-speedup/internal/libcrux_core.h | 354 + .../internal/libcrux_mlkem768.h | 171 + .../internal/libcrux_mlkem_avx2.h | 97 + .../internal/libcrux_mlkem_neon.h | 97 + .../internal/libcrux_polynomial.h | 333 + .../intrinsics/libcrux_intrinsics_arm64.h | 552 + .../intrinsics/libcrux_intrinsics_avx2.h | 489 + .../karamel/include/krml/c_endianness.h | 13 + .../karamel/include/krml/fstar_int.h | 81 + .../karamel/include/krml/internal/builtin.h | 18 + .../karamel/include/krml/internal/callconv.h | 27 + .../karamel/include/krml/internal/compat.h | 32 + .../karamel/include/krml/internal/debug.h | 57 + .../karamel/include/krml/internal/target.h | 384 + .../karamel/include/krml/internal/types.h | 105 + .../include/krml/internal/wasmsupport.h | 5 + .../karamel/include/krml/lowstar_endianness.h | 231 + .../c-sha3-speedup/karamel/include/krmllib.h | 28 + .../krmllib/dist/minimal/FStar_UInt128.h | 78 + .../dist/minimal/FStar_UInt128_Verified.h | 346 + .../dist/minimal/FStar_UInt_8_16_32_64.h | 213 + .../krmllib/dist/minimal/LowStar_Endianness.h | 27 + .../krmllib/dist/minimal/Makefile.basic | 56 + .../krmllib/dist/minimal/Makefile.include | 5 + .../dist/minimal/fstar_uint128_gcc64.h | 165 + .../krmllib/dist/minimal/fstar_uint128_msvc.h | 510 + .../minimal/fstar_uint128_struct_endianness.h | 68 + .../krmllib/dist/minimal/libkrmllib.def | 11 + libcrux-ml-kem/c-sha3-speedup/libcrux_core.c | 524 + libcrux-ml-kem/c-sha3-speedup/libcrux_core.h | 135 + .../c-sha3-speedup/libcrux_mlkem1024.c | 2181 ++++ .../c-sha3-speedup/libcrux_mlkem1024.h | 132 + .../c-sha3-speedup/libcrux_mlkem512.c | 2057 ++++ .../c-sha3-speedup/libcrux_mlkem512.h | 138 + .../c-sha3-speedup/libcrux_mlkem768.c | 3030 +++++ .../c-sha3-speedup/libcrux_mlkem768.h | 132 + .../c-sha3-speedup/libcrux_mlkem_avx2.c | 10225 ++++++++++++++++ .../c-sha3-speedup/libcrux_mlkem_avx2.h | 671 + .../c-sha3-speedup/libcrux_mlkem_neon.c | 9734 +++++++++++++++ .../c-sha3-speedup/libcrux_mlkem_neon.h | 27 + .../c-sha3-speedup/libcrux_mlkem_sha3.h | 26 + .../c-sha3-speedup/libcrux_platform.c | 8 + .../c-sha3-speedup/libcrux_platform.h | 26 + .../c-sha3-speedup/libcrux_polynomial.c | 2423 ++++ .../c-sha3-speedup/libcrux_polynomial.h | 31 + libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c | 3246 +++++ libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h | 966 ++ .../c-sha3-speedup/libcrux_sha3_avx2.c | 2520 ++++ .../c-sha3-speedup/libcrux_sha3_avx2.h | 181 + .../c-sha3-speedup/libcrux_sha3_neon.c | 177 + .../c-sha3-speedup/libcrux_sha3_neon.h | 70 + .../c-sha3-speedup/tests/mlkem768.cc | 302 + .../tests/mlkem768_nistkats.json | 802 ++ libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc | 84 + 66 files changed, 46110 insertions(+) create mode 100644 libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# create mode 120000 libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/.gitignore create mode 100644 libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt create mode 100644 libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench create mode 100644 libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ create mode 100644 libcrux-ml-kem/c-sha3-speedup/avx2 create mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc create mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc create mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc create mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc create mode 100644 libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_core.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_core.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c create mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h create mode 100644 libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc create mode 100644 libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json create mode 100644 libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc diff --git a/libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# b/libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# new file mode 100644 index 000000000..0952f20d6 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# @@ -0,0 +1,181 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_avx2_H +#define __libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "intrinsics/libcrux_intrinsics_avx2.h" + +#include "libcrux_sha3.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s +{ core_core_arch_x86___m256i st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; + +/* +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +); + +void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +); +*/ + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void); + + /* +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + */ + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +); + + /* +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + */ + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + + /* + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + */ + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h b/libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h new file mode 120000 index 000000000..9e19a1449 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h @@ -0,0 +1 @@ +karthik@Ubuntu-2204-jammy-amd64-base.2133727:1714396024 \ No newline at end of file diff --git a/libcrux-ml-kem/c-sha3-speedup/.gitignore b/libcrux-ml-kem/c-sha3-speedup/.gitignore new file mode 100644 index 000000000..378eac25d --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/.gitignore @@ -0,0 +1 @@ +build diff --git a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt new file mode 100644 index 000000000..d9162f6e2 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt @@ -0,0 +1,154 @@ +# cmake -B build -G "Ninja Multi-Config" +# cmake --build build + +cmake_minimum_required(VERSION 3.10) + +project(libcrux-ml-kem + VERSION 0.1.0 + LANGUAGES C CXX +) + +set(CMAKE_C_FLAGS " -Wall ") +set(CMAKE_COLOR_DIAGNOSTICS "ON") +include_directories( + ${PROJECT_SOURCE_DIR} + ${PROJECT_SOURCE_DIR}/internal + ${PROJECT_SOURCE_DIR}/karamel/include +) +file(GLOB SOURCES + ${PROJECT_SOURCE_DIR}/libcrux_core.c + ${PROJECT_SOURCE_DIR}/libcrux_platform.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c + ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3.c +) +# file(GLOB VEC128_SOURCES +# libcrux_sha3_neon.c +# ) +file(GLOB SOURCES_vec256 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c +) + +set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE) + +if(${CMAKE_SYSTEM_NAME} MATCHES Linux) + add_compile_options( + -fPIC + ) +endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) + +add_library(ml_kem SHARED ${SOURCES}) +add_library(ml_kem_static STATIC ${SOURCES}) + +# if(LIBCRUX_VEC256) +add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) +target_compile_options(ml_kem_vec256 PRIVATE + -mavx + -mavx2 +) +# endif() + +# --- Tests + +# Get gtests +include(FetchContent) +FetchContent_Declare(googletest +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip +) + +# For Windows: Prevent overriding the parent project's compiler/linker settings +set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) +FetchContent_MakeAvailable(googletest) + +# Get nlohmann json +FetchContent_Declare(json +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip +) +FetchContent_MakeAvailable(json) + +add_executable(ml_kem_test + ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc +) +target_link_libraries(ml_kem_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) + +add_executable(sha3_test + ${PROJECT_SOURCE_DIR}/tests/sha3.cc +) +target_link_libraries(sha3_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) + +# --- Benchmarks + +FetchContent_Populate(benchmark + GIT_REPOSITORY https://github.com/google/benchmark.git + # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 + # But also: need the fix for https://github.com/google/benchmark/pull/1669 + GIT_TAG bc946b919cac6f25a199a526da571638cfde109f +) +add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) + +add_executable(ml_kem_bench + ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc +) +target_link_libraries(ml_kem_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_bench PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_keygen + ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc +) +target_link_libraries(ml_kem_keygen PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_keygen PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_encaps + ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc +) +target_link_libraries(ml_kem_encaps PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_encaps PRIVATE + -mavx + -mavx2 +) + +add_executable(sha3_bench + ${PROJECT_SOURCE_DIR}/benches/sha3.cc +) +target_link_libraries(sha3_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(sha3_bench PRIVATE + -mavx + -mavx2 +) diff --git a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench new file mode 100644 index 000000000..e48282abd --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench @@ -0,0 +1,185 @@ +# cmake -B build -G "Ninja Multi-Config" +# cmake --build build +# # For release (benchmarks) +# cmake --build build --config Release + +cmake_minimum_required(VERSION 3.10) + +project(libcrux-ml-kem + VERSION 0.1.0 + LANGUAGES C CXX +) + +set(CMAKE_C_STANDARD 11) +add_compile_options( + -Wall + # -Wextra + # -pedantic + # -Wconversion + # -Wsign-conversion + $<$:-g> + $<$:-Og> + $<$:-g> + $<$:-O3> + -fno-omit-frame-pointer +) +set(CMAKE_COLOR_DIAGNOSTICS "ON") +include_directories( + ${PROJECT_SOURCE_DIR} + ${PROJECT_SOURCE_DIR}/internal + ${PROJECT_SOURCE_DIR}/karamel/include + ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/ +) +file(GLOB SOURCES + ${PROJECT_SOURCE_DIR}/libcrux_core.c + ${PROJECT_SOURCE_DIR}/libcrux_platform.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c + ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c + ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Scalar.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3.c +) +# file(GLOB VEC128_SOURCES +# libcrux_sha3_neon.c +# ) +file(GLOB SOURCES_vec256 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c + ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Simd256.c + ${PROJECT_SOURCE_DIR}/sha3_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c +) + +if(${CMAKE_SYSTEM_NAME} MATCHES Linux) + add_compile_options( + -fPIC + ) +endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) + +add_library(ml_kem SHARED ${SOURCES}) +add_library(ml_kem_static STATIC ${SOURCES}) + +# XXX: This is wrong, but we need avx2 everywhere right now. +target_compile_definitions(ml_kem PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_definitions(ml_kem_static PUBLIC HACL_CAN_COMPILE_VEC256) + +# if(LIBCRUX_VEC256) +add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) +target_compile_options(ml_kem_vec256 PRIVATE + -mavx + -mavx2 +) +target_compile_definitions(ml_kem_vec256 PUBLIC HACL_CAN_COMPILE_VEC256) +# endif() + +# --- Tests + +# Get gtests +include(FetchContent) +FetchContent_Declare(googletest +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip +) + +# For Windows: Prevent overriding the parent project's compiler/linker settings +set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) +FetchContent_MakeAvailable(googletest) + +# Get nlohmann json +FetchContent_Declare(json +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip +) +FetchContent_MakeAvailable(json) + +add_executable(ml_kem_test + ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc +) +target_link_libraries(ml_kem_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) +target_compile_definitions(ml_kem_test PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_test PRIVATE + -mavx + -mavx2 +) + +add_executable(sha3_test + ${PROJECT_SOURCE_DIR}/tests/sha3.cc +) +target_link_libraries(sha3_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) +target_compile_definitions(sha3_test PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(sha3_test PRIVATE + -mavx + -mavx2 +) + +# --- Benchmarks + +FetchContent_Populate(benchmark + GIT_REPOSITORY https://github.com/google/benchmark.git + # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 + # But also: need the fix for https://github.com/google/benchmark/pull/1669 + GIT_TAG bc946b919cac6f25a199a526da571638cfde109f +) +add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) + +add_executable(ml_kem_bench + ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc +) +target_link_libraries(ml_kem_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_bench PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_keygen + ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc +) +target_link_libraries(ml_kem_keygen PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_keygen PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_encaps + ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc +) +target_link_libraries(ml_kem_encaps PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_encaps PRIVATE + -mavx + -mavx2 +) + +add_executable(sha3_bench + ${PROJECT_SOURCE_DIR}/benches/sha3.cc +) +target_link_libraries(sha3_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(sha3_bench PRIVATE + -mavx + -mavx2 +) diff --git a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ new file mode 100644 index 000000000..e48282abd --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ @@ -0,0 +1,185 @@ +# cmake -B build -G "Ninja Multi-Config" +# cmake --build build +# # For release (benchmarks) +# cmake --build build --config Release + +cmake_minimum_required(VERSION 3.10) + +project(libcrux-ml-kem + VERSION 0.1.0 + LANGUAGES C CXX +) + +set(CMAKE_C_STANDARD 11) +add_compile_options( + -Wall + # -Wextra + # -pedantic + # -Wconversion + # -Wsign-conversion + $<$:-g> + $<$:-Og> + $<$:-g> + $<$:-O3> + -fno-omit-frame-pointer +) +set(CMAKE_COLOR_DIAGNOSTICS "ON") +include_directories( + ${PROJECT_SOURCE_DIR} + ${PROJECT_SOURCE_DIR}/internal + ${PROJECT_SOURCE_DIR}/karamel/include + ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/ +) +file(GLOB SOURCES + ${PROJECT_SOURCE_DIR}/libcrux_core.c + ${PROJECT_SOURCE_DIR}/libcrux_platform.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c + ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c + ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Scalar.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3.c +) +# file(GLOB VEC128_SOURCES +# libcrux_sha3_neon.c +# ) +file(GLOB SOURCES_vec256 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c + ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Simd256.c + ${PROJECT_SOURCE_DIR}/sha3_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c +) + +if(${CMAKE_SYSTEM_NAME} MATCHES Linux) + add_compile_options( + -fPIC + ) +endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) + +add_library(ml_kem SHARED ${SOURCES}) +add_library(ml_kem_static STATIC ${SOURCES}) + +# XXX: This is wrong, but we need avx2 everywhere right now. +target_compile_definitions(ml_kem PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_definitions(ml_kem_static PUBLIC HACL_CAN_COMPILE_VEC256) + +# if(LIBCRUX_VEC256) +add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) +target_compile_options(ml_kem_vec256 PRIVATE + -mavx + -mavx2 +) +target_compile_definitions(ml_kem_vec256 PUBLIC HACL_CAN_COMPILE_VEC256) +# endif() + +# --- Tests + +# Get gtests +include(FetchContent) +FetchContent_Declare(googletest +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip +) + +# For Windows: Prevent overriding the parent project's compiler/linker settings +set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) +FetchContent_MakeAvailable(googletest) + +# Get nlohmann json +FetchContent_Declare(json +DOWNLOAD_EXTRACT_TIMESTAMP TRUE + URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip +) +FetchContent_MakeAvailable(json) + +add_executable(ml_kem_test + ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc +) +target_link_libraries(ml_kem_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) +target_compile_definitions(ml_kem_test PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_test PRIVATE + -mavx + -mavx2 +) + +add_executable(sha3_test + ${PROJECT_SOURCE_DIR}/tests/sha3.cc +) +target_link_libraries(sha3_test PRIVATE + ml_kem_static + gtest_main + nlohmann_json::nlohmann_json +) +target_compile_definitions(sha3_test PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(sha3_test PRIVATE + -mavx + -mavx2 +) + +# --- Benchmarks + +FetchContent_Populate(benchmark + GIT_REPOSITORY https://github.com/google/benchmark.git + # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 + # But also: need the fix for https://github.com/google/benchmark/pull/1669 + GIT_TAG bc946b919cac6f25a199a526da571638cfde109f +) +add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) + +add_executable(ml_kem_bench + ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc +) +target_link_libraries(ml_kem_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_bench PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_keygen + ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc +) +target_link_libraries(ml_kem_keygen PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_keygen PRIVATE + -mavx + -mavx2 +) + +add_executable(ml_kem_encaps + ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc +) +target_link_libraries(ml_kem_encaps PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(ml_kem_encaps PRIVATE + -mavx + -mavx2 +) + +add_executable(sha3_bench + ${PROJECT_SOURCE_DIR}/benches/sha3.cc +) +target_link_libraries(sha3_bench PRIVATE + ml_kem_static + benchmark::benchmark +) +target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) +target_compile_options(sha3_bench PRIVATE + -mavx + -mavx2 +) diff --git a/libcrux-ml-kem/c-sha3-speedup/avx2 b/libcrux-ml-kem/c-sha3-speedup/avx2 new file mode 100644 index 000000000..eee258a04 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/avx2 @@ -0,0 +1,489 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_intrinsics_avx2_H +#define __libcrux_intrinsics_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "immintrin.h" + +typedef __m128i core_core_arch_x86___m128i; +typedef __m256i core_core_arch_x86___m256i; + +// Cast and Convert + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a){ + return _mm256_castsi256_si128(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a){ + return _mm256_cvtepi16_epi32(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a){ + return _mm256_castsi128_si256(a); +} + +// Initialize, Load, Store + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void){ + return _mm256_setzero_si256(); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a){ + return _mm256_set1_epi16(a); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a){ + return _mm256_set1_epi32(a); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a){ + return _mm256_set1_epi64x(a); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ + return _mm_set1_epi16(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16( + int16_t x0, + int16_t x1, + int16_t x2, + int16_t x3, + int16_t x4, + int16_t x5, + int16_t x6, + int16_t x7, + int16_t x8, + int16_t x9, + int16_t x10, + int16_t x11, + int16_t x12, + int16_t x13, + int16_t x14, + int16_t x15 +){ + return _mm256_set_epi16(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, + int8_t x1, + int8_t x2, + int8_t x3, + int8_t x4, + int8_t x5, + int8_t x6, + int8_t x7, + int8_t x8, + int8_t x9, + int8_t x10, + int8_t x11, + int8_t x12, + int8_t x13, + int8_t x14, + int8_t x15, + int8_t x16, + int8_t x17, + int8_t x18, + int8_t x19, + int8_t x20, + int8_t x21, + int8_t x22, + int8_t x23, + int8_t x24, + int8_t x25, + int8_t x26, + int8_t x27, + int8_t x28, + int8_t x29, + int8_t x30, + int8_t x31 +){ + return _mm256_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15, + x16,x17,x18,x19,x20,x21,x22,x23, + x24,x25,x26,x27,x28,x29,x30,x31); + +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, + uint8_t x1, + uint8_t x2, + uint8_t x3, + uint8_t x4, + uint8_t x5, + uint8_t x6, + uint8_t x7, + uint8_t x8, + uint8_t x9, + uint8_t x10, + uint8_t x11, + uint8_t x12, + uint8_t x13, + uint8_t x14, + uint8_t x15 +){ + return _mm_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15); +} + + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32( + int32_t x0, + int32_t x1, + int32_t x2, + int32_t x3, + int32_t x4, + int32_t x5, + int32_t x6, + int32_t x7 +){ + return _mm256_set_epi32(x0,x1,x2,x3,x4,x5,x6,x7); +} + + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ + return _mm256_loadu_si256((const __m256i*) a.ptr); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ + return _mm256_loadu_si256((const __m256i*) a.ptr); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ + return _mm_loadu_si128((const __m128i*) a.ptr); +} + + +static inline void +libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ + return _mm_storeu_si128((__m128i*) a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice a, + core_core_arch_x86___m256i b +){ + return _mm256_storeu_si256((__m256i*) a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice a, + core_core_arch_x86___m256i b +){ + return _mm256_storeu_si256((__m256i*) a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ + return _mm_storeu_si128((__m128i*) a.ptr,b); +} + +// Arithmetic: Add, Sub + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b + ){ + return _mm256_add_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_add_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_add_epi16(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_sub_epi16(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_sub_epi16(a,b); +} + +// Arithmetic: Mul low and high, Mul-Add combinations + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mullo_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mulhi_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mul_epu32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mullo_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_mullo_epi16(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_mulhi_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_madd_epi16(a,b); +} + +// Comparison + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_cmpgt_epi16(a,b); +} + +// Bitwise operations + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_and_si256(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_andnot_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_andnot_si256(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_xor_si256(a,b); +} + +static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ + return _mm_movemask_epi8(a); +} + +// Shift operations +#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b,a)) + +#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b,a)) + + +#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b,a)) + +#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b,a)) + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_slli_epi64(b,a); +} + +#define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) + +#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b,a)) + +#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b,a)) + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_sllv_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srli_epi64(b,a); +} + +#define libcrux_intrinsics_avx2_mm256_srli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_srli_epi64_(a,b)) + +// Shuffle and Vector Interleaving + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpacklo_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpacklo_epi64(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpackhi_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpackhi_epi64(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_packs_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_packs_epi16(a,b); +} + + +#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ + (_mm256_shuffle_epi32(b,a)) + +#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ + (_mm256_extracti128_si256(b,a)) + +#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ + (_mm256_permute4x64_epi64(b,a)) + +#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) + +#define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ + a,\ + b,\ + c,\ + _\ +) (_mm256_inserti128_si256(b,c,a)) + +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b,c,_) \ + (_mm256_blend_epi16(b,c,a)) + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_shuffle_epi8(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_permutevar8x32_epi32(a,b); +} + + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_shuffle_epi8(a,b); +} + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc new file mode 100644 index 000000000..680f648e7 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc @@ -0,0 +1,72 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +static void +kyber768_key_generation(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + + for (auto _ : state) + { + key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + } +} + +static void +kyber768_encapsulation(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + } +} + +static void +kyber768_decapsulation(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + } +} + +BENCHMARK(kyber768_key_generation); +BENCHMARK(kyber768_encapsulation); +BENCHMARK(kyber768_decapsulation); + +BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc new file mode 100644 index 000000000..53ae6af1d --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc @@ -0,0 +1,36 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +int main(int argc, char const *argv[]) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + + for (size_t i = 0; i < 100000; i++) + { + ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + } + + return 0; +} diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc new file mode 100644 index 000000000..37eb855d2 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc @@ -0,0 +1,32 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +int main(int argc, char const *argv[]) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + + for (size_t i = 0; i < 100000; i++) + { + key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + } + return 0; +} diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc b/libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc new file mode 100644 index 000000000..cd12395a1 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc @@ -0,0 +1,127 @@ +/* + * Copyright 2022 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include + +#include "libcrux_sha3_avx2.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + + +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (int i = 0; i < output_len; i++) + output[i] = 13; +} + +static void +sha3_256_1184(benchmark::State &state) +{ + uint8_t digest[32]; + uint8_t input[1184]; + generate_random(input, 1184); + + libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); + + for (auto _ : state) + { + libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); + } +} + +static void +sha3_512_64(benchmark::State &state) +{ + uint8_t digest[64]; + uint8_t input[64]; + generate_random(input, 64); + + libcrux_sha3_portable_sha512(EURYDICE_SLICE(input, 0, 64), EURYDICE_SLICE(digest, 0, 64)); + + for (auto _ : state) + { + libcrux_sha3_portable_sha512(EURYDICE_SLICE(input, 0, 64), EURYDICE_SLICE(digest, 0, 64)); + } +} + +static void +shake128_34_504(benchmark::State &state) +{ + uint8_t digest0[504]; + uint8_t digest1[504]; + uint8_t digest2[504]; + uint8_t digest3[504]; + uint8_t input[34]; + generate_random(input, 34); + + libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(&st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest1,0,504),EURYDICE_SLICE(digest2,0,504),EURYDICE_SLICE(digest3,0,504)); + + + for (auto _ : state) + { + libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(&st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest1,0,504),EURYDICE_SLICE(digest2,0,504),EURYDICE_SLICE(digest3,0,504)); + } +} + +static void +shake256_1120_32(benchmark::State &state) +{ + uint8_t input[1120]; + generate_random(input, 1120); + + uint8_t digest0[32]; + uint8_t digest1[32]; + uint8_t digest2[32]; + uint8_t digest3[32]; + Eurydice_slice out0 = EURYDICE_SLICE(digest0, 0, 32); + Eurydice_slice out1 = EURYDICE_SLICE(digest1, 0, 32); + Eurydice_slice out2 = EURYDICE_SLICE(digest2, 0, 32); + Eurydice_slice out3 = EURYDICE_SLICE(digest3, 0, 32); + + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), out0, out1, out2, out3); + + for (auto _ : state) + { + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), out0, out1, out2, out3); + } +} + +static void +shake256_33_128(benchmark::State &state) +{ + uint8_t input[33]; + generate_random(input, 33); + + uint8_t digest0[128]; + uint8_t digest1[128]; + uint8_t digest2[128]; + uint8_t digest3[128]; + Eurydice_slice out0 = EURYDICE_SLICE(digest0, 0, 128); + Eurydice_slice out1 = EURYDICE_SLICE(digest1, 0, 128); + Eurydice_slice out2 = EURYDICE_SLICE(digest2, 0, 128); + Eurydice_slice out3 = EURYDICE_SLICE(digest3, 0, 128); + + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), out0, out1, out2, out3); + + for (auto _ : state) + { + libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), out0, out1, out2, out3); + } +} + +BENCHMARK(sha3_256_1184); +BENCHMARK(sha3_512_64); +BENCHMARK(shake128_34_504); +BENCHMARK(shake256_1120_32); +BENCHMARK(shake256_33_128); + +BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h b/libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h new file mode 100644 index 000000000..dd4888af3 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h @@ -0,0 +1,246 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. +// the number of elements in the slice (this is NOT the number of bytes). This design choice has two +// important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end +// index in x (excluded). The argument x must be suitably cast to something that can decay (see +// remark above about how pointer arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +#define EURYDICE_SLICE_LEN(s, _) s.len +// This macro is a pain because in case the dereferenced element type is an +// array, you cannot simply write `t x` as it would yield `int[4] x` instead, +// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that +// adds an extra argument to this macro at the last minute so that we have the +// correct type of *pointers* to elements. +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t) s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) + +#define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ + (memcpy(dst, src, len * sizeof(elem_type))) +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + ((ret_t){ \ + .fst = { .ptr = slice.ptr, .len = mid }, \ + .snd = { .ptr = slice.ptr + mid * sizeof(element_type), .len = slice.len - mid }}) + + +// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. +typedef struct +{ + uint8_t tag; + uint8_t case_Ok[]; +} +result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { + store64_le(buf,v); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + return load64_le(buf); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { + return x; +} + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { return __builtin_popcount(x0); } + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ + ((iter_ptr)->start == (iter_ptr)->end) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ + ) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static +// inline function cannot receive a type as an argument. Instead, we receive the element size and +// use it to peform manual offset computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; + Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); + chunks->slice = ((Eurydice_slice) { + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size + }); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ + .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ + .chunk_size = sz_ }) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t)) })) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ + (((iter)->index == (iter)->s.len) ? \ + ((ret_t) { .tag = core_option_None }) : \ + ((ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) + +// STRINGS + +typedef const char *Prims_string; + +// MISC (UNTESTED) + +typedef void *core_fmt_Formatter; +typedef void *core_fmt_Arguments; +typedef void *core_fmt_rt_Argument; +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, x4) NULL + +// VECTORS (ANCIENT, POSSIBLY UNTESTED) + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size/sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX/2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t*)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) + +#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h new file mode 100644 index 000000000..9aa756e5f --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h @@ -0,0 +1,354 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_core_H +#define __internal_libcrux_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_core.h" +#include "eurydice_glue.h" + +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); + +extern core_fmt_Arguments +core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); + +typedef struct core_option_Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +core_option_Option__size_t; + +#define CORE_NUM__U32_8__BITS (32U) + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + +#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +); + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) + +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[800U]; +} +K___uint8_t_768size_t__uint8_t_800size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U] +); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); + +libcrux_ml_kem_types_MlKemPublicKey____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uint8_t value[1568U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +); + +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s +{ + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} +K___uint8_t_1536size_t__uint8_t_1568size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t value[1568U] +); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); + +libcrux_ml_kem_types_MlKemPublicKey____1184size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uint8_t value[1184U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +); + +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s +{ + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} +K___uint8_t_1152size_t__uint8_t_1184size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t value[1088U] +); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +typedef struct K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; + +typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); + +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + +typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U] +); + +typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U] +); + +typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U] +); + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s +{ + core_option_Option__size_t_tags tag; + Eurydice_slice f0; +} +core_option_Option__Eurydice_slice_uint8_t; + +typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + int16_t case_Ok[16U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +); + +typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s +{ + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} +K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + +typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +); + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h new file mode 100644 index 000000000..a602ad3b3 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h @@ -0,0 +1,171 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_mlkem768_H +#define __internal_libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem768.h" +#include "eurydice_glue.h" + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +); + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +); + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +); + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +); + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +); + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..963e10927 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h @@ -0,0 +1,97 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_mlkem_avx2_H +#define __internal_libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem_avx2.h" +#include "eurydice_glue.h" + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h new file mode 100644 index 000000000..557f90c7a --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h @@ -0,0 +1,97 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_mlkem_neon_H +#define __internal_libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem_neon.h" +#include "eurydice_glue.h" + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h new file mode 100644 index 000000000..b30f7d486 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h @@ -0,0 +1,333 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __internal_libcrux_polynomial_H +#define __internal_libcrux_polynomial_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_core.h" +#include "../libcrux_polynomial.h" +#include "eurydice_glue.h" + +extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +extern const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +); + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +); + +typedef struct +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; + uint8_t snd; +} +K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_polynomial_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h new file mode 100644 index 000000000..b14f283be --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h @@ -0,0 +1,552 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c2.yml ../../libcrux_ml_kem.llbc F* version: a32b316e KaRaMeL version: + 020de30f + */ + +#ifndef __libcrux_intrinsics_arm64_H +#define __libcrux_intrinsics_arm64_H + +#if defined(__cplusplus) +extern "C" +{ +#endif + +#include "eurydice_glue.h" +#include + + // NEON Vector Types + typedef int16x4_t core_core_arch_arm_shared_neon_int16x4_t; + typedef uint16x4_t core_core_arch_arm_shared_neon_uint16x4_t; + typedef int8x16_t core_core_arch_arm_shared_neon_int8x16_t; + typedef uint8x16_t core_core_arch_arm_shared_neon_uint8x16_t; + typedef int16x8_t core_core_arch_arm_shared_neon_int16x8_t; + typedef uint16x8_t core_core_arch_arm_shared_neon_uint16x8_t; + typedef int32x4_t core_core_arch_arm_shared_neon_int32x4_t; + typedef uint32x4_t core_core_arch_arm_shared_neon_uint32x4_t; + typedef int64x2_t core_core_arch_arm_shared_neon_int64x2_t; + typedef uint64x2_t core_core_arch_arm_shared_neon_uint64x2_t; + + // Casting Between Vector Types + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vreinterpretq_s16_u16(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_u16_s16(a); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vreinterpretq_u32_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_u32_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vreinterpretq_s32_u32( + core_core_arch_arm_shared_neon_uint32x4_t a) + { + return vreinterpretq_s32_u32(a); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + core_core_arch_arm_shared_neon_int32x4_t a) + { + return vreinterpretq_u32_s32(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_u32( + core_core_arch_arm_shared_neon_uint32x4_t a) + { + return vreinterpretq_s16_u32(a); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_s32_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + core_core_arch_arm_shared_neon_int32x4_t a) + { + return vreinterpretq_s16_s32(a); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vreinterpretq_s64_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_s64_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + core_core_arch_arm_shared_neon_int64x2_t a) + { + return vreinterpretq_s16_s64(a); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vreinterpretq_u8_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vreinterpretq_u8_s16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + core_core_arch_arm_shared_neon_uint8x16_t a) + { + return vreinterpretq_s16_u8(a); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + core_core_arch_arm_shared_neon_int32x4_t a) + { + return vreinterpretq_s64_s32(a); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vreinterpretq_u8_s64( + core_core_arch_arm_shared_neon_int64x2_t a) + { + return vreinterpretq_u8_s64(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + core_core_arch_arm_shared_neon_uint8x16_t a) + { + return vreinterpretq_u16_u8(a); + } + + // Initialize, Load, Store + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vdupq_n_s16(int16_t c) + { + return vdupq_n_s16(c); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t a) + { + return vdupq_n_u32(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value); + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice slice) + { + return vld1q_s16((int16_t*)slice.ptr); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice slice) + { + return vld1q_u8((uint8_t*)slice.ptr); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vld1q_u16(Eurydice_slice slice) + { + return vld1q_u16((uint16_t*)slice.ptr); + } + + static inline void libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_slice out, + core_core_arch_arm_shared_neon_int16x8_t a) + { + vst1q_s16((int16_t*)out.ptr, a); + } + + static inline void libcrux_intrinsics_arm64__vst1q_u8( + Eurydice_slice out, + core_core_arch_arm_shared_neon_uint8x16_t a) + { + vst1q_u8((uint8_t*)out.ptr, a); + } + + // Arithmetic: Add, Sub + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vaddq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vaddq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vaddq_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, + core_core_arch_arm_shared_neon_uint32x4_t b) + { + return vaddq_u32(a, b); + } + + static inline int16_t libcrux_intrinsics_arm64__vaddvq_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vaddvq_s16(a); + } + + static inline uint16_t libcrux_intrinsics_arm64__vaddv_u16( + core_core_arch_arm_shared_neon_uint16x4_t a) + { + return vaddv_s16(a); + } + + static inline uint16_t libcrux_intrinsics_arm64__vaddvq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vaddvq_u16(a); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vsubq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vsubq_s16(a, b); + } + + // Arithmetic: Mul, Mul-High, Mul-Add + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vmulq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + int16_t c) + { + return vmulq_n_s16(a, c); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + int16_t c) + { + return vqdmulhq_n_s16(a, c); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vmulq_n_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, + uint16_t c) + { + return vmulq_n_s16(a, c); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + core_core_arch_arm_shared_neon_int32x4_t a, + int32_t c) + { + return vqdmulhq_n_s32(a, c); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vmulq_n_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, + uint32_t c) + { + return vmulq_n_u32(a, c); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vmulq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vmulq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vqdmulhq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vqdmulhq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmull_s16( + core_core_arch_arm_shared_neon_int16x4_t a, + core_core_arch_arm_shared_neon_int16x4_t b); + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmull_high_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vmull_high_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmlal_s16( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int16x4_t b, + core_core_arch_arm_shared_neon_int16x4_t c) + { + return vmlal_s16(a, b, c); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vmlal_high_s16( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int16x8_t b, + core_core_arch_arm_shared_neon_int16x8_t c) + { + return vmlal_high_s16(a, b, c); + } + + // Comparisons + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vcgeq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vcgeq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vcleq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vcleq_s16(a, b); + } + + // Bitwise Operations + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vandq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vandq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__veorq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return veorq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint32x4_t + libcrux_intrinsics_arm64__vandq_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, + core_core_arch_arm_shared_neon_uint32x4_t b) + { + return vandq_u32(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vandq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, + core_core_arch_arm_shared_neon_uint16x8_t b) + { + return vandq_u16(a, b); + } + + // Shift Operations + +#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a) \ + (vshrq_n_s16(a, SHIFT_BY)) + +#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a) \ + (vshrq_n_u16(a, SHIFT_BY)) + +#define libcrux_intrinsics_arm64__vshrq_n_u32(N, a) (vshrq_n_u32(a, N)) + +#define libcrux_intrinsics_arm64__vshlq_n_u32(N, a) (vshlq_n_u32(a, N)) + +#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a) \ + (vshlq_n_s16(a, SHIFT_BY)) + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vshlq_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vshlq_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_uint16x8_t + libcrux_intrinsics_arm64__vshlq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vshlq_u16(a, b); + } + +#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b) (vsliq_n_s16(a, b, N)) + +#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b) (vsliq_n_s64(a, b, N)) + + // Transpose and Vector Manipulations + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vtrn1q_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vtrn1q_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x8_t + libcrux_intrinsics_arm64__vtrn2q_s16( + core_core_arch_arm_shared_neon_int16x8_t a, + core_core_arch_arm_shared_neon_int16x8_t b) + { + return vtrn2q_s16(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vtrn1q_s32( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int32x4_t b) + { + return vtrn1q_s32(a, b); + } + + static inline core_core_arch_arm_shared_neon_int32x4_t + libcrux_intrinsics_arm64__vtrn2q_s32( + core_core_arch_arm_shared_neon_int32x4_t a, + core_core_arch_arm_shared_neon_int32x4_t b) + { + return vtrn2q_s32(a, b); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vtrn1q_s64( + core_core_arch_arm_shared_neon_int64x2_t a, + core_core_arch_arm_shared_neon_int64x2_t b) + { + return vtrn1q_s64(a, b); + } + + static inline core_core_arch_arm_shared_neon_int64x2_t + libcrux_intrinsics_arm64__vtrn2q_s64( + core_core_arch_arm_shared_neon_int64x2_t a, + core_core_arch_arm_shared_neon_int64x2_t b) + { + return vtrn2q_s64(a, b); + } + + static inline core_core_arch_arm_shared_neon_int16x4_t + libcrux_intrinsics_arm64__vget_low_s16( + core_core_arch_arm_shared_neon_int16x8_t a) + { + return vget_low_s16(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x4_t + libcrux_intrinsics_arm64__vget_low_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vget_low_u16(a); + } + + static inline core_core_arch_arm_shared_neon_uint16x4_t + libcrux_intrinsics_arm64__vget_high_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) + { + return vget_high_u16(a); + } + + static inline core_core_arch_arm_shared_neon_uint8x16_t + libcrux_intrinsics_arm64__vqtbl1q_u8( + core_core_arch_arm_shared_neon_uint8x16_t a, + core_core_arch_arm_shared_neon_uint8x16_t b) + { + return vqtbl1q_u8(a, b); + } + +#define libcrux_intrinsics_arm64__vshlq_n_u64(SHIFT_BY, x, _ret_t) \ + (vshlq_n_u64(x, SHIFT_BY)) + +#define libcrux_intrinsics_arm64__vshrq_n_u64(SHIFT_BY, x, _ret_t) \ + (vshrq_n_u64(x, SHIFT_BY)) + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__veorq_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return veorq_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vbicq_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return vbicq_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0) + { + return vdupq_n_u64(x0); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0) + { + return vld1q_u64((uint64_t*)x0.ptr); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vtrn1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return vtrn1q_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vtrn2q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + return vtrn2q_u64(x0, x1); + } + + static inline core_core_arch_arm_shared_neon_uint64x2_t + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0) + { + return vld1q_u64((uint64_t*)x0.ptr); + } + + static inline void libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice x0, + core_core_arch_arm_shared_neon_uint64x2_t x1) + { + vst1q_u64((uint64_t*)x0.ptr, x1); + } + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_arm64_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h new file mode 100644 index 000000000..eee258a04 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h @@ -0,0 +1,489 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc + F* version: + KaRaMeL version: + */ + +#ifndef __libcrux_intrinsics_avx2_H +#define __libcrux_intrinsics_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "immintrin.h" + +typedef __m128i core_core_arch_x86___m128i; +typedef __m256i core_core_arch_x86___m256i; + +// Cast and Convert + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a){ + return _mm256_castsi256_si128(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a){ + return _mm256_cvtepi16_epi32(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a){ + return _mm256_castsi128_si256(a); +} + +// Initialize, Load, Store + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void){ + return _mm256_setzero_si256(); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a){ + return _mm256_set1_epi16(a); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a){ + return _mm256_set1_epi32(a); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a){ + return _mm256_set1_epi64x(a); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ + return _mm_set1_epi16(a); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16( + int16_t x0, + int16_t x1, + int16_t x2, + int16_t x3, + int16_t x4, + int16_t x5, + int16_t x6, + int16_t x7, + int16_t x8, + int16_t x9, + int16_t x10, + int16_t x11, + int16_t x12, + int16_t x13, + int16_t x14, + int16_t x15 +){ + return _mm256_set_epi16(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, + int8_t x1, + int8_t x2, + int8_t x3, + int8_t x4, + int8_t x5, + int8_t x6, + int8_t x7, + int8_t x8, + int8_t x9, + int8_t x10, + int8_t x11, + int8_t x12, + int8_t x13, + int8_t x14, + int8_t x15, + int8_t x16, + int8_t x17, + int8_t x18, + int8_t x19, + int8_t x20, + int8_t x21, + int8_t x22, + int8_t x23, + int8_t x24, + int8_t x25, + int8_t x26, + int8_t x27, + int8_t x28, + int8_t x29, + int8_t x30, + int8_t x31 +){ + return _mm256_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15, + x16,x17,x18,x19,x20,x21,x22,x23, + x24,x25,x26,x27,x28,x29,x30,x31); + +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, + uint8_t x1, + uint8_t x2, + uint8_t x3, + uint8_t x4, + uint8_t x5, + uint8_t x6, + uint8_t x7, + uint8_t x8, + uint8_t x9, + uint8_t x10, + uint8_t x11, + uint8_t x12, + uint8_t x13, + uint8_t x14, + uint8_t x15 +){ + return _mm_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, + x8,x9,x10,x11,x12,x13,x14,x15); +} + + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32( + int32_t x0, + int32_t x1, + int32_t x2, + int32_t x3, + int32_t x4, + int32_t x5, + int32_t x6, + int32_t x7 +){ + return _mm256_set_epi32(x0,x1,x2,x3,x4,x5,x6,x7); +} + + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ + return _mm256_loadu_si256((const __m256i*) a.ptr); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ + return _mm256_loadu_si256((const __m256i*) a.ptr); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ + return _mm_loadu_si128((const __m128i*) a.ptr); +} + + +static inline void +libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ + return _mm_storeu_si128((__m128i*) a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice a, + core_core_arch_x86___m256i b +){ + return _mm256_storeu_si256((__m256i*) a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice a, + core_core_arch_x86___m256i b +){ + return _mm256_storeu_si256((__m256i*) a.ptr,b); +} + +static inline void +libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ + return _mm_storeu_si128((__m128i*) a.ptr,b); +} + +// Arithmetic: Add, Sub + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b + ){ + return _mm256_add_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_add_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_add_epi16(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_sub_epi16(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_sub_epi16(a,b); +} + +// Arithmetic: Mul low and high, Mul-Add combinations + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mullo_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mulhi_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mul_epu32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_mullo_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_mullo_epi16(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_mulhi_epi16(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_madd_epi16(a,b); +} + +// Comparison + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_cmpgt_epi16(a,b); +} + +// Bitwise operations + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_and_si256(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_andnot_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_andnot_si256(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_xor_si256(a,b); +} + +static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ + return _mm_movemask_epi8(a); +} + +// Shift operations +#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b,a)) + +#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b,a)) + + +#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b,a)) + +#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b,a)) + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_slli_epi64(b,a); +} + +#define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) + +#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b,a)) + +#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b,a)) + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_sllv_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b){ + return _mm256_srli_epi64(b,a); +} + +#define libcrux_intrinsics_avx2_mm256_srli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_srli_epi64_(a,b)) + +// Shuffle and Vector Interleaving + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpacklo_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpacklo_epi64(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpackhi_epi32(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_unpackhi_epi64(a,b); +} + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_packs_epi32(a,b); +} + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_packs_epi16(a,b); +} + + +#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ + (_mm256_shuffle_epi32(b,a)) + +#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ + (_mm256_extracti128_si256(b,a)) + +#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ + (_mm256_permute4x64_epi64(b,a)) + +#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) + +#define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ + a,\ + b,\ + c,\ + _\ +) (_mm256_inserti128_si256(b,c,a)) + +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b,c,_) \ + (_mm256_blend_epi16(b,c,a)) + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_shuffle_epi8(a,b); +} + + +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +){ + return _mm256_permutevar8x32_epi32(a,b); +} + + +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8( + core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b +){ + return _mm_shuffle_epi8(a,b); +} + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_intrinsics_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h new file mode 100644 index 000000000..21d7e1b4f --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h @@ -0,0 +1,13 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_ENDIAN_H +#define __KRML_ENDIAN_H + +#ifdef __GNUC__ +#warning "c_endianness.h is deprecated, include lowstar_endianness.h instead" +#endif + +#include "lowstar_endianness.h" + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h new file mode 100644 index 000000000..174ae59e3 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h @@ -0,0 +1,81 @@ +#ifndef __FSTAR_INT_H +#define __FSTAR_INT_H + +#include "internal/types.h" + +/* + * Arithmetic Shift Right operator + * + * In all C standards, a >> b is implementation-defined when a has a signed + * type and a negative value. See e.g. 6.5.7 in + * http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2310.pdf + * + * GCC, MSVC, and Clang implement a >> b as an arithmetic shift. + * + * GCC: https://gcc.gnu.org/onlinedocs/gcc-9.1.0/gcc/Integers-implementation.html#Integers-implementation + * MSVC: https://docs.microsoft.com/en-us/cpp/cpp/left-shift-and-right-shift-operators-input-and-output?view=vs-2019#right-shifts + * Clang: tested that Clang 7, 8 and 9 compile this to an arithmetic shift + * + * We implement arithmetic shift right simply as >> in these compilers + * and bail out in others. + */ + +#if !(defined(_MSC_VER) || defined(__GNUC__) || (defined(__clang__) && (__clang_major__ >= 7))) + +static inline +int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +static inline +int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +static inline +int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +static inline +int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { + do { + KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EXIT(255); + } while (0); +} + +#else + +static inline +int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { + return (a >> b); +} + +static inline +int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { + return (a >> b); +} + +static inline +int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { + return (a >> b); +} + +static inline +int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { + return (a >> b); +} + +#endif /* !(defined(_MSC_VER) ... ) */ + +#endif /* __FSTAR_INT_H */ diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h new file mode 100644 index 000000000..6098f30be --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h @@ -0,0 +1,18 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_BUILTIN_H +#define __KRML_BUILTIN_H + +/* For alloca, when using KaRaMeL's -falloca */ +#if (defined(_WIN32) || defined(_WIN64)) +# include +#elif (defined(sun)) +# include +#endif + +/* If some globals need to be initialized before the main, then karamel will + * generate and try to link last a function with this type: */ +void krmlinit_globals(void); + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h new file mode 100644 index 000000000..aeca0ba71 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h @@ -0,0 +1,27 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_CALLCONV_H +#define __KRML_CALLCONV_H + +/******************************************************************************/ +/* Some macros to ease compatibility (TODO: move to miTLS) */ +/******************************************************************************/ + +/* We want to generate __cdecl safely without worrying about it being undefined. + * When using MSVC, these are always defined. When using MinGW, these are + * defined too. They have no meaning for other platforms, so we define them to + * be empty macros in other situations. */ +#ifndef _MSC_VER +#ifndef __cdecl +#define __cdecl +#endif +#ifndef __stdcall +#define __stdcall +#endif +#ifndef __fastcall +#define __fastcall +#endif +#endif + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h new file mode 100644 index 000000000..b557bbc1b --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h @@ -0,0 +1,32 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef KRML_COMPAT_H +#define KRML_COMPAT_H + +#include + +/* A series of macros that define C implementations of types that are not Low*, + * to facilitate porting programs to Low*. */ + +typedef struct { + uint32_t length; + const char *data; +} FStar_Bytes_bytes; + +typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int, + krml_checked_int_t; + +#define RETURN_OR(x) \ + do { \ + int64_t __ret = x; \ + if (__ret < INT32_MIN || INT32_MAX < __ret) { \ + KRML_HOST_PRINTF( \ + "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \ + __LINE__); \ + KRML_HOST_EXIT(252); \ + } \ + return (int32_t)__ret; \ + } while (0) + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h new file mode 100644 index 000000000..786db147e --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h @@ -0,0 +1,57 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_DEBUG_H +#define __KRML_DEBUG_H + +#include + +#include "krml/internal/target.h" + +/******************************************************************************/ +/* Debugging helpers - intended only for KaRaMeL developers */ +/******************************************************************************/ + +/* In support of "-wasm -d force-c": we might need this function to be + * forward-declared, because the dependency on WasmSupport appears very late, + * after SimplifyWasm, and sadly, after the topological order has been done. */ +void WasmSupport_check_buffer_size(uint32_t s); + +/* A series of GCC atrocities to trace function calls (karamel's [-d c-calls] + * option). Useful when trying to debug, say, Wasm, to compare traces. */ +/* clang-format off */ +#ifdef __GNUC__ +#define KRML_FORMAT(X) _Generic((X), \ + uint8_t : "0x%08" PRIx8, \ + uint16_t: "0x%08" PRIx16, \ + uint32_t: "0x%08" PRIx32, \ + uint64_t: "0x%08" PRIx64, \ + int8_t : "0x%08" PRIx8, \ + int16_t : "0x%08" PRIx16, \ + int32_t : "0x%08" PRIx32, \ + int64_t : "0x%08" PRIx64, \ + default : "%s") + +#define KRML_FORMAT_ARG(X) _Generic((X), \ + uint8_t : X, \ + uint16_t: X, \ + uint32_t: X, \ + uint64_t: X, \ + int8_t : X, \ + int16_t : X, \ + int32_t : X, \ + int64_t : X, \ + default : "unknown") +/* clang-format on */ + +# define KRML_DEBUG_RETURN(X) \ + ({ \ + __auto_type _ret = (X); \ + KRML_HOST_PRINTF("returning: "); \ + KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \ + KRML_HOST_PRINTF(" \n"); \ + _ret; \ + }) +#endif + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h new file mode 100644 index 000000000..d4252a108 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h @@ -0,0 +1,384 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KRML_TARGET_H +#define __KRML_TARGET_H + +#include +#include +#include +#include +#include +#include +#include + +/* Since KaRaMeL emits the inline keyword unconditionally, we follow the + * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this + * __inline__ to ensure the code compiles with -std=c90 and earlier. */ +#ifdef __GNUC__ +# define inline __inline__ +#endif + +/******************************************************************************/ +/* Macros that KaRaMeL will generate. */ +/******************************************************************************/ + +/* For "bare" targets that do not have a C stdlib, the user might want to use + * [-add-early-include '"mydefinitions.h"'] and override these. */ +#ifndef KRML_HOST_PRINTF +# define KRML_HOST_PRINTF printf +#endif + +#if ( \ + (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + (!(defined KRML_HOST_EPRINTF))) +# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER) +# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#endif + +#ifndef KRML_HOST_EXIT +# define KRML_HOST_EXIT exit +#endif + +#ifndef KRML_HOST_MALLOC +# define KRML_HOST_MALLOC malloc +#endif + +#ifndef KRML_HOST_CALLOC +# define KRML_HOST_CALLOC calloc +#endif + +#ifndef KRML_HOST_FREE +# define KRML_HOST_FREE free +#endif + +#ifndef KRML_HOST_IGNORE +# define KRML_HOST_IGNORE(x) (void)(x) +#endif + +#ifndef KRML_MAYBE_UNUSED_VAR +# define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x) +#endif + +#ifndef KRML_MAYBE_UNUSED +# if defined(__GNUC__) +# define KRML_MAYBE_UNUSED __attribute__((unused)) +# else +# define KRML_MAYBE_UNUSED +# endif +#endif + +#ifndef KRML_NOINLINE +# if defined(_MSC_VER) +# define KRML_NOINLINE __declspec(noinline) +# elif defined (__GNUC__) +# define KRML_NOINLINE __attribute__((noinline,unused)) +# else +# define KRML_NOINLINE +# warning "The KRML_NOINLINE macro is not defined for this toolchain!" +# warning "The compiler may defeat side-channel resistance with optimizations." +# warning "Please locate target.h and try to fill it out with a suitable definition for this compiler." +# endif +#endif + +#ifndef KRML_PRE_ALIGN +# ifdef _MSC_VER +# define KRML_PRE_ALIGN(X) __declspec(align(X)) +# else +# define KRML_PRE_ALIGN(X) +# endif +#endif + +#ifndef KRML_POST_ALIGN +# ifdef _MSC_VER +# define KRML_POST_ALIGN(X) +# else +# define KRML_POST_ALIGN(X) __attribute__((aligned(X))) +# endif +#endif + +/* MinGW-W64 does not support C11 aligned_alloc, but it supports + * MSVC's _aligned_malloc. + */ +#ifndef KRML_ALIGNED_MALLOC +# ifdef __MINGW32__ +# include <_mingw.h> +# endif +# if ( \ + defined(_MSC_VER) || \ + (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) +# define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X) +# else +# define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y) +# endif +#endif + +/* Since aligned allocations with MinGW-W64 are done with + * _aligned_malloc (see above), such pointers must be freed with + * _aligned_free. + */ +#ifndef KRML_ALIGNED_FREE +# ifdef __MINGW32__ +# include <_mingw.h> +# endif +# if ( \ + defined(_MSC_VER) || \ + (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) +# define KRML_ALIGNED_FREE(X) _aligned_free(X) +# else +# define KRML_ALIGNED_FREE(X) free(X) +# endif +#endif + +#ifndef KRML_HOST_TIME + +# include + +/* Prims_nat not yet in scope */ +inline static int32_t krml_time(void) { + return (int32_t)time(NULL); +} + +# define KRML_HOST_TIME krml_time +#endif + +/* In statement position, exiting is easy. */ +#define KRML_EXIT \ + do { \ + KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \ + KRML_HOST_EXIT(254); \ + } while (0) + +/* In expression position, use the comma-operator and a malloc to return an + * expression of the right size. KaRaMeL passes t as the parameter to the macro. + */ +#define KRML_EABORT(t, msg) \ + (KRML_HOST_PRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \ + KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t)))) + +/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of + * *elements*. Do an ugly, run-time check (some of which KaRaMeL can eliminate). + */ +#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) +# define _KRML_CHECK_SIZE_PRAGMA \ + _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") +#else +# define _KRML_CHECK_SIZE_PRAGMA +#endif + +#define KRML_CHECK_SIZE(size_elt, sz) \ + do { \ + _KRML_CHECK_SIZE_PRAGMA \ + if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ + KRML_HOST_PRINTF( \ + "Maximum allocatable size exceeded, aborting before overflow at " \ + "%s:%d\n", \ + __FILE__, __LINE__); \ + KRML_HOST_EXIT(253); \ + } \ + } while (0) + +#if defined(_MSC_VER) && _MSC_VER < 1900 +# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) \ + _snprintf_s(buf, sz, _TRUNCATE, fmt, arg) +#else +# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg) +#endif + +#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) +# define KRML_DEPRECATED(x) __attribute__((deprecated(x))) +#elif defined(__GNUC__) +/* deprecated attribute is not defined in GCC < 4.5. */ +# define KRML_DEPRECATED(x) +#elif defined(_MSC_VER) +# define KRML_DEPRECATED(x) __declspec(deprecated(x)) +#endif + +/* Macros for prettier unrolling of loops */ +#define KRML_LOOP1(i, n, x) { \ + x \ + i += n; \ + (void) i; \ +} + +#define KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP3(i, n, x) \ + KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP5(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP6(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP7(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP3(i, n, x) + +#define KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP4(i, n, x) + +#define KRML_LOOP9(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP10(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP11(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP3(i, n, x) + +#define KRML_LOOP12(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) + +#define KRML_LOOP13(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP5(i, n, x) + +#define KRML_LOOP14(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP6(i, n, x) + +#define KRML_LOOP15(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP7(i, n, x) + +#define KRML_LOOP16(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP8(i, n, x) + +#define KRML_UNROLL_FOR(i, z, n, k, x) \ + do { \ + uint32_t i = z; \ + KRML_LOOP##n(i, k, x) \ + } while (0) + +#define KRML_ACTUAL_FOR(i, z, n, k, x) \ + do { \ + for (uint32_t i = z; i < n; i += k) { \ + x \ + } \ + } while (0) + +#ifndef KRML_UNROLL_MAX +# define KRML_UNROLL_MAX 16 +#endif + +/* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */ +#if 0 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR0(i, z, n, k, x) +#else +# define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 1 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x) +#else +# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 2 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x) +#else +# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 3 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x) +#else +# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 4 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x) +#else +# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 5 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x) +#else +# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 6 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x) +#else +# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 7 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x) +#else +# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 8 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x) +#else +# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 9 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x) +#else +# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 10 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x) +#else +# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 11 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x) +#else +# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 12 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x) +#else +# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 13 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x) +#else +# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 14 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x) +#else +# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 15 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x) +#else +# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 16 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x) +#else +# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h new file mode 100644 index 000000000..e41b39be9 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h @@ -0,0 +1,105 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef KRML_TYPES_H +#define KRML_TYPES_H + +#include +#include +#include +#include + +/* Types which are either abstract, meaning that have to be implemented in C, or + * which are models, meaning that they are swapped out at compile-time for + * hand-written C types (in which case they're marked as noextract). */ + +typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_; +typedef int64_t FStar_Int64_t, FStar_Int64_t_; +typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_; +typedef int32_t FStar_Int32_t, FStar_Int32_t_; +typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_; +typedef int16_t FStar_Int16_t, FStar_Int16_t_; +typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_; +typedef int8_t FStar_Int8_t, FStar_Int8_t_; + +/* Only useful when building krmllib, because it's in the dependency graph of + * FStar.Int.Cast. */ +typedef uint64_t FStar_UInt63_t, FStar_UInt63_t_; +typedef int64_t FStar_Int63_t, FStar_Int63_t_; + +typedef double FStar_Float_float; +typedef uint32_t FStar_Char_char; +typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write; + +typedef void *FStar_Dyn_dyn; + +typedef const char *C_String_t, *C_String_t_, *C_Compat_String_t, *C_Compat_String_t_; + +typedef int exit_code; +typedef FILE *channel; + +typedef unsigned long long TestLib_cycles; + +typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan; + +/* Now Prims.string is no longer illegal with the new model in LowStar.Printf; + * it's operations that produce Prims_string which are illegal. Bring the + * definition into scope by default. */ +typedef const char *Prims_string; + +#if (defined(_MSC_VER) && defined(_M_X64) && !defined(__clang__)) +#define IS_MSVC64 1 +#endif + +/* This code makes a number of assumptions and should be refined. In particular, + * it assumes that: any non-MSVC amd64 compiler supports int128. Maybe it would + * be easier to just test for defined(__SIZEOF_INT128__) only? */ +#if (defined(__x86_64__) || \ + defined(__x86_64) || \ + defined(__aarch64__) || \ + (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \ + defined(__s390x__) || \ + (defined(_MSC_VER) && defined(_M_X64) && defined(__clang__)) || \ + (defined(__mips__) && defined(__LP64__)) || \ + (defined(__riscv) && __riscv_xlen == 64) || \ + defined(__SIZEOF_INT128__)) +#define HAS_INT128 1 +#endif + +/* The uint128 type is a special case since we offer several implementations of + * it, depending on the compiler and whether the user wants the verified + * implementation or not. */ +#if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) +# include +typedef __m128i FStar_UInt128_uint128; +#elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) +typedef unsigned __int128 FStar_UInt128_uint128; +#else +typedef struct FStar_UInt128_uint128_s { + uint64_t low; + uint64_t high; +} FStar_UInt128_uint128; +#endif + +/* The former is defined once, here (otherwise, conflicts for test-c89. The + * latter is for internal use. */ +typedef FStar_UInt128_uint128 FStar_UInt128_t, uint128_t; + +#include "krml/lowstar_endianness.h" + +#endif + +/* Avoid a circular loop: if this header is included via FStar_UInt8_16_32_64, + * then don't bring the uint128 definitions into scope. */ +#ifndef __FStar_UInt_8_16_32_64_H + +#if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) +#include "fstar_uint128_msvc.h" +#elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) +#include "fstar_uint128_gcc64.h" +#else +#include "FStar_UInt128_Verified.h" +#include "fstar_uint128_struct_endianness.h" +#endif + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h new file mode 100644 index 000000000..b44fa3f75 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h @@ -0,0 +1,5 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file is automatically included when compiling with -wasm -d force-c */ +#define WasmSupport_check_buffer_size(X) diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h new file mode 100644 index 000000000..1aa2ccd64 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h @@ -0,0 +1,231 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __LOWSTAR_ENDIANNESS_H +#define __LOWSTAR_ENDIANNESS_H + +#include +#include + +/******************************************************************************/ +/* Implementing C.fst (part 2: endian-ness macros) */ +/******************************************************************************/ + +/* ... for Linux */ +#if defined(__linux__) || defined(__CYGWIN__) || defined (__USE_SYSTEM_ENDIAN_H__) || defined(__GLIBC__) +# include + +/* ... for OSX */ +#elif defined(__APPLE__) +# include +# define htole64(x) OSSwapHostToLittleInt64(x) +# define le64toh(x) OSSwapLittleToHostInt64(x) +# define htobe64(x) OSSwapHostToBigInt64(x) +# define be64toh(x) OSSwapBigToHostInt64(x) + +# define htole16(x) OSSwapHostToLittleInt16(x) +# define le16toh(x) OSSwapLittleToHostInt16(x) +# define htobe16(x) OSSwapHostToBigInt16(x) +# define be16toh(x) OSSwapBigToHostInt16(x) + +# define htole32(x) OSSwapHostToLittleInt32(x) +# define le32toh(x) OSSwapLittleToHostInt32(x) +# define htobe32(x) OSSwapHostToBigInt32(x) +# define be32toh(x) OSSwapBigToHostInt32(x) + +/* ... for Solaris */ +#elif defined(__sun__) +# include +# define htole64(x) LE_64(x) +# define le64toh(x) LE_64(x) +# define htobe64(x) BE_64(x) +# define be64toh(x) BE_64(x) + +# define htole16(x) LE_16(x) +# define le16toh(x) LE_16(x) +# define htobe16(x) BE_16(x) +# define be16toh(x) BE_16(x) + +# define htole32(x) LE_32(x) +# define le32toh(x) LE_32(x) +# define htobe32(x) BE_32(x) +# define be32toh(x) BE_32(x) + +/* ... for the BSDs */ +#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +# include +#elif defined(__OpenBSD__) +# include + +/* ... for Windows (MSVC)... not targeting XBOX 360! */ +#elif defined(_MSC_VER) + +# include +# define htobe16(x) _byteswap_ushort(x) +# define htole16(x) (x) +# define be16toh(x) _byteswap_ushort(x) +# define le16toh(x) (x) + +# define htobe32(x) _byteswap_ulong(x) +# define htole32(x) (x) +# define be32toh(x) _byteswap_ulong(x) +# define le32toh(x) (x) + +# define htobe64(x) _byteswap_uint64(x) +# define htole64(x) (x) +# define be64toh(x) _byteswap_uint64(x) +# define le64toh(x) (x) + +/* ... for Windows (GCC-like, e.g. mingw or clang) */ +#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) && \ + (defined(__GNUC__) || defined(__clang__)) + +# define htobe16(x) __builtin_bswap16(x) +# define htole16(x) (x) +# define be16toh(x) __builtin_bswap16(x) +# define le16toh(x) (x) + +# define htobe32(x) __builtin_bswap32(x) +# define htole32(x) (x) +# define be32toh(x) __builtin_bswap32(x) +# define le32toh(x) (x) + +# define htobe64(x) __builtin_bswap64(x) +# define htole64(x) (x) +# define be64toh(x) __builtin_bswap64(x) +# define le64toh(x) (x) + +/* ... generic big-endian fallback code */ +/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always big-endian */ +#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || defined(_AIX) + +/* byte swapping code inspired by: + * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h + * */ + +# define htobe32(x) (x) +# define be32toh(x) (x) +# define htole32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +# define le32toh(x) (htole32((x))) + +# define htobe64(x) (x) +# define be64toh(x) (x) +# define htole64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +# define le64toh(x) (htole64((x))) + +/* ... generic little-endian fallback code */ +#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + +# define htole32(x) (x) +# define le32toh(x) (x) +# define htobe32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +# define be32toh(x) (htobe32((x))) + +# define htole64(x) (x) +# define le64toh(x) (x) +# define htobe64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +# define be64toh(x) (htobe64((x))) + +/* ... couldn't determine endian-ness of the target platform */ +#else +# error "Please define __BYTE_ORDER__!" + +#endif /* defined(__linux__) || ... */ + +/* Loads and stores. These avoid undefined behavior due to unaligned memory + * accesses, via memcpy. */ + +inline static uint16_t load16(uint8_t *b) { + uint16_t x; + memcpy(&x, b, 2); + return x; +} + +inline static uint32_t load32(uint8_t *b) { + uint32_t x; + memcpy(&x, b, 4); + return x; +} + +inline static uint64_t load64(uint8_t *b) { + uint64_t x; + memcpy(&x, b, 8); + return x; +} + +inline static void store16(uint8_t *b, uint16_t i) { + memcpy(b, &i, 2); +} + +inline static void store32(uint8_t *b, uint32_t i) { + memcpy(b, &i, 4); +} + +inline static void store64(uint8_t *b, uint64_t i) { + memcpy(b, &i, 8); +} + +/* Legacy accessors so that this header can serve as an implementation of + * C.Endianness */ +#define load16_le(b) (le16toh(load16(b))) +#define store16_le(b, i) (store16(b, htole16(i))) +#define load16_be(b) (be16toh(load16(b))) +#define store16_be(b, i) (store16(b, htobe16(i))) + +#define load32_le(b) (le32toh(load32(b))) +#define store32_le(b, i) (store32(b, htole32(i))) +#define load32_be(b) (be32toh(load32(b))) +#define store32_be(b, i) (store32(b, htobe32(i))) + +#define load64_le(b) (le64toh(load64(b))) +#define store64_le(b, i) (store64(b, htole64(i))) +#define load64_be(b) (be64toh(load64(b))) +#define store64_be(b, i) (store64(b, htobe64(i))) + +/* Co-existence of LowStar.Endianness and FStar.Endianness generates name + * conflicts, because of course both insist on having no prefixes. Until a + * prefix is added, or until we truly retire FStar.Endianness, solve this issue + * in an elegant way. */ +#define load16_le0 load16_le +#define store16_le0 store16_le +#define load16_be0 load16_be +#define store16_be0 store16_be + +#define load32_le0 load32_le +#define store32_le0 store32_le +#define load32_be0 load32_be +#define store32_be0 store32_be + +#define load64_le0 load64_le +#define store64_le0 store64_le +#define load64_be0 load64_be +#define store64_be0 store64_be + +#define load128_le0 load128_le +#define store128_le0 store128_le +#define load128_be0 load128_be +#define store128_be0 store128_be + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h new file mode 100644 index 000000000..ae11e4a8d --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h @@ -0,0 +1,28 @@ +#ifndef __KRMLLIB_H +#define __KRMLLIB_H + +/******************************************************************************/ +/* The all-in-one krmllib.h header */ +/******************************************************************************/ + +/* This is a meta-header that is included by default in KaRaMeL generated + * programs. If you wish to have a more lightweight set of headers, or are + * targeting an environment where controlling these macros yourself is + * important, consider using: + * + * krml -minimal + * + * to disable the inclusion of this file (note: this also disables the default + * argument "-bundle FStar.*"). You can then include the headers of your choice + * one by one, using -add-early-include. */ + +#include "krml/internal/target.h" +#include "krml/internal/callconv.h" +#include "krml/internal/builtin.h" +#include "krml/internal/debug.h" +#include "krml/internal/types.h" + +#include "krml/lowstar_endianness.h" +#include "krml/fstar_int.h" + +#endif /* __KRMLLIB_H */ diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h new file mode 100644 index 000000000..ecc90213c --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h @@ -0,0 +1,78 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __FStar_UInt128_H +#define __FStar_UInt128_H + +#include +#include +#include "krml/internal/compat.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +static inline FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a); + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s); + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s); + +static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 +FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a); + +static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a); + +static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y); + +static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y); + + +#define __FStar_UInt128_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h new file mode 100644 index 000000000..9e4e2290b --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h @@ -0,0 +1,346 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __FStar_UInt128_Verified_H +#define __FStar_UInt128_Verified_H + +#include "FStar_UInt_8_16_32_64.h" +#include +#include +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) +{ + return (a ^ ((a ^ b) | ((a - b) ^ b))) >> 63U; +} + +static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) +{ + return FStar_UInt128_constant_time_carry(a, b); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return FStar_UInt128_sub_mod_impl(a, b); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low & b.low; + lit.high = a.high & b.high; + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low ^ b.low; + lit.high = a.high ^ b.high; + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = a.low | b.low; + lit.high = a.high | b.high; + return lit; +} + +static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) +{ + FStar_UInt128_uint128 lit; + lit.low = ~a.low; + lit.high = ~a.high; + return lit; +} + +static uint32_t FStar_UInt128_u32_64 = 64U; + +static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) +{ + return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); +} + +static inline uint64_t +FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) +{ + return FStar_UInt128_add_u64_shift_left(hi, lo, s); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s == 0U) + { + return a; + } + else + { + FStar_UInt128_uint128 lit; + lit.low = a.low << s; + lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); + return lit; + } +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) +{ + FStar_UInt128_uint128 lit; + lit.low = 0ULL; + lit.high = a.low << (s - FStar_UInt128_u32_64); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s < FStar_UInt128_u32_64) + { + return FStar_UInt128_shift_left_small(a, s); + } + else + { + return FStar_UInt128_shift_left_large(a, s); + } +} + +static inline uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) +{ + return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); +} + +static inline uint64_t +FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) +{ + return FStar_UInt128_add_u64_shift_right(hi, lo, s); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s == 0U) + { + return a; + } + else + { + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); + lit.high = a.high >> s; + return lit; + } +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) +{ + FStar_UInt128_uint128 lit; + lit.low = a.high >> (s - FStar_UInt128_u32_64); + lit.high = 0ULL; + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s < FStar_UInt128_u32_64) + { + return FStar_UInt128_shift_right_small(a, s); + } + else + { + return FStar_UInt128_shift_right_large(a, s); + } +} + +static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.low == b.low && a.high == b.high; +} + +static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high > b.high || (a.high == b.high && a.low > b.low); +} + +static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high < b.high || (a.high == b.high && a.low < b.low); +} + +static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high > b.high || (a.high == b.high && a.low >= b.low); +} + +static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high < b.high || (a.high == b.high && a.low <= b.low); +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + return lit; +} + +static inline FStar_UInt128_uint128 +FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 lit; + lit.low = + (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) + | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + lit.high = + (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) + | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + return lit; +} + +static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) +{ + FStar_UInt128_uint128 lit; + lit.low = a; + lit.high = 0ULL; + return lit; +} + +static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) +{ + return a.low; +} + +static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a) +{ + return a & 0xffffffffULL; +} + +static uint32_t FStar_UInt128_u32_32 = 32U; + +static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) +{ + return lo + (hi << FStar_UInt128_u32_32); +} + +static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) +{ + FStar_UInt128_uint128 lit; + lit.low = + FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) + * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); + lit.high = + ((x >> FStar_UInt128_u32_32) + * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) + >> FStar_UInt128_u32_32; + return lit; +} + +static inline uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) +{ + return lo + (hi << FStar_UInt128_u32_32); +} + +static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) +{ + FStar_UInt128_uint128 lit; + lit.low = + FStar_UInt128_u32_combine_(FStar_UInt128_u64_mod_32(x) + * (y >> FStar_UInt128_u32_32) + + + FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y))); + lit.high = + (x >> FStar_UInt128_u32_32) + * (y >> FStar_UInt128_u32_32) + + + (((x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)) + >> FStar_UInt128_u32_32) + + + ((FStar_UInt128_u64_mod_32(x) + * (y >> FStar_UInt128_u32_32) + + + FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32))) + >> FStar_UInt128_u32_32); + return lit; +} + + +#define __FStar_UInt128_Verified_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h new file mode 100644 index 000000000..56a2454fc --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h @@ -0,0 +1,213 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __FStar_UInt_8_16_32_64_H +#define __FStar_UInt_8_16_32_64_H + +#include +#include +#include "krml/internal/compat.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +extern krml_checked_int_t FStar_UInt64_n; + +extern bool FStar_UInt64_uu___is_Mk(uint64_t projectee); + +extern krml_checked_int_t FStar_UInt64___proj__Mk__item__v(uint64_t projectee); + +extern krml_checked_int_t FStar_UInt64_v(uint64_t x); + +extern uint64_t FStar_UInt64_uint_to_t(krml_checked_int_t x); + +extern uint64_t FStar_UInt64_zero; + +extern uint64_t FStar_UInt64_one; + +extern uint64_t FStar_UInt64_minus(uint64_t a); + +extern uint32_t FStar_UInt64_n_minus_one; + +static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) +{ + uint64_t x = a ^ b; + uint64_t minus_x = ~x + 1ULL; + uint64_t x_or_minus_x = x | minus_x; + uint64_t xnx = x_or_minus_x >> 63U; + return xnx - 1ULL; +} + +static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) +{ + uint64_t x = a; + uint64_t y = b; + uint64_t x_xor_y = x ^ y; + uint64_t x_sub_y = x - y; + uint64_t x_sub_y_xor_y = x_sub_y ^ y; + uint64_t q = x_xor_y | x_sub_y_xor_y; + uint64_t x_xor_q = x ^ q; + uint64_t x_xor_q_ = x_xor_q >> 63U; + return x_xor_q_ - 1ULL; +} + +extern Prims_string FStar_UInt64_to_string(uint64_t uu___); + +extern Prims_string FStar_UInt64_to_string_hex(uint64_t uu___); + +extern Prims_string FStar_UInt64_to_string_hex_pad(uint64_t uu___); + +extern uint64_t FStar_UInt64_of_string(Prims_string uu___); + +extern krml_checked_int_t FStar_UInt32_n; + +extern bool FStar_UInt32_uu___is_Mk(uint32_t projectee); + +extern krml_checked_int_t FStar_UInt32___proj__Mk__item__v(uint32_t projectee); + +extern krml_checked_int_t FStar_UInt32_v(uint32_t x); + +extern uint32_t FStar_UInt32_uint_to_t(krml_checked_int_t x); + +extern uint32_t FStar_UInt32_zero; + +extern uint32_t FStar_UInt32_one; + +extern uint32_t FStar_UInt32_minus(uint32_t a); + +extern uint32_t FStar_UInt32_n_minus_one; + +static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) +{ + uint32_t x = a ^ b; + uint32_t minus_x = ~x + 1U; + uint32_t x_or_minus_x = x | minus_x; + uint32_t xnx = x_or_minus_x >> 31U; + return xnx - 1U; +} + +static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) +{ + uint32_t x = a; + uint32_t y = b; + uint32_t x_xor_y = x ^ y; + uint32_t x_sub_y = x - y; + uint32_t x_sub_y_xor_y = x_sub_y ^ y; + uint32_t q = x_xor_y | x_sub_y_xor_y; + uint32_t x_xor_q = x ^ q; + uint32_t x_xor_q_ = x_xor_q >> 31U; + return x_xor_q_ - 1U; +} + +extern Prims_string FStar_UInt32_to_string(uint32_t uu___); + +extern Prims_string FStar_UInt32_to_string_hex(uint32_t uu___); + +extern Prims_string FStar_UInt32_to_string_hex_pad(uint32_t uu___); + +extern uint32_t FStar_UInt32_of_string(Prims_string uu___); + +extern krml_checked_int_t FStar_UInt16_n; + +extern bool FStar_UInt16_uu___is_Mk(uint16_t projectee); + +extern krml_checked_int_t FStar_UInt16___proj__Mk__item__v(uint16_t projectee); + +extern krml_checked_int_t FStar_UInt16_v(uint16_t x); + +extern uint16_t FStar_UInt16_uint_to_t(krml_checked_int_t x); + +extern uint16_t FStar_UInt16_zero; + +extern uint16_t FStar_UInt16_one; + +extern uint16_t FStar_UInt16_minus(uint16_t a); + +extern uint32_t FStar_UInt16_n_minus_one; + +static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) +{ + uint16_t x = (uint32_t)a ^ (uint32_t)b; + uint16_t minus_x = (uint32_t)~x + 1U; + uint16_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; + uint16_t xnx = (uint32_t)x_or_minus_x >> 15U; + return (uint32_t)xnx - 1U; +} + +static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) +{ + uint16_t x = a; + uint16_t y = b; + uint16_t x_xor_y = (uint32_t)x ^ (uint32_t)y; + uint16_t x_sub_y = (uint32_t)x - (uint32_t)y; + uint16_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y; + uint16_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y; + uint16_t x_xor_q = (uint32_t)x ^ (uint32_t)q; + uint16_t x_xor_q_ = (uint32_t)x_xor_q >> 15U; + return (uint32_t)x_xor_q_ - 1U; +} + +extern Prims_string FStar_UInt16_to_string(uint16_t uu___); + +extern Prims_string FStar_UInt16_to_string_hex(uint16_t uu___); + +extern Prims_string FStar_UInt16_to_string_hex_pad(uint16_t uu___); + +extern uint16_t FStar_UInt16_of_string(Prims_string uu___); + +extern krml_checked_int_t FStar_UInt8_n; + +extern bool FStar_UInt8_uu___is_Mk(uint8_t projectee); + +extern krml_checked_int_t FStar_UInt8___proj__Mk__item__v(uint8_t projectee); + +extern krml_checked_int_t FStar_UInt8_v(uint8_t x); + +extern uint8_t FStar_UInt8_uint_to_t(krml_checked_int_t x); + +extern uint8_t FStar_UInt8_zero; + +extern uint8_t FStar_UInt8_one; + +extern uint8_t FStar_UInt8_minus(uint8_t a); + +extern uint32_t FStar_UInt8_n_minus_one; + +static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) +{ + uint8_t x = (uint32_t)a ^ (uint32_t)b; + uint8_t minus_x = (uint32_t)~x + 1U; + uint8_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; + uint8_t xnx = (uint32_t)x_or_minus_x >> 7U; + return (uint32_t)xnx - 1U; +} + +static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) +{ + uint8_t x = a; + uint8_t y = b; + uint8_t x_xor_y = (uint32_t)x ^ (uint32_t)y; + uint8_t x_sub_y = (uint32_t)x - (uint32_t)y; + uint8_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y; + uint8_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y; + uint8_t x_xor_q = (uint32_t)x ^ (uint32_t)q; + uint8_t x_xor_q_ = (uint32_t)x_xor_q >> 7U; + return (uint32_t)x_xor_q_ - 1U; +} + +extern Prims_string FStar_UInt8_to_string(uint8_t uu___); + +extern Prims_string FStar_UInt8_to_string_hex(uint8_t uu___); + +extern Prims_string FStar_UInt8_to_string_hex_pad(uint8_t uu___); + +extern uint8_t FStar_UInt8_of_string(Prims_string uu___); + +typedef uint8_t FStar_UInt8_byte; + + +#define __FStar_UInt_8_16_32_64_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h new file mode 100644 index 000000000..e851c15c9 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h @@ -0,0 +1,27 @@ +/* + Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. +*/ + + +#ifndef __LowStar_Endianness_H +#define __LowStar_Endianness_H + +#include +#include +#include "krml/internal/compat.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/types.h" +#include "krml/internal/target.h" + +static inline void store128_le(uint8_t *x0, FStar_UInt128_uint128 x1); + +static inline FStar_UInt128_uint128 load128_le(uint8_t *x0); + +static inline void store128_be(uint8_t *x0, FStar_UInt128_uint128 x1); + +static inline FStar_UInt128_uint128 load128_be(uint8_t *x0); + + +#define __LowStar_Endianness_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic new file mode 100644 index 000000000..8e39de6d0 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic @@ -0,0 +1,56 @@ +# A basic Makefile that KaRaMeL copies in the output directory; this is not +# guaranteed to work and will only work well for very simple projects. This +# Makefile uses: +# - the custom C files passed to your krml invocation +# - the custom C flags passed to your krml invocation +# - the -o option passed to your krml invocation + +include Makefile.include + +ifeq (,$(KRML_HOME)) + $(error please define KRML_HOME to point to the root of your KaRaMeL git checkout) +endif + +CFLAGS += -I. -I $(KRML_HOME)/include -I $(KRML_HOME)/krmllib/dist/minimal +CFLAGS += -Wall -Wextra -Werror -std=c11 \ + -Wno-unknown-warning-option \ + -Wno-infinite-recursion \ + -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE +ifeq ($(OS),Windows_NT) +CFLAGS += -D__USE_MINGW_ANSI_STDIO +else +CFLAGS += -fPIC +endif +CFLAGS += $(USER_CFLAGS) + +SOURCES += $(ALL_C_FILES) $(USER_C_FILES) +ifneq (,$(BLACKLIST)) + SOURCES := $(filter-out $(BLACKLIST),$(SOURCES)) +endif +OBJS += $(patsubst %.c,%.o,$(SOURCES)) + +all: $(USER_TARGET) + +$(USER_TARGET): $(OBJS) + +AR ?= ar + +%.a: + $(AR) cr $@ $^ + +%.exe: + $(CC) $(CFLAGS) -o $@ $^ $(KRML_HOME)/krmllib/dist/generic/libkrmllib.a + +%.so: + $(CC) $(CFLAGS) -shared -o $@ $^ + +%.d: %.c + @set -e; rm -f $@; \ + $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \ + sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \ + rm -f $@.$$$$ + +include $(patsubst %.c,%.d,$(SOURCES)) + +clean: + rm -rf *.o *.d $(USER_TARGET) diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include new file mode 100644 index 000000000..ad5321718 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include @@ -0,0 +1,5 @@ +USER_TARGET=libkrmllib.a +USER_CFLAGS= +USER_C_FILES=fstar_uint128.c +ALL_C_FILES= +ALL_H_FILES=FStar_UInt128.h FStar_UInt_8_16_32_64.h LowStar_Endianness.h diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h new file mode 100644 index 000000000..ae109004f --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h @@ -0,0 +1,165 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/******************************************************************************/ +/* Machine integers (128-bit arithmetic) */ +/******************************************************************************/ + +/* This header contains two things. + * + * First, an implementation of 128-bit arithmetic suitable for 64-bit GCC and + * Clang, i.e. all the operations from FStar.UInt128. + * + * Second, 128-bit operations from C.Endianness (or LowStar.Endianness), + * suitable for any compiler and platform (via a series of ifdefs). This second + * part is unfortunate, and should be fixed by moving {load,store}128_{be,le} to + * FStar.UInt128 to avoid a maze of preprocessor guards and hand-written code. + * */ + +/* This file is used for both the minimal and generic krmllib distributions. As + * such, it assumes that the machine integers have been bundled the exact same + * way in both cases. */ + +#ifndef FSTAR_UINT128_GCC64 +#define FSTAR_UINT128_GCC64 + +#include "FStar_UInt128.h" +#include "FStar_UInt_8_16_32_64.h" +#include "LowStar_Endianness.h" + +/* GCC + using native unsigned __int128 support */ + +inline static uint128_t load128_le(uint8_t *b) { + uint128_t l = (uint128_t)load64_le(b); + uint128_t h = (uint128_t)load64_le(b + 8); + return (h << 64 | l); +} + +inline static void store128_le(uint8_t *b, uint128_t n) { + store64_le(b, (uint64_t)n); + store64_le(b + 8, (uint64_t)(n >> 64)); +} + +inline static uint128_t load128_be(uint8_t *b) { + uint128_t h = (uint128_t)load64_be(b); + uint128_t l = (uint128_t)load64_be(b + 8); + return (h << 64 | l); +} + +inline static void store128_be(uint8_t *b, uint128_t n) { + store64_be(b, (uint64_t)(n >> 64)); + store64_be(b + 8, (uint64_t)n); +} + +inline static uint128_t FStar_UInt128_add(uint128_t x, uint128_t y) { + return x + y; +} + +inline static uint128_t FStar_UInt128_mul(uint128_t x, uint128_t y) { + return x * y; +} + +inline static uint128_t FStar_UInt128_add_mod(uint128_t x, uint128_t y) { + return x + y; +} + +inline static uint128_t FStar_UInt128_sub(uint128_t x, uint128_t y) { + return x - y; +} + +inline static uint128_t FStar_UInt128_sub_mod(uint128_t x, uint128_t y) { + return x - y; +} + +inline static uint128_t FStar_UInt128_logand(uint128_t x, uint128_t y) { + return x & y; +} + +inline static uint128_t FStar_UInt128_logor(uint128_t x, uint128_t y) { + return x | y; +} + +inline static uint128_t FStar_UInt128_logxor(uint128_t x, uint128_t y) { + return x ^ y; +} + +inline static uint128_t FStar_UInt128_lognot(uint128_t x) { + return ~x; +} + +inline static uint128_t FStar_UInt128_shift_left(uint128_t x, uint32_t y) { + return x << y; +} + +inline static uint128_t FStar_UInt128_shift_right(uint128_t x, uint32_t y) { + return x >> y; +} + +inline static uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x) { + return (uint128_t)x; +} + +inline static uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x) { + return (uint64_t)x; +} + +inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { + return ((uint128_t) x) * y; +} + +inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { + uint64_t mask = + FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) & + FStar_UInt64_eq_mask((uint64_t)x, (uint64_t)y); + return ((uint128_t)mask) << 64 | mask; +} + +inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { + uint64_t mask = + (FStar_UInt64_gte_mask(x >> 64, y >> 64) & + ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | + (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y)); + return ((uint128_t)mask) << 64 | mask; +} + +inline static uint64_t FStar_UInt128___proj__Mkuint128__item__low(uint128_t x) { + return (uint64_t) x; +} + +inline static uint64_t FStar_UInt128___proj__Mkuint128__item__high(uint128_t x) { + return (uint64_t) (x >> 64); +} + +inline static uint128_t FStar_UInt128_add_underspec(uint128_t x, uint128_t y) { + return x + y; +} + +inline static uint128_t FStar_UInt128_sub_underspec(uint128_t x, uint128_t y) { + return x - y; +} + +inline static bool FStar_UInt128_eq(uint128_t x, uint128_t y) { + return x == y; +} + +inline static bool FStar_UInt128_gt(uint128_t x, uint128_t y) { + return x > y; +} + +inline static bool FStar_UInt128_lt(uint128_t x, uint128_t y) { + return x < y; +} + +inline static bool FStar_UInt128_gte(uint128_t x, uint128_t y) { + return x >= y; +} + +inline static bool FStar_UInt128_lte(uint128_t x, uint128_t y) { + return x <= y; +} + +inline static uint128_t FStar_UInt128_mul32(uint64_t x, uint32_t y) { + return (uint128_t) x * (uint128_t) y; +} + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h new file mode 100644 index 000000000..6ff658f54 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h @@ -0,0 +1,510 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KaRaMeL + * then hand-edited to use MSVC intrinsics KaRaMeL invocation: + * C:\users\barrybo\mitls2c\karamel\_build\src\Karamel.native -minimal -fnouint128 C:/users/barrybo/mitls2c/FStar/ulib/FStar.UInt128.fst -tmpdir ../secure_api/out/runtime_switch/uint128 -skip-compilation -add-include "krmllib0.h" -drop FStar.Int.Cast.Full -bundle FStar.UInt128=FStar.*,Prims + * F* version: 15104ff8 + * KaRaMeL version: 318b7fa8 + */ + +#ifndef FSTAR_UINT128_MSVC +#define FSTAR_UINT128_MSVC + +#include "krml/internal/types.h" +#include "FStar_UInt128.h" +#include "FStar_UInt_8_16_32_64.h" + +#ifndef _MSC_VER +# error This file only works with the MSVC compiler +#endif + +/* JP: need to rip out HAS_OPTIMIZED since the header guards in types.h are now + * done properly and only include this file when we know for sure we are on + * 64-bit MSVC. */ + +#if defined(_M_X64) && !defined(KRML_VERIFIED_UINT128) +#define HAS_OPTIMIZED 1 +#else +#define HAS_OPTIMIZED 0 +#endif + +// Define .low and .high in terms of the __m128i fields, to reduce +// the amount of churn in this file. +#if HAS_OPTIMIZED +#include +#include +#define low m128i_u64[0] +#define high m128i_u64[1] +#endif + +inline static FStar_UInt128_uint128 load128_le(uint8_t *b) { +#if HAS_OPTIMIZED + return _mm_loadu_si128((__m128i *)b); +#else + FStar_UInt128_uint128 lit; + lit.low = load64_le(b); + lit.high = load64_le(b + 8); + return lit; +#endif +} + +inline static void store128_le(uint8_t *b, FStar_UInt128_uint128 n) { + store64_le(b, n.low); + store64_le(b + 8, n.high); +} + +inline static FStar_UInt128_uint128 load128_be(uint8_t *b) { + uint64_t l = load64_be(b + 8); + uint64_t h = load64_be(b); +#if HAS_OPTIMIZED + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = l; + lit.high = h; + return lit; +#endif +} + +inline static void store128_be(uint8_t *b, uint128_t n) { + store64_be(b, n.high); + store64_be(b + 8, n.low); +} + +inline static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) { + return (a ^ (a ^ b | a - b ^ b)) >> (uint32_t)63U; +} + +inline static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) { + return FStar_UInt128_constant_time_carry(a, b); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + uint64_t l, h; + + unsigned char carry = + _addcarry_u64(0, a.low, b.low, &l); // low/CF = a.low+b.low+0 + _addcarry_u64(carry, a.high, b.high, &h); // high = a.high+b.high+CF + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_add(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_add(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low + b.low; + lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + uint64_t l, h; + + unsigned char borrow = _subborrow_u64(0, a.low, b.low, &l); + _subborrow_u64(borrow, a.high, b.high, &h); + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_sub(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + FStar_UInt128_uint128 lit; + lit.low = a.low - b.low; + lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return lit; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return FStar_UInt128_sub(a, b); +#else + return FStar_UInt128_sub_mod_impl(a, b); +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return _mm_and_si128(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low & b.low; + lit.high = a.high & b.high; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return _mm_xor_si128(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low ^ b.low; + lit.high = a.high ^ b.high; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + return _mm_or_si128(a, b); +#else + FStar_UInt128_uint128 lit; + lit.low = a.low | b.low; + lit.high = a.high | b.high; + return lit; +#endif +} + +inline static FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) { +#if HAS_OPTIMIZED + return _mm_andnot_si128(a, a); +#else + FStar_UInt128_uint128 lit; + lit.low = ~a.low; + lit.high = ~a.high; + return lit; +#endif +} + +static const uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; + +inline static uint64_t +FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) { + return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); +} + +inline static uint64_t +FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) { + return FStar_UInt128_add_u64_shift_left(hi, lo, s); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) { + if (s == (uint32_t)0U) + return a; + else { + FStar_UInt128_uint128 lit; + lit.low = a.low << s; + lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); + return lit; + } +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) { + FStar_UInt128_uint128 lit; + lit.low = (uint64_t)0U; + lit.high = a.low << (s - FStar_UInt128_u32_64); + return lit; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) { +#if HAS_OPTIMIZED + if (s == 0) { + return a; + } else if (s < FStar_UInt128_u32_64) { + uint64_t l = a.low << s; + uint64_t h = __shiftleft128(a.low, a.high, (unsigned char)s); + return _mm_set_epi64x(h, l); + } else { + return _mm_set_epi64x(a.low << (s - FStar_UInt128_u32_64), 0); + } +#else + if (s < FStar_UInt128_u32_64) + return FStar_UInt128_shift_left_small(a, s); + else + return FStar_UInt128_shift_left_large(a, s); +#endif +} + +inline static uint64_t +FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) { + return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); +} + +inline static uint64_t +FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) { + return FStar_UInt128_add_u64_shift_right(hi, lo, s); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) { + if (s == (uint32_t)0U) + return a; + else { + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); + lit.high = a.high >> s; + return lit; + } +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) { + FStar_UInt128_uint128 lit; + lit.low = a.high >> (s - FStar_UInt128_u32_64); + lit.high = (uint64_t)0U; + return lit; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) { +#if HAS_OPTIMIZED + if (s == 0) { + return a; + } else if (s < FStar_UInt128_u32_64) { + uint64_t l = __shiftright128(a.low, a.high, (unsigned char)s); + uint64_t h = a.high >> s; + return _mm_set_epi64x(h, l); + } else { + return _mm_set_epi64x(0, a.high >> (s - FStar_UInt128_u32_64)); + } +#else + if (s < FStar_UInt128_u32_64) + return FStar_UInt128_shift_right_small(a, s); + else + return FStar_UInt128_shift_right_large(a, s); +#endif +} + +inline static bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.low == b.low && a.high == b.high; +} + +inline static bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high > b.high || a.high == b.high && a.low > b.low; +} + +inline static bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high < b.high || a.high == b.high && a.low < b.low; +} + +inline static bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high > b.high || a.high == b.high && a.low >= b.low; +} + +inline static bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { + return a.high < b.high || a.high == b.high && a.low <= b.low; +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED + // PCMPW to produce 4 32-bit values, all either 0x0 or 0xffffffff + __m128i r32 = _mm_cmpeq_epi32(a, b); + // Shuffle 3,2,1,0 into 2,3,0,1 (swapping dwords inside each half) + __m128i s32 = _mm_shuffle_epi32(r32, _MM_SHUFFLE(2, 3, 0, 1)); + // Bitwise and to compute (3&2),(2&3),(1&0),(0&1) + __m128i ret64 = _mm_and_si128(r32, s32); + // Swap the two 64-bit values to form s64 + __m128i s64 = + _mm_shuffle_epi32(ret64, _MM_SHUFFLE(1, 0, 3, 2)); // 3,2,1,0 -> 1,0,3,2 + // And them together + return _mm_and_si128(ret64, s64); +#else + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +#if HAS_OPTIMIZED && 0 + // ge - compare 3,2,1,0 for >= and generating 0 or 0xffffffff for each + // eq - compare 3,2,1,0 for == and generating 0 or 0xffffffff for each + // slot 0 = ge0 | (eq0 & ge1) | (eq0 & eq1 & ge2) | (eq0 & eq1 & eq2 & ge3) + // then splat slot 0 to 3,2,1,0 + __m128i gt = _mm_cmpgt_epi32(a, b); + __m128i eq = _mm_cmpeq_epi32(a, b); + __m128i ge = _mm_or_si128(gt, eq); + __m128i ge0 = ge; + __m128i eq0 = eq; + __m128i ge1 = _mm_srli_si128(ge, 4); // shift ge from 3,2,1,0 to 0x0,3,2,1 + __m128i t1 = _mm_and_si128(eq0, ge1); + __m128i ret = _mm_or_si128(ge, t1); // ge0 | (eq0 & ge1) is now in 0 + __m128i eq1 = _mm_srli_si128(eq, 4); // shift eq from 3,2,1,0 to 0x0,3,2,1 + __m128i ge2 = + _mm_srli_si128(ge1, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,3,2 + __m128i t2 = + _mm_and_si128(eq0, _mm_and_si128(eq1, ge2)); // t2 = (eq0 & eq1 & ge2) + ret = _mm_or_si128(ret, t2); + __m128i eq2 = _mm_srli_si128(eq1, 4); // shift eq from 3,2,1,0 to 0x0,00,00,3 + __m128i ge3 = + _mm_srli_si128(ge2, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,0x0,3 + __m128i t3 = _mm_and_si128( + eq0, _mm_and_si128( + eq1, _mm_and_si128(eq2, ge3))); // t3 = (eq0 & eq1 & eq2 & ge3) + ret = _mm_or_si128(ret, t3); + return _mm_shuffle_epi32( + ret, + _MM_SHUFFLE(0, 0, 0, 0)); // the result is in 0. Shuffle into all dwords. +#else + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high) | + FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low); + lit.high = FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high) | + FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low); + return lit; +#endif +} + +inline static FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) { +#if HAS_OPTIMIZED + return _mm_set_epi64x(0, a); +#else + FStar_UInt128_uint128 lit; + lit.low = a; + lit.high = (uint64_t)0U; + return lit; +#endif +} + +inline static uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) { + return a.low; +} + +inline static uint64_t FStar_UInt128_u64_mod_32(uint64_t a) { + return a & (uint64_t)0xffffffffU; +} + +static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U; + +inline static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) { + return lo + (hi << FStar_UInt128_u32_32); +} + +inline static FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) { +#if HAS_OPTIMIZED + uint64_t l, h; + l = _umul128(x, (uint64_t)y, &h); + return _mm_set_epi64x(h, l); +#else + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_u32_combine( + (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> + FStar_UInt128_u32_32), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); + lit.high = (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> + FStar_UInt128_u32_32) >> + FStar_UInt128_u32_32; + return lit; +#endif +} + +/* Note: static headers bring scope collision issues when they define types! + * Because now client (karamel-generated) code will include this header and + * there might be type collisions if the client code uses quadruples of uint64s. + * So, we cannot use the karamel-generated name. */ +typedef struct K_quad_s { + uint64_t fst; + uint64_t snd; + uint64_t thd; + uint64_t f3; +} K_quad; + +inline static K_quad +FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) { + K_quad tmp; + tmp.fst = FStar_UInt128_u64_mod_32(x); + tmp.snd = FStar_UInt128_u64_mod_32( + FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)); + tmp.thd = x >> FStar_UInt128_u32_32; + tmp.f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> + FStar_UInt128_u32_32); + return tmp; +} + +static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) { + return lo + (hi << FStar_UInt128_u32_32); +} + +inline static FStar_UInt128_uint128 +FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y) { + K_quad scrut = + FStar_UInt128_mul_wide_impl_t_(x, y); + uint64_t u1 = scrut.fst; + uint64_t w3 = scrut.snd; + uint64_t x_ = scrut.thd; + uint64_t t_ = scrut.f3; + FStar_UInt128_uint128 lit; + lit.low = FStar_UInt128_u32_combine_( + u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), w3); + lit.high = + x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> + FStar_UInt128_u32_32); + return lit; +} + +inline static +FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { +#if HAS_OPTIMIZED + uint64_t l, h; + l = _umul128(x, y, &h); + return _mm_set_epi64x(h, l); +#else + return FStar_UInt128_mul_wide_impl(x, y); +#endif +} + +#undef low +#undef high + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h new file mode 100644 index 000000000..e2b6d6285 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h @@ -0,0 +1,68 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef FSTAR_UINT128_STRUCT_ENDIANNESS_H +#define FSTAR_UINT128_STRUCT_ENDIANNESS_H + +/* Hand-written implementation of endianness-related uint128 functions + * for the extracted uint128 implementation */ + +/* Access 64-bit fields within the int128. */ +#define HIGH64_OF(x) ((x)->high) +#define LOW64_OF(x) ((x)->low) + +/* A series of definitions written using pointers. */ + +inline static void load128_le_(uint8_t *b, uint128_t *r) { + LOW64_OF(r) = load64_le(b); + HIGH64_OF(r) = load64_le(b + 8); +} + +inline static void store128_le_(uint8_t *b, uint128_t *n) { + store64_le(b, LOW64_OF(n)); + store64_le(b + 8, HIGH64_OF(n)); +} + +inline static void load128_be_(uint8_t *b, uint128_t *r) { + HIGH64_OF(r) = load64_be(b); + LOW64_OF(r) = load64_be(b + 8); +} + +inline static void store128_be_(uint8_t *b, uint128_t *n) { + store64_be(b, HIGH64_OF(n)); + store64_be(b + 8, LOW64_OF(n)); +} + +#ifndef KRML_NOSTRUCT_PASSING + +inline static uint128_t load128_le(uint8_t *b) { + uint128_t r; + load128_le_(b, &r); + return r; +} + +inline static void store128_le(uint8_t *b, uint128_t n) { + store128_le_(b, &n); +} + +inline static uint128_t load128_be(uint8_t *b) { + uint128_t r; + load128_be_(b, &r); + return r; +} + +inline static void store128_be(uint8_t *b, uint128_t n) { + store128_be_(b, &n); +} + +#else /* !defined(KRML_STRUCT_PASSING) */ + +# define print128 print128_ +# define load128_le load128_le_ +# define store128_le store128_le_ +# define load128_be load128_be_ +# define store128_be store128_be_ + +#endif /* KRML_STRUCT_PASSING */ + +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def new file mode 100644 index 000000000..c4ab8e38e --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def @@ -0,0 +1,11 @@ +LIBRARY libkrmllib + +EXPORTS + FStar_UInt64_eq_mask + FStar_UInt64_gte_mask + FStar_UInt32_eq_mask + FStar_UInt32_gte_mask + FStar_UInt16_eq_mask + FStar_UInt16_gte_mask + FStar_UInt8_eq_mask + FStar_UInt8_gte_mask diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_core.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_core.c new file mode 100644 index 000000000..8081db044 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_core.c @@ -0,0 +1,524 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_core.h" + +typedef size_t RangeTo__size_t; + +typedef size_t RangeFrom__size_t; + +typedef struct Option__int32_t_s +{ + core_option_Option__size_t_tags tag; + int32_t f0; +} +Option__int32_t; + +typedef struct Option__uint32_t_s +{ + core_option_Option__size_t_tags tag; + uint32_t f0; +} +Option__uint32_t; + +static uint8_t is_non_zero(uint8_t value) +{ + uint16_t value0 = (uint16_t)value; + uint16_t uu____0 = value0; + uint16_t + result = + (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) + >> 8U + & 1U; + return (uint8_t)result; +} + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +) +{ + uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); + uint8_t out[32U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) + { + size_t i0 = i; + uint8_t + uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); + out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); + } + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U] +) +{ + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +) +{ + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U] +) +{ + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +) +{ + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) +{ + uint8_t out[800U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uint8_t value[1568U] +) +{ + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +) +{ + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t value[1568U] +) +{ + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) +{ + uint8_t out[1600U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____1184size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uint8_t value[1184U] +) +{ + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +) +{ + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t value[1088U] +) +{ + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +{ + uint8_t out[33U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +{ + uint8_t out[34U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +{ + uint8_t out[1120U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +) +{ + if (self.tag == core_result_Ok) + { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_core.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_core.h new file mode 100644 index 000000000..da93dfbea --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_core.h @@ -0,0 +1,135 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_core_H +#define __libcrux_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } +libcrux_ml_kem_types_MlKemPublicKey____800size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } +libcrux_ml_kem_types_MlKemCiphertext____768size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemPublicKey____1568size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemCiphertext____1568size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } +libcrux_ml_kem_types_MlKemPublicKey____1184size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } +libcrux_ml_kem_types_MlKemCiphertext____1088size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; + +typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s +{ + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c new file mode 100644 index 000000000..a215e6880 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c @@ -0,0 +1,2181 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_mlkem1024.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; + memcpy(uu____1, + state, + (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]);); + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t0(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, + out); +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +static void +decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static void +decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + } + else + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static bool +validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static bool validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); + } + else + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if (validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h new file mode 100644 index 000000000..c415e78a8 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h @@ -0,0 +1,132 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem1024_H +#define __libcrux_mlkem1024_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_polynomial.h" +#include "libcrux_platform.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][504U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, + uint8_t ret[4U][168U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c new file mode 100644 index 000000000..c3d3686c9 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c @@ -0,0 +1,2057 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_mlkem512.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_core.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; + memcpy(uu____1, + state, + (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]);); + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t0(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +static void +decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static void +decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + } + else + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static bool +validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static bool validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); + } + else + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (validate_public_key___2size_t_768size_t_800size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h new file mode 100644 index 000000000..47a8fbb68 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h @@ -0,0 +1,138 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem512_H +#define __libcrux_mlkem512_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_polynomial.h" +#include "libcrux_platform.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][504U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, + uint8_t ret[2U][168U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c new file mode 100644 index 000000000..5b4641ee3 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c @@ -0,0 +1,3030 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_mlkem768.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_core.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +typedef struct __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s +{ + libcrux_ml_kem_vector_PortableVector fst; + libcrux_ml_kem_vector_PortableVector snd; +} +__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; + +static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, + zeta_r); + b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, + &t); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer, + size_t _initial_coefficient_bound +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +void +libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer, + size_t _initial_coefficient_bound +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +void +libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t _layer +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_PortableVector + a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, + &a); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &b)); + b = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, + zeta_r); + return + ( + (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, + result); + return result; +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *);); + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = + compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; + memcpy(uu____1, + state, + (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + int16_t s[272U] +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t + xof_state = + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]);); + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + uu____0 = sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)3U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)2U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, + re, + (size_t)1U, + (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + void +) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, + &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficients = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +static void +decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static void +decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + uint8_t uu____2[32U]; + if (uu____1) + { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + } + else + { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; + if (uu____1) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____2 = + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + return uu____2; + } + return uu____2; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], + &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + else + { + uu____2 = + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, + implicit_rejection_value); + } + return uu____2; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) +{ + return + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static bool +validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static bool validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) +{ + bool uu____0; + uu____0 = true; + bool uu____1; + if (uu____0) + { + uu____1 = libcrux_platform_platform_simd256_support(); + } + else + { + uu____1 = false; + } + bool uu____2; + if (uu____1) + { + uu____2 = + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); + } + else + { + uu____2 = + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); + } + return uu____2; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if (validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h new file mode 100644 index 000000000..a69080f07 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h @@ -0,0 +1,132 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem768_H +#define __libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3.h" +#include "libcrux_polynomial.h" +#include "libcrux_platform.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; + +libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][504U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, + uint8_t ret[3U][168U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c new file mode 100644 index 000000000..7a1b35b6f --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c @@ -0,0 +1,10225 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) +{ + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_avx2_zero(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) +{ + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i uu____0 = vector; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i + sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + v_minus_field_modulus, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, + field_modulus); + return + libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) +{ + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + t = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i uu____1 = t; + core_core_arch_x86___m256i + t0 = + libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i + quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, + t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = quotient; + core_core_arch_x86___m256i + quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i + value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)2); + core_core_arch_x86___m256i + field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int16_t)1) + / (int16_t)4); + core_core_arch_x86___m256i + shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i + mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + shifted, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i + shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + shifted_to_positive_in_range, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +) +{ + core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + prod13 = + libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i + uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, + -zeta3, + zeta3, + zeta3, + -zeta2, + -zeta2, + zeta2, + zeta2, + -zeta1, + -zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + zetas = + libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, + -zeta1, + -zeta1, + -zeta1, + zeta1, + zeta1, + zeta1, + zeta1, + -zeta0, + -zeta0, + -zeta0, + -zeta0, + zeta0, + zeta0, + zeta0, + zeta0); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, + vector, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +) +{ + core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i uu____0 = value_low; + core_core_arch_x86___m128i + k = + libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i uu____1 = k; + core_core_arch_x86___m128i + k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i uu____0 = rhs; + core_core_arch_x86___m128i + rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i + upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients, + core_core_arch_x86___m256i); + return combined0; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum0; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, + zeta3, + (int16_t)0, + (int16_t)0, + zeta2, + zeta2, + (int16_t)0, + (int16_t)0, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0)); + core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + core_core_arch_x86___m256i + lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i + rhs0 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)-1, + (int16_t)1, + (int16_t)1, + (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum; + core_core_arch_x86___m256i + sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, + zeta1, + zeta1, + zeta1, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + zeta0, + zeta0, + zeta0, + zeta0, + (int16_t)0, + (int16_t)0, + (int16_t)0, + (int16_t)0)); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, + sum, + sum_times_zetas, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + core_core_arch_x86___m128i + lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i uu____0 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i + combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i + combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + combined, + upper_coefficients0, + core_core_arch_x86___m256i); + return combined0; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) +{ + core_core_arch_x86___m256i uu____0 = v; + core_core_arch_x86___m256i + k = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i + k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i + value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, + v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i + result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + result, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, + result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + core_core_arch_x86___m256i + shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0, + (int8_t)15, + (int8_t)14, + (int8_t)11, + (int8_t)10, + (int8_t)7, + (int8_t)6, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)1, + (int8_t)0); + core_core_arch_x86___m256i + lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i + lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + lhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i + lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i + lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i + rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i + rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + rhs_shuffled, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i + rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i + rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + rhs_shuffled0, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i + left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i + right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i + right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i uu____0 = right0; + core_core_arch_x86___m256i + right1 = + libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, + (int32_t)zeta3, + -(int32_t)zeta2, + (int32_t)zeta2, + -(int32_t)zeta1, + (int32_t)zeta1, + -(int32_t)zeta0, + (int32_t)zeta0)); + core_core_arch_x86___m256i + products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i + products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); + core_core_arch_x86___m256i uu____1 = rhs; + core_core_arch_x86___m256i + rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2, + (int8_t)13, + (int8_t)12, + (int8_t)15, + (int8_t)14, + (int8_t)9, + (int8_t)8, + (int8_t)11, + (int8_t)10, + (int8_t)5, + (int8_t)4, + (int8_t)7, + (int8_t)6, + (int8_t)1, + (int8_t)0, + (int8_t)3, + (int8_t)2)); + core_core_arch_x86___m256i + products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i + products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); + core_core_arch_x86___m256i + products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, + products_right0, + core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, + products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return + libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], + rhs[0U], + zeta0, + zeta1, + zeta2, + zeta3); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + core_core_arch_x86___m256i + lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i + high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + lsb_to_msb, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = { 0U }; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) +{ + int16_t + uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i + shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U, + (int16_t)1 << 8U, + (int16_t)1 << 9U, + (int16_t)1 << 10U, + (int16_t)1 << 11U, + (int16_t)1 << 12U, + (int16_t)1 << 13U, + (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i + coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t serialized[16U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1, + (int16_t)1 << 4U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)8, + (int8_t)4, + (int8_t)0)); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)0, + (int32_t)4, + (int32_t)0)); + core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, + serialized, + uint8_t, + Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)16U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t + uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + core_core_arch_x86___m256i + coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i + coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients_in_msb, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; + return + libcrux_intrinsics_avx2_mm256_and_si256(uu____15, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1, + (int16_t)1 << 5U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22, + (int32_t)0, + (int32_t)22)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, + adjacent_4_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i + adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_8_combined0, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined1, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [10U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) +{ + uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + core_core_arch_x86___m128i + coefficients = + libcrux_intrinsics_avx2_mm_set_epi8(uu____0, + uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + uu____10, + uu____11, + uu____12, + uu____13, + uu____14, + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i + coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i + coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients_loaded, + coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_loaded0; + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, + (int8_t)14, + (int8_t)15, + (int8_t)14, + (int8_t)13, + (int8_t)12, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)9, + (int8_t)8, + (int8_t)7, + (int8_t)6, + (int8_t)7, + (int8_t)6, + (int8_t)5, + (int8_t)4, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m256i uu____16 = coefficients0; + core_core_arch_x86___m256i + coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U, + (int16_t)1 << 0U, + (int16_t)1 << 5U, + (int16_t)1 << 2U, + (int16_t)1 << 7U, + (int16_t)1 << 4U, + (int16_t)1 << 9U, + (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, + coefficients1, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1, + (int16_t)1 << 10U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12, + (int32_t)0, + (int32_t)12)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [20U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U, + (int16_t)1 << 0U, + (int16_t)1 << 2U, + (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, + 8U, + 8U, + 7U, + 7U, + 6U, + 6U, + 5U, + 4U, + 3U, + 3U, + 2U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 13U, + 12U, + 12U, + 11U, + 10U, + 9U, + 9U, + 8U, + 8U, + 7U, + 7U, + 6U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + return coefficients3; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) +{ + int16_t output[16U] = { 0U }; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, + output, + int16_t, + Eurydice_slice), + v); + memcpy(ret, output, (size_t)16U * sizeof (int16_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) +{ + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); + return lit; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + int16_t array[16U]; + libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector + input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + result = libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = + uu____4 + | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = + uu____11 + | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t + uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)7) + << 8U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 5U; + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 7U; + uint8_t + *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) + & (int16_t)127) + << 4U; + uint8_t + *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) + & (int16_t)31) + << 6U; + uint8_t + *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) + << 3U; + uint8_t + *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +inline void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +) +{ + memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_avx2_portable_PortableVector + output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); + int16_t ret[16U]; + libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); + return + libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, + ret, + int16_t, + Eurydice_slice)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +inline void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t serialized[32U] = { 0U }; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i + adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1, + (int16_t)1 << 12U, + (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i + adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, + libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8, + (int32_t)0, + (int32_t)8)); + core_core_arch_x86___m256i + adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, + adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i + adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, + libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)-1, + (int8_t)13, + (int8_t)12, + (int8_t)11, + (int8_t)10, + (int8_t)9, + (int8_t)8, + (int8_t)5, + (int8_t)4, + (int8_t)3, + (int8_t)2, + (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i + lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i + upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + adjacent_8_combined, + core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_array_to_subslice((size_t)32U, + serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [24U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, + ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) +{ + core_core_arch_x86___m256i + shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U, + (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i + lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, + 10U, + 10U, + 9U, + 8U, + 7U, + 7U, + 6U, + 5U, + 4U, + 4U, + 3U, + 2U, + 1U, + 1U, + 0U)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, + libcrux_intrinsics_avx2_mm_set_epi8(15U, + 14U, + 14U, + 13U, + 12U, + 11U, + 11U, + 10U, + 9U, + 8U, + 8U, + 7U, + 6U, + 5U, + 5U, + 4U)); + core_core_arch_x86___m256i + coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i + coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, + coefficients, + upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + core_core_arch_x86___m256i + coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, + coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i + coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256(uu____2, + libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return coefficients3; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +) +{ + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +inline size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i + compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + lower_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i + lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], + (size_t)16U * sizeof (uint8_t)); + core_core_arch_x86___m128i + upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, + upper_shuffles, + uint8_t, + Eurydice_slice)); + core_core_arch_x86___m128i + upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + potential_coefficients, + core_core_arch_x86___m128i); + core_core_arch_x86___m128i + upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, + ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +) +{ + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +) +{ + return self[0U]; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +) +{ + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, + vector, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); +} + +static core_core_arch_x86___m256i +to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a +) +{ + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); + core_core_arch_x86___m256i + fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + uint8_t dummy_out0[504U] = { 0U }; + uint8_t dummy_out1[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____1, + uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + uint8_t dummy_out0[168U] = { 0U }; + uint8_t dummy_out1[168U] = { 0U }; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [168U], + Eurydice_slice), + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____1, + uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0(A_transpose[i]);); + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[2U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + uint8_t dummy_out0[192U] = { 0U }; + uint8_t dummy_out1[192U] = { 0U }; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [192U], + Eurydice_slice), + (size_t)1U, + uint8_t [192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + core_core_arch_x86___m256i + t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct +__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} +__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; + +static core_core_arch_x86___m256i +montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + fer); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + t = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, zeta_r); + b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static core_core_arch_x86___m256i +to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + uint8_t dummy_out0[128U] = { 0U }; + uint8_t dummy_out1[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____1, + uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r +) +{ + core_core_arch_x86___m256i + a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, + &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, zeta_r); + return + ( + (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static core_core_arch_x86___m256i +decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) +{ + return + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + uu____0 = decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + core_core_arch_x86___m256i + tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, + &tmp); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS + - (int32_t)1) + / (int32_t)2); + core_core_arch_x86___m256i + compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i + coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); + core_core_arch_x86___m256i + compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i + compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, + coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i + compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i + compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, + compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficients = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + core_core_arch_x86___m256i + field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i + two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i + coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i + coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i + decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); + core_core_arch_x86___m256i + decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i + coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, + vector, + core_core_arch_x86___m128i); + core_core_arch_x86___m256i + coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i + decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i + decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, + decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i + decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, + decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, + decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); + return + libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +) +{ + return + libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); + core_core_arch_x86___m256i + coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *);); + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____3, + uu____4, + uu____5, + uu____6, + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [168U], + Eurydice_slice), + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____3, + uu____4, + uu____5, + uu____6, + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0(A_transpose[i]);); + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[4U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____8 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____9 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + uu____9, + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, + Eurydice_slice out +) +{ + compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + uint8_t dummy_out0[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____2, + uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + uint8_t dummy_out0[168U] = { 0U }; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [168U], + Eurydice_slice), + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 + xof_state = + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0(A_transpose[i]);); + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[3U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + uint8_t dummy_out0[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____7 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + Eurydice_slice + uu____8 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_avx2_x4_shake256(uu____2, + uu____3, + uu____4, + uu____5, + uu____6, + uu____7, + uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + core_core_arch_x86___m256i, + Eurydice_slice), + core_core_arch_x86___m256i, + size_t); + i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = + ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..ecf17daec --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h @@ -0,0 +1,671 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem_avx2_H +#define __libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_avx2.h" +#include "libcrux_sha3.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void +); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i *rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, + int16_t c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector +); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, + int16_t constant +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, + core_core_arch_x86___m256i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, + core_core_arch_x86___m128i c +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, + int16_t zeta0, + int16_t zeta1 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, + int16_t zeta +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, + uint8_t ret[2U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, + uint8_t ret[8U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, + uint8_t ret[10U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, + uint8_t ret[20U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes +); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); + +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_avx2_portable_PortableVector; + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); + +void +libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); + +void +libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, + int16_t ret[16U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes +); + +void +libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, + uint8_t ret[24U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes +); + +size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, + Eurydice_slice output +); + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, + Eurydice_slice output +); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s +{ core_core_arch_x86___m256i coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2_Simd256Hash; + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +); + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +); + +void +libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c new file mode 100644 index 000000000..a39ab8e5d --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c @@ -0,0 +1,9734 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_core.h" + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) +{ + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0) + } + ); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) +{ + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)) + } + ); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; + core_core_arch_arm_shared_neon_int16x8_t + c0 = + libcrux_intrinsics_arm64__vandq_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; + core_core_arch_arm_shared_neon_int16x8_t + c1 = + libcrux_intrinsics_arm64__vandq_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t + vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, + LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t + vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t + quotient = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, + vec0, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + sub = + libcrux_intrinsics_arm64__vmulq_n_s16(quotient, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); + v.high = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high +) +{ + core_core_arch_arm_shared_neon_int16x8_t + k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vmulq_n_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t + c = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + int16_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t + v_high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + v.low = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.low, + c); + v.high = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.high, + c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t + quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t + shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t + mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + shifted, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + shifted_to_positive = libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t + shifted_positive_in_range = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t + shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + shifted0, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + shifted_to_positive0 = libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t + shifted_positive_in_range0 = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); +} + +inline int16_t +libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits) +{ + int16_t uu____0; + switch (coefficient_bits) + { + case 4: + { + uu____0 = (int16_t)15; + break; + } + case 5: + { + uu____0 = (int16_t)31; + break; + } + case 10: + { + uu____0 = (int16_t)1023; + break; + } + case 11: + { + uu____0 = (int16_t)2047; + break; + } + default: + { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t + v_high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); + core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int32x4_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); + core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int64x2_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +) +{ + core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t + a1 = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t + b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); + core_core_arch_arm_shared_neon_int32x4_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return + libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step(a, + zeta1, + zeta2, + zeta3, + zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t + b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); + core_core_arch_arm_shared_neon_int64x2_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +) +{ + core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t + a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t + b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t + b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t + a1b1 = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, b1); + core_core_arch_arm_shared_neon_int16x4_t + uu____0 = libcrux_intrinsics_arm64__vget_low_s16(a1b1); + core_core_arch_arm_shared_neon_int32x4_t + a1b1_low = + libcrux_intrinsics_arm64__vmull_s16(uu____0, + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t + a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____2 = libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int16x8_t + fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____1, + uu____2, + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t + fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, + a0, + b0)); + core_core_arch_arm_shared_neon_int16x4_t uu____3 = libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int32x4_t + a0b1_low = + libcrux_intrinsics_arm64__vmull_s16(uu____3, + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t + a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____5 = libcrux_intrinsics_arm64__vget_low_s16(a1); + core_core_arch_arm_shared_neon_int16x8_t + snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____4, + uu____5, + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t + snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, + a1, + b0)); + core_core_arch_arm_shared_neon_int16x8_t + fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t + fst_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t + snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t + snd_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t + fst = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t + snd = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(low0, + high0)); + core_core_arch_arm_shared_neon_int16x8_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(low0, + high0)); + uint8_t + indexes[16U] = { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U }; + core_core_arch_arm_shared_neon_uint8x16_t + index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + indexes, + uint8_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), + index)); + core_core_arch_arm_shared_neon_int16x8_t + high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), + index)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low2, .high = high2 }); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return + libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply(lhs, + rhs, + zeta1, + zeta2, + zeta3, + zeta4); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[2U] +) +{ + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t + high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) +{ + core_core_arch_arm_shared_neon_int16x8_t + one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t + low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, + (size_t)0U, + uint8_t, + uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t + high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, + (size_t)1U, + uint8_t, + uint8_t)); + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, + (int16_t)-7 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t + high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vandq_s16(low, one); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vandq_s16(high, one) + } + ); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[8U] +) +{ + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, + (int16_t)12 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + lowt = + libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), + shift); + core_core_arch_arm_shared_neon_uint16x8_t + hight = + libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), + shift); + uint64_t + sum0 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t + sum1 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t + sum2 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t + sum3 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) +{ + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t [8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t input = core_num__u64_9__from_le_bytes(ret); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input & 15ULL); + low[1U] = (int16_t)(input >> 4U & 15ULL); + low[2U] = (int16_t)(input >> 8U & 15ULL); + low[3U] = (int16_t)(input >> 12U & 15ULL); + low[4U] = (int16_t)(input >> 16U & 15ULL); + low[5U] = (int16_t)(input >> 20U & 15ULL); + low[6U] = (int16_t)(input >> 24U & 15ULL); + low[7U] = (int16_t)(input >> 28U & 15ULL); + high[0U] = (int16_t)(input >> 32U & 15ULL); + high[1U] = (int16_t)(input >> 36U & 15ULL); + high[2U] = (int16_t)(input >> 40U & 15ULL); + high[3U] = (int16_t)(input >> 44U & 15ULL); + high[4U] = (int16_t)(input >> 48U & 15ULL); + high[5U] = (int16_t)(input >> 52U & 15ULL); + high[6U] = (int16_t)(input >> 56U & 15ULL); + high[7U] = (int16_t)(input >> 60U & 15ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t ret[16U] +) +{ + int16_t out[16U] = { 0U }; + libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, + out, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, + out, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[10U] +) +{ + uint8_t res[10U] = { 0U }; + int16_t out[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); + res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); + res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); + res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); + res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); + res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); + res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | out[(size_t)8U + (size_t)1U] << 5U); + res[6U] = + (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | out[(size_t)8U + (size_t)2U] << 2U) + | out[(size_t)8U + (size_t)3U] << 7U); + res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | out[(size_t)8U + (size_t)4U] << 4U); + res[8U] = + (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | out[(size_t)8U + (size_t)5U] << 1U) + | out[(size_t)8U + (size_t)6U] << 6U); + res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | out[(size_t)8U + (size_t)7U] << 3U); + memcpy(ret, res, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)8U, + input0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____1[8U]; + memcpy(uu____1, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); + uint8_t input1[8U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)8U, + input1, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(low64 & 31ULL); + low[1U] = (int16_t)(low64 >> 5U & 31ULL); + low[2U] = (int16_t)(low64 >> 10U & 31ULL); + low[3U] = (int16_t)(low64 >> 15U & 31ULL); + low[4U] = (int16_t)(low64 >> 20U & 31ULL); + low[5U] = (int16_t)(low64 >> 25U & 31ULL); + low[6U] = (int16_t)(low64 >> 30U & 31ULL); + low[7U] = (int16_t)(low64 >> 35U & 31ULL); + high[0U] = (int16_t)(high64 & 31ULL); + high[1U] = (int16_t)(high64 >> 5U & 31ULL); + high[2U] = (int16_t)(high64 >> 10U & 31ULL); + high[3U] = (int16_t)(high64 >> 15U & 31ULL); + high[4U] = (int16_t)(high64 >> 20U & 31ULL); + high[5U] = (int16_t)(high64 >> 25U & 31ULL); + high[6U] = (int16_t)(high64 >> 30U & 31ULL); + high[7U] = (int16_t)(high64 >> 35U & 31ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[20U] +) +{ + core_core_arch_arm_shared_neon_int32x4_t + low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + mixt = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, + low00, + low10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, + low0, + low1, + core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t + high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, + high00, + high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, + high0, + high1, + core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)13U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)15U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)15U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)29U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + uint8_t input1[8U] = { 0U }; + uint8_t input2[4U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[4U]; + memcpy(uu____5, input2, (size_t)4U * sizeof (uint8_t)); + uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input00 & 1023ULL); + low[1U] = (int16_t)(input00 >> 10U & 1023ULL); + low[2U] = (int16_t)(input00 >> 20U & 1023ULL); + low[3U] = (int16_t)(input00 >> 30U & 1023ULL); + low[4U] = (int16_t)(input00 >> 40U & 1023ULL); + low[5U] = (int16_t)(input00 >> 50U & 1023ULL); + low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); + low[7U] = (int16_t)(input10 >> 6U & 1023ULL); + high[0U] = (int16_t)(input10 >> 16U & 1023ULL); + high[1U] = (int16_t)(input10 >> 26U & 1023ULL); + high[2U] = (int16_t)(input10 >> 36U & 1023ULL); + high[3U] = (int16_t)(input10 >> 46U & 1023ULL); + high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); + high[5U] = (int16_t)(input20 >> 2U & 1023U); + high[6U] = (int16_t)(input20 >> 12U & 1023U); + high[7U] = (int16_t)(input20 >> 22U & 1023U); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[22U] +) +{ + int16_t input[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)input[0U]; + result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); + result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); + result[3U] = (uint8_t)(input[2U] >> 2U); + result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); + result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); + result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); + result[7U] = (uint8_t)(input[5U] >> 1U); + result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); + result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); + result[10U] = (uint8_t)(input[7U] >> 3U); + result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; + result[(size_t)11U + (size_t)1U] = + (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | input[(size_t)8U + (size_t)1U] << 3U); + result[(size_t)11U + (size_t)2U] = + (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | input[(size_t)8U + (size_t)2U] << 6U); + result[(size_t)11U + (size_t)3U] = (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); + result[(size_t)11U + (size_t)4U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | input[(size_t)8U + (size_t)3U] << 1U); + result[(size_t)11U + (size_t)5U] = + (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | input[(size_t)8U + (size_t)4U] << 4U); + result[(size_t)11U + (size_t)6U] = + (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | input[(size_t)8U + (size_t)5U] << 7U); + result[(size_t)11U + (size_t)7U] = (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); + result[(size_t)11U + (size_t)8U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | input[(size_t)8U + (size_t)6U] << 2U); + result[(size_t)11U + (size_t)9U] = + (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | input[(size_t)8U + (size_t)7U] << 5U); + result[(size_t)11U + (size_t)10U] = (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + uint8_t input1[8U] = { 0U }; + uint8_t input2[8U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)8U, + input2, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[8U]; + memcpy(uu____5, input2, (size_t)8U * sizeof (uint8_t)); + uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input00 & 2047ULL); + low[1U] = (int16_t)(input00 >> 11U & 2047ULL); + low[2U] = (int16_t)(input00 >> 22U & 2047ULL); + low[3U] = (int16_t)(input00 >> 33U & 2047ULL); + low[4U] = (int16_t)(input00 >> 44U & 2047ULL); + low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); + low[6U] = (int16_t)(input10 >> 2U & 2047ULL); + low[7U] = (int16_t)(input10 >> 13U & 2047ULL); + high[0U] = (int16_t)(input10 >> 24U & 2047ULL); + high[1U] = (int16_t)(input10 >> 35U & 2047ULL); + high[2U] = (int16_t)(input10 >> 46U & 2047ULL); + high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); + high[4U] = (int16_t)(input20 >> 4U & 2047ULL); + high[5U] = (int16_t)(input20 >> 15U & 2047ULL); + high[6U] = (int16_t)(input20 >> 26U & 2047ULL); + high[7U] = (int16_t)(input20 >> 37U & 2047ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[24U] +) +{ + core_core_arch_arm_shared_neon_int32x4_t + low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + mixt = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, + low00, + low10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, + low0, + low1, + core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t + high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, + high00, + high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, + high0, + high1, + core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)6U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)14U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)18U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)18U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)30U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) +{ + uint8_t indexes[16U] = { 0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U }; + core_core_arch_arm_shared_neon_uint8x16_t + index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + indexes, + uint8_t, + Eurydice_slice)); + int16_t + shifts[8U] = + { + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, + (int16_t)-4 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift_vec = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifts, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)16U, + input0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_arm_shared_neon_uint8x16_t + input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + input0, + uint8_t, + Eurydice_slice)); + uint8_t input1[16U] = { 0U }; + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)16U, + input1, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_arm_shared_neon_uint8x16_t + input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + input1, + uint8_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, + index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t + shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted0, + mask12)); + core_core_arch_arm_shared_neon_uint16x8_t + moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, + index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t + shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted1, + mask12)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low, .high = high }); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self +) +{ + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + v.low = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + v.low, + core_core_arch_arm_shared_neon_int16x8_t); + v.high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + v.high, + core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t(a); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fm = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t( + uint8_t input[2U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[2U][504U] +) +{ + uint8_t out[2U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = self->shake128_state; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[2U][168U] +) +{ + uint8_t out[2U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[168U]; + memcpy(uu____2, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____2, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____3, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_slice a) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash + xof_state = + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, + randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t(&xof_state, + randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[2U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][192U] +) +{ + uint8_t out[2U][192U] = { { 0U } }; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [192U], + Eurydice_slice), + (size_t)1U, + uint8_t [192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[192U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [192U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)192U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[192U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [192U], void *); + libcrux_sha3_neon_x2_shake256(uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)192U, ret1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct +__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; +} +__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, + fer); +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(b, zeta_r); + b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][192U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(self->coefficients[j]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [800U], + libcrux_ml_kem_types_MlKemPublicKey____800size_t, + libcrux_ml_kem_types_MlKemPublicKey____800size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[2U][128U] +) +{ + uint8_t out[2U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[2U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + a_minus_b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &b)); + b = + montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_minus_b, + zeta_r); + return + ( + (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + tmp = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + tmp0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t(v); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficients = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [768U], + libcrux_ml_kem_types_MlKemCiphertext____768size_t, + libcrux_ml_kem_types_MlKemCiphertext____768size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t( + core_core_arch_arm_shared_neon_uint32x4_t v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t + low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t + high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t + high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t( + uint8_t input[4U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[4U][504U] +) +{ + uint8_t out[4U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = self->shake128_state; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____5 = &self->shake128_state[1U]; + uint8_t ret2[504U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); + Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[504U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____5, + uu____6, + Eurydice_array_to_slice((size_t)504U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[4U][168U] +) +{ + uint8_t out[4U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + uint8_t out2[168U] = { 0U }; + uint8_t out3[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof (uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash + xof_state = + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, + randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t(&xof_state, + randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[4U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[4U][128U] +) +{ + uint8_t out[4U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + uint8_t ret2[128U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); + Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + uint8_t ret3[128U]; + Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____6, + uu____7, + uu____8, + Eurydice_array_to_slice((size_t)128U, ret3, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemPublicKey____1568size_t, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[4U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out +) +{ + compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1568U], + libcrux_ml_kem_types_MlKemCiphertext____1568size_t, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t( + Eurydice_slice input, + uint8_t ret[64U] +) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +inline libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t( + uint8_t input[3U][34U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][504U] +) +{ + uint8_t out[3U][504U] = { { 0U } }; + uint8_t extra[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = self->shake128_state; + uint8_t ret0[504U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[504U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____4 = &self->shake128_state[1U]; + uint8_t ret2[504U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____4, + uu____5, + Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][168U] +) +{ + uint8_t out[3U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + uint8_t out2[168U] = { 0U }; + uint8_t out3[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + } + } + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash + xof_state = + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, + randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t(&xof_state, + randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1(uu____3[i]); + } + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0(A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) + { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[3U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t( + uint8_t (*input)[33U], + uint8_t ret[3U][128U] +) +{ + uint8_t out[3U][128U] = { { 0U } }; + uint8_t extra[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + uint8_t ret0[128U]; + Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); + uint8_t ret1[128U]; + Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); + libcrux_sha3_neon_x2_shake256(uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + uint8_t ret2[128U]; + Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(key_generation_seed, + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(public_key, + ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value +) +{ + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1184U], + libcrux_ml_kem_types_MlKemPublicKey____1184size_t, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, + prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t( + Eurydice_slice input, + uint8_t ret[128U] +) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + core_convert___core__convert__Into_U__for_T__3__into(uu____4, + uint8_t [1088U], + libcrux_ml_kem_types_MlKemCiphertext____1088size_t, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + } + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +inline void +libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t( + Eurydice_slice input, + uint8_t ret[32U] +) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, + to_hash0, + uint8_t, + Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, + to_hash, + uint8_t, + Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h new file mode 100644 index 000000000..b5af37f3c --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h @@ -0,0 +1,27 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem_neon_H +#define __libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_neon.h" +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s +{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } +libcrux_ml_kem_hash_functions_neon_Simd128Hash; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h new file mode 100644 index 000000000..f458aac48 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_mlkem_sha3_H +#define __libcrux_mlkem_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) + +#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c new file mode 100644 index 000000000..b1f487d73 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c @@ -0,0 +1,8 @@ +// HAND-WRITTEN FILE + +#include + +bool libcrux_platform_platform_simd256_support(void) { + // TODO: query cpuid and cache the results!! + return true; +} diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h new file mode 100644 index 000000000..0237027dc --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_platform_H +#define __libcrux_platform_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_platform_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c new file mode 100644 index 000000000..4ce0ae5d7 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c @@ -0,0 +1,2423 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "internal/libcrux_polynomial.h" + +#include "internal/libcrux_core.h" + +const +int16_t +libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = + { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, + (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, + (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, + (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, + (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, + (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, + (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, + (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, + (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, + (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, + (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, + (int16_t)1522, (int16_t)1628 + }; + +const +uint8_t +libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = + { + { + 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, + { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }, + { + 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }, + { + 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }, + { + 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U + }, { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }, + { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, + { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, + { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U } + }; + +static inline libcrux_ml_kem_vector_PortableVector zero(void) +{ + libcrux_ml_kem_vector_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +static libcrux_ml_kem_vector_PortableVector ZERO(void) +{ + return zero(); +} + +static inline libcrux_ml_kem_vector_PortableVector from_i16_array(Eurydice_slice array) +{ + libcrux_ml_kem_vector_PortableVector lit; + int16_t ret[16U]; + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + int16_t [16U], + void *); + core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, + ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + return lit; +} + +static libcrux_ml_kem_vector_PortableVector from_i16_array0(Eurydice_slice array) +{ + return from_i16_array(array); +} + +static inline libcrux_ml_kem_vector_PortableVector +add(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return add(lhs, rhs); +} + +static inline libcrux_ml_kem_vector_PortableVector +sub(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs +) +{ + return sub(lhs, rhs); +} + +static inline libcrux_ml_kem_vector_PortableVector +multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, + int16_t c +) +{ + return multiply_by_constant(v, c); +} + +static inline libcrux_ml_kem_vector_PortableVector +bitwise_and_with_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} + +static libcrux_ml_kem_vector_PortableVector +bitwise_and_with_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + return bitwise_and_with_constant(v, c); +} + +static inline libcrux_ml_kem_vector_PortableVector +cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) + { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + } + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v +) +{ + return cond_subtract_3329(v); +} + +#define BARRETT_MULTIPLIER ((int32_t)20159) + +#define BARRETT_SHIFT ((int32_t)26) + +#define BARRETT_R ((int32_t)1 << (uint32_t)BARRETT_SHIFT) + +static int16_t barrett_reduce_element(int16_t value) +{ + int32_t t = (int32_t)value * BARRETT_MULTIPLIER + (BARRETT_R >> 1U); + int16_t quotient = (int16_t)(t >> (uint32_t)BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +} + +static inline libcrux_ml_kem_vector_PortableVector +barrett_reduce(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = barrett_reduce_element(v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_PortableVector v +) +{ + return barrett_reduce(v); +} + +#define MONTGOMERY_SHIFT (16U) + +static int16_t montgomery_reduce_element(int32_t value) +{ + int32_t + k = + (int32_t)(int16_t)value + * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t + k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = (int16_t)(k_times_modulus >> (uint32_t)MONTGOMERY_SHIFT); + int16_t value_high = (int16_t)(value >> (uint32_t)MONTGOMERY_SHIFT); + return value_high - c; +} + +static inline int16_t montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) +{ + return montgomery_reduce_element((int32_t)fe * (int32_t)fer); +} + +static inline libcrux_ml_kem_vector_PortableVector +montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = montgomery_multiply_fe_by_fer(v.elements[i0], c); + v.elements[i0] = uu____0; + } + return v; +} + +static libcrux_ml_kem_vector_PortableVector +montgomery_multiply_by_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t r) +{ + return montgomery_multiply_by_constant(v, r); +} + +static uint8_t compress_message_coefficient(uint16_t fe) +{ + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress_1(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t uu____0 = compress_message_coefficient((uint16_t)v.elements[i0]); + v.elements[i0] = (int16_t)uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress_1(v); +} + +static inline uint32_t get_n_least_significant_bits(uint8_t n, uint32_t value) +{ + return value & ((1U << (uint32_t)n) - 1U); +} + +static int16_t compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) +{ + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t)get_n_least_significant_bits(coefficient_bits, (uint32_t)compressed); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t t = montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); + v.elements[2U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); + v.elements[3U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); + v.elements[6U] = v.elements[4U] - t1; + v.elements[4U] = v.elements[4U] + t1; + int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); + v.elements[7U] = v.elements[5U] - t2; + v.elements[5U] = v.elements[5U] + t2; + int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], zeta2); + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], zeta2); + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta3); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta3); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) +{ + int16_t t = montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); + v.elements[4U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); + v.elements[5U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); + v.elements[6U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); + v.elements[7U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], zeta1); + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], zeta1); + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta1); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta1); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return ntt_layer_2_step(a, zeta0, zeta1); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) +{ + int16_t t = montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + v.elements[8U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + v.elements[9U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[10U], zeta); + v.elements[10U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[11U], zeta); + v.elements[11U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[12U], zeta); + v.elements[12U] = v.elements[4U] - t3; + v.elements[4U] = v.elements[4U] + t3; + int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[13U], zeta); + v.elements[13U] = v.elements[5U] - t4; + v.elements[5U] = v.elements[5U] + t4; + int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[14U], zeta); + v.elements[14U] = v.elements[6U] - t5; + v.elements[6U] = v.elements[6U] + t5; + int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[15U], zeta); + v.elements[15U] = v.elements[7U] - t6; + v.elements[7U] = v.elements[7U] + t6; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return ntt_layer_3_step(a, zeta); +} + +static inline libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t a_minus_b = v.elements[2U] - v.elements[0U]; + int16_t uu____0 = barrett_reduce_element(v.elements[0U] + v.elements[2U]); + v.elements[0U] = uu____0; + int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[2U] = uu____1; + int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; + int16_t uu____2 = barrett_reduce_element(v.elements[1U] + v.elements[3U]); + v.elements[1U] = uu____2; + int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[3U] = uu____3; + int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; + int16_t uu____4 = barrett_reduce_element(v.elements[4U] + v.elements[6U]); + v.elements[4U] = uu____4; + int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + v.elements[6U] = uu____5; + int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; + int16_t uu____6 = barrett_reduce_element(v.elements[5U] + v.elements[7U]); + v.elements[5U] = uu____6; + int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + v.elements[7U] = uu____7; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t + uu____8 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); + v.elements[(size_t)8U + (size_t)0U] = uu____8; + int16_t uu____9 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + v.elements[(size_t)8U + (size_t)2U] = uu____9; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t + uu____10 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); + v.elements[(size_t)8U + (size_t)1U] = uu____10; + int16_t uu____11 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + v.elements[(size_t)8U + (size_t)3U] = uu____11; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t + uu____12 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); + v.elements[(size_t)8U + (size_t)4U] = uu____12; + int16_t uu____13 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + v.elements[(size_t)8U + (size_t)6U] = uu____13; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t + uu____14 = + barrett_reduce_element(v.elements[(size_t)8U + + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); + v.elements[(size_t)8U + (size_t)5U] = uu____14; + int16_t uu____15 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + v.elements[(size_t)8U + (size_t)7U] = uu____15; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +static inline libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) +{ + int16_t a_minus_b = v.elements[4U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[4U]; + int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[4U] = uu____0; + int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[5U]; + int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[5U] = uu____1; + int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[6U]; + int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + v.elements[6U] = uu____2; + int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[7U]; + int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + v.elements[7U] = uu____3; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v.elements[(size_t)8U + (size_t)4U] = uu____4; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v.elements[(size_t)8U + (size_t)5U] = uu____5; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + + (size_t)2U] + + v.elements[(size_t)8U + (size_t)6U]; + int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v.elements[(size_t)8U + (size_t)6U] = uu____6; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + + (size_t)3U] + + v.elements[(size_t)8U + (size_t)7U]; + int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v.elements[(size_t)8U + (size_t)7U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return inv_ntt_layer_2_step(a, zeta0, zeta1); +} + +static inline libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) +{ + int16_t a_minus_b = v.elements[8U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[8U]; + int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + v.elements[8U] = uu____0; + int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[9U]; + int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + v.elements[9U] = uu____1; + int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[10U]; + int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + v.elements[10U] = uu____2; + int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[11U]; + int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + v.elements[11U] = uu____3; + int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; + v.elements[4U] = v.elements[4U] + v.elements[12U]; + int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + v.elements[12U] = uu____4; + int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; + v.elements[5U] = v.elements[5U] + v.elements[13U]; + int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + v.elements[13U] = uu____5; + int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; + v.elements[6U] = v.elements[6U] + v.elements[14U]; + int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + v.elements[14U] = uu____6; + int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; + v.elements[7U] = v.elements[7U] + v.elements[15U]; + int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + v.elements[15U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector a, + int16_t zeta +) +{ + return inv_ntt_layer_3_step(a, zeta); +} + +typedef struct __int16_t_int16_t_s +{ + int16_t fst; + int16_t snd; +} +__int16_t_int16_t; + +static inline __int16_t_int16_t +ntt_multiply_binomials(__int16_t_int16_t _, __int16_t_int16_t _0, int16_t zeta) +{ + int16_t a0 = _.fst; + int16_t a1 = _.snd; + int16_t b0 = _0.fst; + int16_t b1 = _0.snd; + int32_t uu____0 = (int32_t)a0 * (int32_t)b0; + int16_t + uu____1 = + montgomery_reduce_element(uu____0 + + (int32_t)montgomery_reduce_element((int32_t)a1 * (int32_t)b1) * (int32_t)zeta); + return + ( + (__int16_t_int16_t){ + .fst = uu____1, + .snd = montgomery_reduce_element((int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0) + } + ); +} + +static inline libcrux_ml_kem_vector_PortableVector +ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + libcrux_ml_kem_vector_PortableVector out = zero(); + __int16_t_int16_t lit0; + lit0.fst = lhs->elements[0U]; + lit0.snd = lhs->elements[1U]; + __int16_t_int16_t lit1; + lit1.fst = rhs->elements[0U]; + lit1.snd = rhs->elements[1U]; + __int16_t_int16_t product = ntt_multiply_binomials(lit0, lit1, zeta0); + out.elements[0U] = product.fst; + out.elements[1U] = product.snd; + __int16_t_int16_t lit2; + lit2.fst = lhs->elements[2U]; + lit2.snd = lhs->elements[3U]; + __int16_t_int16_t lit3; + lit3.fst = rhs->elements[2U]; + lit3.snd = rhs->elements[3U]; + __int16_t_int16_t product0 = ntt_multiply_binomials(lit2, lit3, -zeta0); + out.elements[2U] = product0.fst; + out.elements[3U] = product0.snd; + __int16_t_int16_t lit4; + lit4.fst = lhs->elements[4U]; + lit4.snd = lhs->elements[5U]; + __int16_t_int16_t lit5; + lit5.fst = rhs->elements[4U]; + lit5.snd = rhs->elements[5U]; + __int16_t_int16_t product1 = ntt_multiply_binomials(lit4, lit5, zeta1); + out.elements[4U] = product1.fst; + out.elements[5U] = product1.snd; + __int16_t_int16_t lit6; + lit6.fst = lhs->elements[6U]; + lit6.snd = lhs->elements[7U]; + __int16_t_int16_t lit7; + lit7.fst = rhs->elements[6U]; + lit7.snd = rhs->elements[7U]; + __int16_t_int16_t product2 = ntt_multiply_binomials(lit6, lit7, -zeta1); + out.elements[6U] = product2.fst; + out.elements[7U] = product2.snd; + __int16_t_int16_t lit8; + lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; + lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; + __int16_t_int16_t lit9; + lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; + lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; + __int16_t_int16_t product3 = ntt_multiply_binomials(lit8, lit9, zeta2); + out.elements[(size_t)8U + (size_t)0U] = product3.fst; + out.elements[(size_t)8U + (size_t)1U] = product3.snd; + __int16_t_int16_t lit10; + lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; + lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; + __int16_t_int16_t lit11; + lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; + lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; + __int16_t_int16_t product4 = ntt_multiply_binomials(lit10, lit11, -zeta2); + out.elements[(size_t)8U + (size_t)2U] = product4.fst; + out.elements[(size_t)8U + (size_t)3U] = product4.snd; + __int16_t_int16_t lit12; + lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; + lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; + __int16_t_int16_t lit13; + lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; + lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; + __int16_t_int16_t product5 = ntt_multiply_binomials(lit12, lit13, zeta3); + out.elements[(size_t)8U + (size_t)4U] = product5.fst; + out.elements[(size_t)8U + (size_t)5U] = product5.snd; + __int16_t_int16_t lit14; + lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; + lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; + __int16_t_int16_t lit; + lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; + lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; + __int16_t_int16_t product6 = ntt_multiply_binomials(lit14, lit, -zeta3); + out.elements[(size_t)8U + (size_t)6U] = product6.fst; + out.elements[(size_t)8U + (size_t)7U] = product6.snd; + return out; +} + +static libcrux_ml_kem_vector_PortableVector +ntt_multiply0( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); +} + +static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) +{ + uint8_t result[2U] = { 0U }; + KRML_MAYBE_FOR8(i, + (size_t)0U, + (size_t)8U, + (size_t)1U, + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); + KRML_MAYBE_FOR8(i, + (size_t)8U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] + | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U);); + memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_1(Eurydice_slice v) +{ + libcrux_ml_kem_vector_PortableVector result = zero(); + KRML_MAYBE_FOR8(i, + (size_t)0U, + (size_t)8U, + (size_t)1U, + size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); + for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + } + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_slice a +) +{ + return deserialize_1(a); +} + +static inline void serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) +{ + uint8_t result[8U] = { 0U }; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_4(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + Eurydice_slice a +) +{ + return deserialize_4(a); +} + +static inline void serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) +{ + uint8_t result[10U] = { 0U }; + result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); + result[1U] = + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); + result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + result[3U] = + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); + result[5U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) + << 5U + | v.elements[(size_t)8U + (size_t)0U]); + result[6U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) + << 7U + | v.elements[(size_t)8U + (size_t)2U] << 2U) + | v.elements[(size_t)8U + (size_t)1U] >> 3U); + result[7U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | v.elements[(size_t)8U + (size_t)3U] >> 1U); + result[8U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) + << 6U + | v.elements[(size_t)8U + (size_t)5U] << 1U) + | v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)7U] + << 3U + | v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_5(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector v = zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); + uint8_t + uu____1 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) + << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); + uint8_t + uu____4 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) + << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); + uint8_t + uu____6 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) + << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); + uint8_t + uu____9 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) + << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); + uint8_t + *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); + uint8_t + uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & 3U) + << 3U; + uint8_t + *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); + uint8_t + *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); + uint8_t + uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & 15U) + << 1U; + uint8_t + *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t + uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + & 1U) + << 4U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t + *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); + uint8_t + uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & 7U) + << 2U; + uint8_t + *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t + *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + Eurydice_slice a +) +{ + return deserialize_5(a); +} + +static inline void serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) +{ + uint8_t result[20U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); + result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); + result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[11U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + result[18U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); + result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_10(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; + int16_t + uu____8 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); + int16_t + uu____10 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; + int16_t + uu____12 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; + int16_t + uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 8U; + uint8_t + *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 6U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 4U; + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; + int16_t + uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; + int16_t + uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 8U; + uint8_t + *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); + int16_t + uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 6U; + uint8_t + *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; + int16_t + uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 4U; + uint8_t + *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; + int16_t + uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + Eurydice_slice a +) +{ + return deserialize_10(a); +} + +static inline void serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector result = zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = + uu____4 + | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = + uu____11 + | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t + uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)7) + << 8U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 5U; + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 7U; + uint8_t + *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) + & (int16_t)127) + << 4U; + uint8_t + *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) + & (int16_t)31) + << 6U; + uint8_t + *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) + << 3U; + uint8_t + *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + Eurydice_slice a +) +{ + return deserialize_11(a); +} + +static inline void serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) +{ + uint8_t result[24U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); + result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); + result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); + result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); + result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); + result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); + result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[13U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)0U] + >> 8U + | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); + result[16U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)2U] + >> 8U + | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)4U] + >> 8U + | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); + result[22U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)6U] + >> 8U + | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_PortableVector re = zero(); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t + byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t); + int16_t + byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t *, uint8_t); + re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); + re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); + re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); + re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); + re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); + re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); + int16_t + byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t *, uint8_t); + int16_t + byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t *, uint8_t); + int16_t + byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t *, uint8_t); + int16_t + byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t *, uint8_t); + int16_t + byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t *, uint8_t); + int16_t + byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t *, uint8_t); + int16_t + byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t *, uint8_t); + int16_t + byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t *, uint8_t); + int16_t + byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t *, uint8_t); + int16_t + byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t *, uint8_t); + int16_t + byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t *, uint8_t); + int16_t + byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t *, uint8_t); + re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); + re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); + re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); + re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); + re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); + re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); + re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); + re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); + return re; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + Eurydice_slice a +) +{ + return deserialize_12(a); +} + +static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return rej_sample(a, out); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_PortableVector +to_standard_domain__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + montgomery_multiply_by_constant0(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___5int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___4int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___11int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return compress___10int32_t(v); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + montgomery_multiply_by_constant0(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector + tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v +) +{ + return + bitwise_and_with_constant0(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(ZERO(), + &v), + (int16_t)1665); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = + montgomery_multiply_by_constant0(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( + void +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; + lit.coefficients[0U] = ZERO(); + lit.coefficients[1U] = ZERO(); + lit.coefficients[2U] = ZERO(); + lit.coefficients[3U] = ZERO(); + lit.coefficients[4U] = ZERO(); + lit.coefficients[5U] = ZERO(); + lit.coefficients[6U] = ZERO(); + lit.coefficients[7U] = ZERO(); + lit.coefficients[8U] = ZERO(); + lit.coefficients[9U] = ZERO(); + lit.coefficients[10U] = ZERO(); + lit.coefficients[11U] = ZERO(); + lit.coefficients[12U] = ZERO(); + lit.coefficients[13U] = ZERO(); + lit.coefficients[14U] = ZERO(); + lit.coefficients[15U] = ZERO(); + return lit; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice a +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + from_i16_array0(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_vector_PortableVector +shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + } + return v; +} + +static libcrux_ml_kem_vector_PortableVector +shift_right___15int32_t0(libcrux_ml_kem_vector_PortableVector v) +{ + return shift_right___15int32_t(v); +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a +) +{ + libcrux_ml_kem_vector_PortableVector t = shift_right___15int32_t0(a); + libcrux_ml_kem_vector_PortableVector + fm = bitwise_and_with_constant0(t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, + &fm); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + coefficient_normal_form = montgomery_multiply_by_constant0(b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + ntt_multiply0(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); + decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); + decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___4int32_t(v); +} + +void +libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector v, + int16_t fer +) +{ + return montgomery_multiply_by_constant0(v, fer); +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); + decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_vector_PortableVector +decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v +) +{ + return decompress_ciphertext_coefficient___10int32_t(v); +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h new file mode 100644 index 000000000..7a5c9a696 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h @@ -0,0 +1,31 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_polynomial_H +#define __libcrux_polynomial_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_PortableVector; + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s +{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_polynomial_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c new file mode 100644 index 000000000..0a2961bbd --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c @@ -0,0 +1,3246 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_core.h" + +#include "libcrux_sha3.h" + +#include "internal/libcrux_core.h" + + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) +{ + return 0ULL; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) +{ + uint64_t uu____0 = a; + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) +{ + return a ^ (b & ~c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) +{ + return a ^ c; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +) +{ + return a ^ b; +} + +static inline void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + ret[0U] = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out[0U], + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +) +{ + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +static inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + uint64_t + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + uint64_t + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + uint64_t + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + uint64_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + uint64_t + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + uint64_t + uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + uint64_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t i1 = i0; + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t j = i; + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)72U, + (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); +} + +void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) +{ + size_t uu____0; + switch (mode) + { + case libcrux_sha3_Sha224: + { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = (size_t)64U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +static inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)144U, + (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)104U, + (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); +} + +void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha224(digest, payload); +} + +void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) +{ + uint8_t out[28U] = { 0U }; + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +} + +void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha256(digest, payload); +} + +void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) +{ + uint8_t out[32U] = { 0U }; + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha384(digest, payload); +} + +void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) +{ + uint8_t out[48U] = { 0U }; + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +} + +void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha512(digest, payload); +} + +void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)168U, + (size_t)168U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); +} + +void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); +} + +static const +size_t +libcrux_sha3_generic_keccak__PI[24U] = + { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, + (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, + (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, + (size_t)14U, (size_t)15U, (size_t)21U + }; + +static const +size_t +libcrux_sha3_generic_keccak__ROTC[24U] = + { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, + (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, + (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, + (size_t)61U, (size_t)56U, (size_t)14U + }; + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +) +{ + return self[0U]; +} + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +) +{ + uint32_t uu____0; + switch (v) + { + case libcrux_sha3_Sha224: + { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = 4U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) +{ + libcrux_sha3_Algorithm uu____0; + switch (v) + { + case 1U: + { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: + { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: + { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: + { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h new file mode 100644 index 000000000..119c1131c --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h @@ -0,0 +1,966 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_H +#define __libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" +static const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; + + /* + +extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); + +uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +); + +uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +); + +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid); + +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +); + */ + +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s +{ uint64_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; + + /* +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +); + +void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + */ +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); + /* +void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + */ + +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); + + /* +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + */ + +void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_KeccakState1; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void); + + /* +void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + */ + +void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +); + /* +void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + */ +void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + /* +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + */ + +void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); + /* +void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + */ + +void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); + +void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); + +void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); + +void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); + +void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); + /* +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + */ +void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); + /* +extern const size_t libcrux_sha3_generic_keccak__PI[24U]; + +extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +); + +uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +); + +libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); + */ + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c new file mode 100644 index 000000000..df0ccfaa1 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c @@ -0,0 +1,2520 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_sha3_avx2.h" + +#include "internal/libcrux_core.h" + +static inline core_core_arch_x86___m256i zero(void) +{ + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static inline core_core_arch_x86___m256i +_veor5q_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i +xor5( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e +) +{ + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i +rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i +rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i +_vbcaxq_u64( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + core_core_arch_x86___m256i uu____0 = a; + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i +and_not_xor( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c +) +{ + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) +{ + core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) +{ + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i +xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void +slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) +{ + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(a[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(a[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = + Eurydice_slice_subslice(a[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +slice_n(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) +{ + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) +{ + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out0, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at_mut(out1, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at_mut(out2, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at_mut(out3, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) +{ + return split_at_mut_4(a, mid); +} + +inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void +load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void +load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline core_core_arch_x86___m256i +rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___36int32_t_28int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___41int32_t_23int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___18int32_t_46int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___44int32_t_20int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___10int32_t_54int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___45int32_t_19int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___43int32_t_21int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___15int32_t_49int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___28int32_t_36int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___25int32_t_39int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___21int32_t_43int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___27int32_t_37int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___20int32_t_44int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___39int32_t_25int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_x86___m256i +rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) +{ + core_core_arch_x86___m256i + uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); + return + libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i +_vxarq_u64___14int32_t_50int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) +{ + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_x86___m256i +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b +) +{ + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i + uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); + core_core_arch_x86___m256i + uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); + core_core_arch_x86___m256i + uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); + core_core_arch_x86___m256i + uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); + core_core_arch_x86___m256i + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + core_core_arch_x86___m256i + uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i + uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i + uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i + uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i + uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i + uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i + uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i + uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i + uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i + uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i + uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i + uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i + uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i + uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i + uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i + uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i + uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i + uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i + uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i + uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i + uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i + uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i + uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i + uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i + uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + core_core_arch_x86___m256i [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t i1 = i0; + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t j = i; + core_core_arch_x86___m256i + uu____0 = + and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +) +{ + core_core_arch_x86___m256i + uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); + libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void +load_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + load_block___136size_t(uu____0, buf); +} + +static inline void +load_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___136size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void +store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + uint8_t out2[200U] = { 0U }; + uint8_t out3[200U] = { 0U }; + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + out3, + uint8_t, + Eurydice_slice) + }; + store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) +{ + uint8_t ret0[4U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + uint8_t b[4U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) +{ + store_block___136size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + store_block___136size_t0(s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, + ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } + else + { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, + o); + memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, + buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); +} + +static inline void +load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i + v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i + v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v0l, + v2l, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + v1h, + v3h, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U + * i0 + / (size_t)5U][(size_t)4U + * i0 + % (size_t)5U], + v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i + uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) + / (size_t)5U][((size_t)4U * i0 + (size_t)1U) + % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + uu____1; + core_core_arch_x86___m256i + uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) + / (size_t)5U][((size_t)4U * i0 + (size_t)2U) + % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + uu____2; + core_core_arch_x86___m256i + uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) + / (size_t)5U][((size_t)4U * i0 + (size_t)3U) + % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s, + uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + Eurydice_slice + uu____9 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____10 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____10, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____11 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____11, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____12 = + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____12, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_x86___m256i + u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, + u8s0, + uint8_t, + Eurydice_slice)); + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void +load_block_full___168size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[4U] = + { + uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)200U, + blocks[3U], + uint8_t, + Eurydice_slice) + }; + load_block___168size_t(uu____0, buf); +} + +static inline void +load_block_full___168size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) +{ + core_core_arch_x86___m256i (*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + load_block_full___168size_t0(uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +) +{ + Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, + buf); +} + +static inline void +store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) + { + size_t i0 = i; + core_core_arch_x86___m256i + v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i + v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = { 0U }; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + u8s, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + if (rem == (size_t)16U) + { + uint8_t u8s0[32U] = { 0U }; + size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice + uu____6 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____7 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____7, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____8 = + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____8, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____9 = + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____9, + Eurydice_array_to_subslice((size_t)32U, + u8s0, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) +{ + store_block___168size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___168size_t0(s->st, out); +} + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + store_block___168size_t0(s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +) +{ + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____0 = split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____1 = split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o1); + libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, + o2); +} + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h new file mode 100644 index 000000000..0952f20d6 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h @@ -0,0 +1,181 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_avx2_H +#define __libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "intrinsics/libcrux_intrinsics_avx2.h" + +#include "libcrux_sha3.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s +{ core_core_arch_x86___m256i st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; + +/* +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( + void +); + +void +libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice blocks[4U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], + Eurydice_slice out[4U] +); +*/ + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void); + + /* +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + */ + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +); + + /* +void +libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + */ + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + + /* + +void +libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + */ + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c new file mode 100644 index 000000000..e59cda99e --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c @@ -0,0 +1,177 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#include "libcrux_sha3_neon.h" + +#include "internal/libcrux_core.h" + +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice data0, + Eurydice_slice data1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h new file mode 100644 index 000000000..e87dedbca --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h @@ -0,0 +1,70 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + F* version: 58c915a8 + KaRaMeL version: 04cb86b9 + */ + +#ifndef __libcrux_sha3_neon_H +#define __libcrux_sha3_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "intrinsics/libcrux_intrinsics_arm64.h" + +#include "libcrux_sha3.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +); + +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } +libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void); + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice data0, + Eurydice_slice data1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc b/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc new file mode 100644 index 000000000..382e2a5c9 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc @@ -0,0 +1,302 @@ +/* + * Copyright 2023 Cryspen Sarl + * + * Licensed under the Apache License, Version 2.0 or MIT. + * - http://www.apache.org/licenses/LICENSE-2.0 + * - http://opensource.org/licenses/MIT + */ + +#include +#include +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" +#include "internal/libcrux_core.h" +// #include "util.h" + +using namespace std; + +typedef vector bytes; + +vector +from_hex(const string &hex) +{ + if (hex.length() % 2 == 1) + { + throw invalid_argument("Odd-length hex string"); + } + + int len = static_cast(hex.length()) / 2; + vector out(len); + for (int i = 0; i < len; i += 1) + { + string byte = hex.substr(2 * i, 2); + out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); + } + + return out; +} + +string +bytes_to_hex(const vector &data) +{ + stringstream hex(ios_base::out); + hex.flags(ios::hex); + for (const auto &byte : data) + { + hex << setw(2) << setfill('0') << int(byte); + } + return hex.str(); +} + +class KAT +{ +public: + bytes key_generation_seed; + bytes sha3_256_hash_of_public_key; + bytes sha3_256_hash_of_secret_key; + bytes encapsulation_seed; + bytes sha3_256_hash_of_ciphertext; + bytes shared_secret; +}; + +vector +read_kats(string path) +{ + ifstream kat_file(path); + nlohmann::json kats_raw; + kat_file >> kats_raw; + + vector kats; + + // Read test group + for (auto &kat_raw : kats_raw.items()) + { + auto kat_raw_value = kat_raw.value(); + + kats.push_back(KAT{ + .key_generation_seed = from_hex(kat_raw_value["key_generation_seed"]), + .sha3_256_hash_of_public_key = + from_hex(kat_raw_value["sha3_256_hash_of_public_key"]), + .sha3_256_hash_of_secret_key = + from_hex(kat_raw_value["sha3_256_hash_of_secret_key"]), + .encapsulation_seed = from_hex(kat_raw_value["encapsulation_seed"]), + .sha3_256_hash_of_ciphertext = + from_hex(kat_raw_value["sha3_256_hash_of_ciphertext"]), + .shared_secret = from_hex(kat_raw_value["shared_secret"]), + }); + } + + return kats; +} + +// void +// modify_ciphertext(uint8_t* ciphertext, size_t ciphertext_size) +// { +// uint8_t randomness[3]; +// generate_random(randomness, 3); + +// uint8_t random_byte = randomness[0]; +// if (random_byte == 0) { +// random_byte += 1; +// } + +// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; + +// uint16_t random_position = random_u16 % ciphertext_size; + +// ciphertext[random_position] ^= random_byte; +// } + +// void +// modify_secret_key(uint8_t* secret_key, +// size_t secret_key_size, +// bool modify_implicit_rejection_value) +// { +// uint8_t randomness[3]; +// generate_random(randomness, 3); + +// uint8_t random_byte = randomness[0]; +// if (random_byte == 0) { +// random_byte += 1; +// } + +// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; + +// uint16_t random_position = 0; + +// if (modify_implicit_rejection_value == true) { +// random_position = (secret_key_size - 32) + (random_u16 % 32); +// } else { +// random_position = random_u16 % (secret_key_size - 32); +// } + +// secret_key[random_position] ^= random_byte; +// } + +// uint8_t* +// compute_implicit_rejection_shared_secret(uint8_t* ciphertext, +// size_t ciphertext_size, +// uint8_t* secret_key, +// size_t secret_key_size) +// { +// uint8_t* hashInput = new uint8_t[32 + ciphertext_size]; +// uint8_t* sharedSecret = new uint8_t[32]; + +// std::copy(secret_key + (secret_key_size - 32), +// secret_key + secret_key_size, +// hashInput); +// std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); + +// Hacl_Hash_SHA3_shake256_hacl( +// 32 + ciphertext_size, hashInput, 32, sharedSecret); + +// delete[] hashInput; +// return sharedSecret; +// } + +TEST(MlKem768Test, ConsistencyTest) +{ + uint8_t randomness[64]; + for (int i = 0; i < 64; i++) + randomness[i] = 13; + // generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + // printf("pk: "); + // print_hex_ln(1184, key_pair.pk.value); + // printf("sk: "); + // print_hex_ln(2400, key_pair.sk.value); + + // generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + // printf("ctxt: "); + // print_hex_ln(1088U, ctxt.fst.value); + // printf("secret: "); + // print_hex_ln(32, ctxt.snd); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + // printf("secret2: "); + // print_hex_ln(32, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + +// TEST(Kyber768Test, ModifiedCiphertextTest) +// { +// uint8_t randomness[64]; +// generate_random(randomness, 64); +// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + +// generate_random(randomness, 32); +// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + +// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; +// modify_ciphertext(ctxt.fst.value, +// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); +// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + +// EXPECT_NE(0, +// memcmp(ctxt.snd, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + +// uint8_t* implicitRejectionSharedSecret = +// compute_implicit_rejection_shared_secret( +// ctxt.fst.value, +// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, +// key_pair.sk.value, +// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); + +// EXPECT_EQ(0, +// memcmp(implicitRejectionSharedSecret, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +// delete[] implicitRejectionSharedSecret; +// } + +// TEST(Kyber768Test, ModifiedSecretKeyTest) +// { +// uint8_t randomness[64]; +// generate_random(randomness, 64); +// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + +// generate_random(randomness, 32); +// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + +// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; +// modify_secret_key( +// key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); +// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + +// EXPECT_NE(0, +// memcmp(ctxt.snd, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + +// modify_secret_key( +// ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); +// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + +// uint8_t* implicitRejectionSharedSecret = +// compute_implicit_rejection_shared_secret( +// ctxt.fst.value, +// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, +// key_pair.sk.value, +// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); +// EXPECT_EQ(0, +// memcmp(implicitRejectionSharedSecret, +// sharedSecret2, +// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +// delete[] implicitRejectionSharedSecret; +// } + +TEST(MlKem768Test, NISTKnownAnswerTest) +{ + // XXX: This should be done in a portable way. + auto kats = read_kats("tests/mlkem768_nistkats.json"); + + for (auto kat : kats) + { + auto key_pair = + libcrux_ml_kem_mlkem768_generate_key_pair(kat.key_generation_seed.data()); + uint8_t pk_hash[32]; + libcrux_sha3_sha256( + EURYDICE_SLICE(key_pair.pk.value, 0, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), + pk_hash); + EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); + uint8_t sk_hash[32]; + libcrux_sha3_sha256( + EURYDICE_SLICE(key_pair.sk.value, 0, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); + EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); + + auto ctxt = libcrux_ml_kem_mlkem768_encapsulate( + &key_pair.pk, kat.encapsulation_seed.data()); + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + EURYDICE_SLICE(ctxt.fst.value, 0, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + // FIXME: REMOVE AGAIN + break; + } +} diff --git a/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json b/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json new file mode 100644 index 000000000..6a819f80d --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json @@ -0,0 +1,802 @@ +[ + { + "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", + "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", + "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", + "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", + "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", + "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" + }, + { + "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", + "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", + "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", + "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", + "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", + "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" + }, + { + "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", + "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", + "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", + "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", + "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", + "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" + }, + { + "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", + "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", + "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", + "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", + "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", + "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" + }, + { + "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", + "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", + "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", + "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", + "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", + "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" + }, + { + "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", + "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", + "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", + "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", + "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", + "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" + }, + { + "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", + "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", + "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", + "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", + "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", + "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" + }, + { + "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", + "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", + "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", + "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", + "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", + "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" + }, + { + "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", + "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", + "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", + "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", + "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", + "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" + }, + { + "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", + "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", + "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", + "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", + "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", + "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" + }, + { + "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", + "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", + "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", + "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", + "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", + "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" + }, + { + "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", + "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", + "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", + "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", + "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", + "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" + }, + { + "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", + "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", + "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", + "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", + "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", + "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" + }, + { + "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", + "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", + "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", + "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", + "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", + "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" + }, + { + "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", + "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", + "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", + "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", + "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", + "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" + }, + { + "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", + "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", + "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", + "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", + "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", + "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" + }, + { + "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", + "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", + "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", + "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", + "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", + "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" + }, + { + "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", + "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", + "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", + "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", + "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", + "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" + }, + { + "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", + "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", + "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", + "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", + "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", + "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" + }, + { + "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", + "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", + "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", + "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", + "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", + "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" + }, + { + "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", + "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", + "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", + "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", + "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", + "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" + }, + { + "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", + "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", + "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", + "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", + "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", + "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" + }, + { + "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", + "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", + "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", + "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", + "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", + "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" + }, + { + "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", + "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", + "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", + "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", + "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", + "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" + }, + { + "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", + "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", + "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", + "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", + "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", + "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" + }, + { + "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", + "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", + "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", + "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", + "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", + "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" + }, + { + "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", + "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", + "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", + "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", + "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", + "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" + }, + { + "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", + "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", + "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", + "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", + "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", + "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" + }, + { + "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", + "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", + "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", + "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", + "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", + "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" + }, + { + "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", + "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", + "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", + "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", + "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", + "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" + }, + { + "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", + "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", + "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", + "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", + "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", + "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" + }, + { + "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", + "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", + "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", + "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", + "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", + "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" + }, + { + "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", + "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", + "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", + "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", + "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", + "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" + }, + { + "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", + "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", + "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", + "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", + "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", + "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" + }, + { + "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", + "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", + "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", + "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", + "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", + "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" + }, + { + "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", + "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", + "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", + "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", + "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", + "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" + }, + { + "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", + "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", + "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", + "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", + "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", + "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" + }, + { + "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", + "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", + "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", + "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", + "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", + "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" + }, + { + "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", + "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", + "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", + "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", + "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", + "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" + }, + { + "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", + "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", + "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", + "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", + "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", + "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" + }, + { + "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", + "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", + "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", + "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", + "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", + "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" + }, + { + "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", + "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", + "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", + "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", + "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", + "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" + }, + { + "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", + "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", + "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", + "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", + "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", + "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" + }, + { + "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", + "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", + "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", + "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", + "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", + "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" + }, + { + "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", + "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", + "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", + "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", + "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", + "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" + }, + { + "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", + "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", + "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", + "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", + "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", + "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" + }, + { + "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", + "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", + "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", + "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", + "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", + "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" + }, + { + "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", + "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", + "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", + "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", + "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", + "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" + }, + { + "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", + "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", + "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", + "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", + "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", + "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" + }, + { + "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", + "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", + "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", + "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", + "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", + "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" + }, + { + "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", + "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", + "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", + "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", + "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", + "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" + }, + { + "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", + "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", + "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", + "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", + "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", + "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" + }, + { + "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", + "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", + "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", + "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", + "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", + "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" + }, + { + "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", + "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", + "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", + "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", + "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", + "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" + }, + { + "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", + "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", + "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", + "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", + "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", + "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" + }, + { + "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", + "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", + "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", + "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", + "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", + "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" + }, + { + "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", + "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", + "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", + "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", + "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", + "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" + }, + { + "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", + "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", + "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", + "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", + "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", + "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" + }, + { + "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", + "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", + "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", + "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", + "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", + "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" + }, + { + "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", + "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", + "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", + "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", + "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", + "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" + }, + { + "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", + "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", + "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", + "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", + "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", + "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" + }, + { + "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", + "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", + "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", + "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", + "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", + "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" + }, + { + "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", + "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", + "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", + "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", + "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", + "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" + }, + { + "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", + "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", + "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", + "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", + "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", + "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" + }, + { + "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", + "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", + "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", + "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", + "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", + "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" + }, + { + "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", + "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", + "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", + "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", + "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", + "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" + }, + { + "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", + "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", + "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", + "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", + "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", + "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" + }, + { + "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", + "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", + "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", + "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", + "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", + "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" + }, + { + "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", + "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", + "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", + "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", + "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", + "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" + }, + { + "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", + "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", + "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", + "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", + "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", + "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" + }, + { + "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", + "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", + "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", + "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", + "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", + "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" + }, + { + "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", + "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", + "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", + "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", + "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", + "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" + }, + { + "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", + "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", + "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", + "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", + "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", + "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" + }, + { + "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", + "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", + "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", + "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", + "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", + "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" + }, + { + "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", + "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", + "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", + "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", + "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", + "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" + }, + { + "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", + "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", + "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", + "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", + "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", + "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" + }, + { + "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", + "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", + "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", + "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", + "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", + "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" + }, + { + "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", + "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", + "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", + "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", + "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", + "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" + }, + { + "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", + "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", + "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", + "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", + "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", + "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" + }, + { + "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", + "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", + "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", + "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", + "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", + "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" + }, + { + "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", + "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", + "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", + "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", + "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", + "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" + }, + { + "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", + "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", + "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", + "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", + "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", + "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" + }, + { + "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", + "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", + "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", + "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", + "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", + "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" + }, + { + "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", + "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", + "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", + "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", + "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", + "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" + }, + { + "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", + "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", + "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", + "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", + "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", + "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" + }, + { + "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", + "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", + "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", + "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", + "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", + "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" + }, + { + "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", + "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", + "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", + "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", + "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", + "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" + }, + { + "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", + "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", + "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", + "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", + "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", + "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" + }, + { + "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", + "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", + "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", + "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", + "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", + "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" + }, + { + "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", + "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", + "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", + "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", + "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", + "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" + }, + { + "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", + "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", + "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", + "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", + "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", + "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" + }, + { + "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", + "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", + "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", + "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", + "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", + "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" + }, + { + "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", + "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", + "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", + "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", + "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", + "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" + }, + { + "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", + "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", + "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", + "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", + "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", + "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" + }, + { + "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", + "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", + "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", + "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", + "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", + "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" + }, + { + "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", + "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", + "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", + "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", + "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", + "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" + }, + { + "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", + "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", + "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", + "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", + "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", + "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" + }, + { + "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", + "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", + "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", + "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", + "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", + "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" + }, + { + "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", + "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", + "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", + "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", + "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", + "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" + }, + { + "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", + "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", + "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", + "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", + "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", + "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" + } +] diff --git a/libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc b/libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc new file mode 100644 index 000000000..7184a6754 --- /dev/null +++ b/libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc @@ -0,0 +1,84 @@ + +#include +#include + +#include "libcrux_sha3.h" +#include "libcrux_mlkem768.h" + +using namespace std; + +typedef vector bytes; + +vector +from_hex(const string& hex) +{ + if (hex.length() % 2 == 1) { + throw invalid_argument("Odd-length hex string"); + } + + int len = static_cast(hex.length()) / 2; + vector out(len); + for (int i = 0; i < len; i += 1) { + string byte = hex.substr(2 * i, 2); + out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); + } + + return out; +} + +string +bytes_to_hex(const vector& data) +{ + stringstream hex(ios_base::out); + hex.flags(ios::hex); + for (const auto& byte : data) { + hex << setw(2) << setfill('0') << int(byte); + } + return hex.str(); +} + +TEST(Sha3Test, ConsistencyTest) +{ + const char* message = "Hello, World!"; + uint32_t message_size = strlen(message); + + uint8_t digest[32]; + Eurydice_slice input; + input.ptr = (void*) message; + input.len = message_size; + + libcrux_sha3_sha256(input,digest); + + bytes expected_digest = from_hex( + "1af17a664e3fa8e419b8ba05c2a173169df76162a5a286e0c405b460d478f7ef"); + + EXPECT_EQ(strncmp((char*)digest, + (char*)expected_digest.data(), + 32), + 0); +} + +#define KYBER768_SECRETKEYBYTES 2400 +#define KYBER768_PUBLICKEYBYTES 1184 +#define KYBER768_CIPHERTEXTBYTES 1088 +#define KYBER768_SHAREDSECRETBYTES 32 + +TEST(Kyber768Test, ConsistencyTest) +{ + uint8_t randomness[64] = { 0 }; + uint8_t publicKey[KYBER768_PUBLICKEYBYTES]; + uint8_t secretKey[KYBER768_SECRETKEYBYTES]; + + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t kp = + libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + + uint8_t ciphertext[KYBER768_CIPHERTEXTBYTES]; + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ cipher_and_shared_secret = + libcrux_ml_kem_mlkem768_encapsulate(&kp.pk, randomness); + + uint8_t sharedSecret2[KYBER768_SHAREDSECRETBYTES]; + libcrux_ml_kem_mlkem768_decapsulate(&kp.sk, &cipher_and_shared_secret.fst, sharedSecret2); + + EXPECT_EQ(0, memcmp(cipher_and_shared_secret.snd, sharedSecret2, KYBER768_SHAREDSECRETBYTES)); +} + From 8f297dfab2b84a3e4fb7ef3f7a91698a540a24b0 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 30 May 2024 15:16:49 -0700 Subject: [PATCH 81/94] wip bundling --- libcrux-ml-kem/c.yaml | 29 +- libcrux-ml-kem/c/CMakeLists.txt | 2 + libcrux-ml-kem/c/benches/sha3.cc | 1 + libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 4 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 102 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 55 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 108 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 61 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 102 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 55 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 421 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 241 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9734 ----------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_sha3.h | 26 - libcrux-ml-kem/c/libcrux_platform.h | 4 +- libcrux-ml-kem/c/libcrux_polynomial.c | 4 +- libcrux-ml-kem/c/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.c | 1298 +-- libcrux-ml-kem/c/libcrux_sha3.h | 764 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 138 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 101 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- 29 files changed, 754 insertions(+), 12532 deletions(-) delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_sha3.h diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 57fa11e57..9cae0a0e2 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -44,13 +44,6 @@ files: include_in_h: - '"intrinsics/libcrux_intrinsics_avx2.h"' - # Common parts of SHA3 (this catches stuff that hasn't matched above) - - name: libcrux_sha3 - api: - - [libcrux_sha3, "*"] - include_in_c: - - '"libcrux_core.h"' - - name: libcrux_mlkem_neon api: - [libcrux_ml_kem, vector, neon, "*"] @@ -79,6 +72,15 @@ files: - [libcrux_ml_kem, hash_functions, avx2, "*"] - [libcrux_sha3, avx2, "*"] + # Common parts of SHA3 (this catches stuff that hasn't matched above) + - name: libcrux_sha3 + api: + - [libcrux_sha3, "*"] + private: + - [libcrux_ml_kem, hash_functions, "*"] + include_in_c: + - '"libcrux_core.h"' + - name: libcrux_core monomorphizations_of: - [ core, "*"] @@ -122,19 +124,6 @@ files: api: - [libcrux_ml_kem, hash_functions, avx2, "*"] - - name: libcrux_mlkem_sha3 - api: - - [libcrux_ml_kem, hash_functions, "*"] - - - name: libcrux_platform - api: - - [libcrux_platform, "*"] - - # I think this is not doing anything - - name: libcrux_mlkem_eurydice - api: - - [libcrux_ml_kem, eurydice_types, "*"] - - name: libcrux_mlkem512 api: - [libcrux_ml_kem, mlkem512] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 06f26b4bd..d090524f5 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -32,6 +32,8 @@ file(GLOB SOURCES_vec256 ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c ) +# set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE) + if(${CMAKE_SYSTEM_NAME} MATCHES Linux) add_compile_options( -fPIC diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 68de31f29..1902dea18 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -9,6 +9,7 @@ #include #include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 9aa756e5f..8b84914a7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index a602ad3b3..56594814d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __internal_libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 963e10927..254e3a321 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index b30f7d486..c8f3a70ba 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __internal_libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8081db044..86b0159ff 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index da93dfbea..039867223 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index a215e6880..c7aebcdc1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "libcrux_mlkem1024.h" @@ -288,11 +288,7 @@ decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11si memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = { 0U }; libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, @@ -303,11 +299,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, @@ -405,10 +397,11 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) +typedef struct PortableHash____4size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } +PortableHash____4size_t; + +static inline PortableHash____4size_t shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; KRML_MAYBE_FOR4(i, @@ -428,18 +421,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ memcpy(uu____1, state, (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; + PortableHash____4size_t lit; memcpy(lit.shake128_state, uu____1, (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -) +static inline void +shake128_squeeze_three_blocks___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = { { 0U } }; KRML_MAYBE_FOR4(i, @@ -519,11 +509,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4siz return done; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -) +static inline void +shake128_squeeze_block___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = { { 0U } }; KRML_MAYBE_FOR4(i, @@ -627,12 +614,9 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi int16_t out[4U][272U] = { { 0U } }; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); + PortableHash____4size_t xof_state = shake128_init_absorb___4size_t(uu____0); uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); bool @@ -647,8 +631,7 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi break; } uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, - randomness); + shake128_squeeze_block___4size_t(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); done = @@ -756,11 +739,7 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = { { 0U } }; KRML_MAYBE_FOR4(i, @@ -805,8 +784,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, @@ -877,8 +855,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, @@ -909,11 +886,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has return lit; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) +static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, @@ -1224,7 +1197,7 @@ encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), @@ -1332,11 +1305,7 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -1363,10 +1332,7 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), + PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; @@ -1442,11 +1408,7 @@ libcrux_ml_kem_mlkem1024_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, @@ -1478,7 +1440,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, + H___4size_t(Eurydice_array_to_slice((size_t)1568U, libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), uint8_t, Eurydice_slice), @@ -1488,11 +1450,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -1761,8 +1719,7 @@ generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_funct ) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, - hashed); + G___4size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -1904,8 +1861,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, - ret0); + H___4size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice(uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c415e78a8..edf3db49e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_mlkem1024_H @@ -52,51 +52,6 @@ extern "C" { #define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - void libcrux_ml_kem_mlkem1024_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, @@ -104,12 +59,6 @@ libcrux_ml_kem_mlkem1024_decapsulate( uint8_t ret[32U] ); -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index c3d3686c9..7f71d87c2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "libcrux_mlkem512.h" @@ -229,11 +229,7 @@ decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = { 0U }; libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, @@ -244,11 +240,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, @@ -346,10 +338,11 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) +typedef struct PortableHash____2size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } +PortableHash____2size_t; + +static inline PortableHash____2size_t shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; KRML_MAYBE_FOR2(i, @@ -369,18 +362,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ memcpy(uu____1, state, (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; + PortableHash____2size_t lit; memcpy(lit.shake128_state, uu____1, (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -) +static inline void +shake128_squeeze_three_blocks___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = { { 0U } }; KRML_MAYBE_FOR2(i, @@ -460,11 +450,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2siz return done; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -) +static inline void +shake128_squeeze_block___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = { { 0U } }; KRML_MAYBE_FOR2(i, @@ -568,12 +555,9 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi int16_t out[2U][272U] = { { 0U } }; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); + PortableHash____2size_t xof_state = shake128_init_absorb___2size_t(uu____0); uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); bool @@ -588,8 +572,7 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi break; } uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, - randomness); + shake128_squeeze_block___2size_t(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); done = @@ -697,11 +680,7 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = { { 0U } }; KRML_MAYBE_FOR2(i, @@ -757,8 +736,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, @@ -799,11 +777,7 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = { { 0U } }; KRML_MAYBE_FOR2(i, @@ -848,8 +822,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, @@ -880,11 +853,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has return lit; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) +static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, @@ -1100,7 +1069,7 @@ encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), @@ -1208,11 +1177,7 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -1239,10 +1204,7 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), + PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; @@ -1318,11 +1280,7 @@ libcrux_ml_kem_mlkem512_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, @@ -1354,7 +1312,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, + H___2size_t(Eurydice_array_to_slice((size_t)800U, libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), uint8_t, Eurydice_slice), @@ -1364,11 +1322,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -1637,8 +1591,7 @@ generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_funct ) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, - hashed); + G___2size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -1780,8 +1733,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, - ret0); + H___2size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice(uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 47a8fbb68..70de4394d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_mlkem512_H @@ -52,57 +52,6 @@ extern "C" { #define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - void libcrux_ml_kem_mlkem512_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, @@ -110,12 +59,6 @@ libcrux_ml_kem_mlkem512_decapsulate( uint8_t ret[32U] ); -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 5b4641ee3..f3b18f2e7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "internal/libcrux_mlkem768.h" @@ -772,11 +772,7 @@ decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10siz memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = { 0U }; libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, @@ -787,11 +783,7 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, @@ -928,10 +920,11 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) +typedef struct PortableHash____3size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } +PortableHash____3size_t; + +static inline PortableHash____3size_t shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; KRML_MAYBE_FOR3(i, @@ -951,18 +944,15 @@ libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K_ memcpy(uu____1, state, (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; + PortableHash____3size_t lit; memcpy(lit.shake128_state, uu____1, (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -) +static inline void +shake128_squeeze_three_blocks___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = { { 0U } }; KRML_MAYBE_FOR3(i, @@ -1042,11 +1032,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3siz return done; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -) +static inline void +shake128_squeeze_block___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = { { 0U } }; KRML_MAYBE_FOR3(i, @@ -1150,12 +1137,9 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi int16_t out[3U][272U] = { { 0U } }; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); + PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); bool @@ -1170,8 +1154,7 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi break; } uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, - randomness); + shake128_squeeze_block___3size_t(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); done = @@ -1279,11 +1262,7 @@ closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = { { 0U } }; KRML_MAYBE_FOR3(i, @@ -1517,8 +1496,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, @@ -1589,8 +1567,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, @@ -1621,11 +1598,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_has return lit; } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) +static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, @@ -2036,7 +2009,7 @@ encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), @@ -2144,11 +2117,7 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -2175,10 +2144,7 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), + PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; @@ -2254,11 +2220,7 @@ libcrux_ml_kem_mlkem768_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, @@ -2290,7 +2252,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, + H___3size_t(Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), uint8_t, Eurydice_slice), @@ -2300,11 +2262,7 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -2610,8 +2568,7 @@ generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_funct ) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, - hashed); + G___3size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -2753,8 +2710,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, - ret0); + H___3size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice(uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index a69080f07..53ebb47e2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_mlkem768_H @@ -52,51 +52,6 @@ extern "C" { #define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - void libcrux_ml_kem_mlkem768_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, @@ -104,12 +59,6 @@ libcrux_ml_kem_mlkem768_decapsulate( uint8_t ret[32U] ); -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 378f68729..83b2dbbcc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "internal/libcrux_mlkem_avx2.h" @@ -2423,10 +2423,8 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800s )); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +shift_right___15int32_t(core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, @@ -2434,12 +2432,9 @@ libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i shift_right___15int32_t0(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); + return shift_right___15int32_t(vector); } static core_core_arch_x86___m256i @@ -2447,9 +2442,7 @@ to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( core_core_arch_x86___m256i a ) { - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); + core_core_arch_x86___m256i t = shift_right___15int32_t0(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, @@ -2629,11 +2622,7 @@ libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_S bool); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = { 0U }; libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, @@ -2674,10 +2663,8 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ )); } -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); @@ -2696,8 +2683,8 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for return state; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( +static inline void +shake128_squeeze_three_blocks___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[2U][504U] ) @@ -2804,8 +2791,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( +static inline void +shake128_squeeze_block___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[2U][168U] ) @@ -2963,11 +2950,9 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); + xof_state = shake128_init_absorb___2size_t(uu____0); uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); bool @@ -2982,8 +2967,7 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu break; } uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, - randomness); + shake128_squeeze_block___2size_t(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); done = @@ -3102,11 +3086,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = { { 0U } }; uint8_t dummy_out0[192U] = { 0U }; @@ -3509,8 +3489,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, @@ -3712,8 +3691,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f ) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, - hashed); + G___2size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -3803,11 +3781,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f return lit; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, @@ -3878,8 +3852,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, - ret0); + H___2size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice(uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, @@ -4006,11 +3979,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = { { 0U } }; uint8_t dummy_out0[128U] = { 0U }; @@ -4100,8 +4069,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, @@ -4136,11 +4104,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem return lit; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) +static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, @@ -4482,10 +4446,8 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( return result; } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = @@ -4558,12 +4520,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i compress___10int32_t(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); + return compress_ciphertext_coefficient___10int32_t(vector); } static inline void @@ -4578,7 +4537,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, bytes); @@ -4603,10 +4562,8 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = @@ -4679,12 +4636,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i compress___11int32_t(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); + return compress_ciphertext_coefficient___11int32_t(vector); } static inline void @@ -4699,7 +4653,7 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, bytes); @@ -4780,10 +4734,8 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640s } } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = @@ -4856,12 +4808,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i compress___4int32_t(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); + return compress_ciphertext_coefficient___4int32_t(vector); } static inline void @@ -4875,7 +4824,7 @@ compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, bytes); @@ -4898,10 +4847,8 @@ compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( } } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = @@ -4974,12 +4921,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i compress___5int32_t(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); + return compress_ciphertext_coefficient___5int32_t(vector); } static inline void @@ -4993,7 +4937,7 @@ compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, bytes); @@ -5086,7 +5030,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), @@ -5164,7 +5108,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, + H___2size_t(Eurydice_array_to_slice((size_t)800U, libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), uint8_t, Eurydice_slice), @@ -5174,11 +5118,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -5230,10 +5170,8 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(voi return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = @@ -5304,13 +5242,10 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_ core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t0(core_core_arch_x86___m256i vector) { - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); + return decompress_ciphertext_coefficient___10int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5344,17 +5279,14 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); + uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = @@ -5425,13 +5357,10 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_ core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___11int32_t0(core_core_arch_x86___m256i vector) { - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); + return decompress_ciphertext_coefficient___11int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5465,8 +5394,7 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); + uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5559,10 +5487,8 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_ )); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = @@ -5633,13 +5559,10 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___4int32_t0(core_core_arch_x86___m256i vector) { - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); + return decompress_ciphertext_coefficient___4int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5673,17 +5596,14 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); + uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = @@ -5754,13 +5674,10 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t core_core_arch_x86___m256i); } -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___5int32_t0(core_core_arch_x86___m256i vector) { - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); + return decompress_ciphertext_coefficient___5int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5795,8 +5712,7 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); re.coefficients[i0] = uu____0; core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -6030,11 +5946,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10 memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, @@ -6099,11 +6011,7 @@ libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -6130,10 +6038,7 @@ libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), + PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; @@ -6352,11 +6257,7 @@ libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_S bool); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = { 0U }; libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, @@ -6397,10 +6298,8 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ )); } -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); @@ -6419,8 +6318,8 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for return state; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( +static inline void +shake128_squeeze_three_blocks___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[4U][504U] ) @@ -6548,8 +6447,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( +static inline void +shake128_squeeze_block___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[4U][168U] ) @@ -6703,11 +6602,9 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); + xof_state = shake128_init_absorb___4size_t(uu____0); uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); bool @@ -6722,8 +6619,7 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu break; } uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, - randomness); + shake128_squeeze_block___4size_t(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); done = @@ -6842,11 +6738,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = { { 0U } }; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ @@ -6945,8 +6837,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, @@ -7089,8 +6980,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f ) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, - hashed); + G___4size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -7180,11 +7070,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f return lit; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, @@ -7255,8 +7141,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, - ret0); + H___4size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice(uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, @@ -7412,8 +7297,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, @@ -7448,11 +7332,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem return lit; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) +static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, @@ -7594,7 +7474,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, bytes); @@ -7631,7 +7511,7 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, bytes); @@ -7782,7 +7662,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), @@ -7860,7 +7740,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, + H___4size_t(Eurydice_array_to_slice((size_t)1568U, libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), uint8_t, Eurydice_slice), @@ -7870,11 +7750,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -8143,11 +8019,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, @@ -8212,11 +8084,7 @@ libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -8243,10 +8111,7 @@ libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), + PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; @@ -8465,11 +8330,7 @@ libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_S bool); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = { 0U }; libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, @@ -8510,10 +8371,8 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ )); } -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); @@ -8532,8 +8391,8 @@ libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for return state; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( +static inline void +shake128_squeeze_three_blocks___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[3U][504U] ) @@ -8651,8 +8510,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( +static inline void +shake128_squeeze_block___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[3U][168U] ) @@ -8796,11 +8655,9 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); + xof_state = shake128_init_absorb___3size_t(uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); bool @@ -8815,8 +8672,7 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu break; } uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, - randomness); + shake128_squeeze_block___3size_t(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); done = @@ -8935,11 +8791,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = { { 0U } }; uint8_t dummy_out0[128U] = { 0U }; @@ -9028,8 +8880,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, @@ -9172,8 +9023,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f ) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, - hashed); + G___3size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -9263,11 +9113,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f return lit; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, @@ -9338,8 +9184,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, - ret0); + H___3size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice(uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, @@ -9495,8 +9340,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, @@ -9531,11 +9375,7 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem return lit; } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) +static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, @@ -9771,7 +9611,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), @@ -9849,7 +9689,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, + H___3size_t(Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), uint8_t, Eurydice_slice), @@ -9859,11 +9699,7 @@ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -10094,11 +9930,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_1 memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); } -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) +static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = { 0U }; libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, @@ -10163,11 +9995,7 @@ libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, @@ -10194,10 +10022,7 @@ libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Ve uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), + PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index ecf17daec..5f74e41b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_mlkem_avx2_H @@ -423,246 +423,9 @@ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD { core_core_arch_x86___m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_ml_kem_hash_functions_avx2_Simd256Hash; -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c deleted file mode 100644 index a39ab8e5d..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ /dev/null @@ -1,9734 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) -{ - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0) - } - ); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) -{ - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)) - } - ); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; - core_core_arch_arm_shared_neon_int16x8_t - c0 = - libcrux_intrinsics_arm64__vandq_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; - core_core_arch_arm_shared_neon_int16x8_t - c1 = - libcrux_intrinsics_arm64__vandq_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t - vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, - LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t - vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t - quotient = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, - vec0, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - sub = - libcrux_intrinsics_arm64__vmulq_n_s16(quotient, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); - v.high = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high -) -{ - core_core_arch_arm_shared_neon_int16x8_t - k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vmulq_n_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t - c = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - int16_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t - v_high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - v.low = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.low, - c); - v.high = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.high, - c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t - quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t - shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t - mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - shifted, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - shifted_to_positive = libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t - shifted_positive_in_range = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t - shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - shifted0, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - shifted_to_positive0 = libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t - shifted_positive_in_range0 = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); -} - -inline int16_t -libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits) -{ - int16_t uu____0; - switch (coefficient_bits) - { - case 4: - { - uu____0 = (int16_t)15; - break; - } - case 5: - { - uu____0 = (int16_t)31; - break; - } - case 10: - { - uu____0 = (int16_t)1023; - break; - } - case 11: - { - uu____0 = (int16_t)2047; - break; - } - default: - { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t - v_high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); - core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int32x4_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, zeta3, zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); - core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int64x2_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -) -{ - core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t - a1 = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t - b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); - core_core_arch_arm_shared_neon_int32x4_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return - libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step(a, - zeta1, - zeta2, - zeta3, - zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t - b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); - core_core_arch_arm_shared_neon_int64x2_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -) -{ - core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t - a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t - b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t - b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t - a1b1 = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, b1); - core_core_arch_arm_shared_neon_int16x4_t - uu____0 = libcrux_intrinsics_arm64__vget_low_s16(a1b1); - core_core_arch_arm_shared_neon_int32x4_t - a1b1_low = - libcrux_intrinsics_arm64__vmull_s16(uu____0, - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t - a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____2 = libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int16x8_t - fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____1, - uu____2, - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t - fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, - a0, - b0)); - core_core_arch_arm_shared_neon_int16x4_t uu____3 = libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int32x4_t - a0b1_low = - libcrux_intrinsics_arm64__vmull_s16(uu____3, - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t - a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____5 = libcrux_intrinsics_arm64__vget_low_s16(a1); - core_core_arch_arm_shared_neon_int16x8_t - snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____4, - uu____5, - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t - snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, - a1, - b0)); - core_core_arch_arm_shared_neon_int16x8_t - fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t - fst_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t - snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t - snd_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t - fst = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t - snd = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(low0, - high0)); - core_core_arch_arm_shared_neon_int16x8_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(low0, - high0)); - uint8_t - indexes[16U] = { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U }; - core_core_arch_arm_shared_neon_uint8x16_t - index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - indexes, - uint8_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), - index)); - core_core_arch_arm_shared_neon_int16x8_t - high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), - index)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low2, .high = high2 }); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return - libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply(lhs, - rhs, - zeta1, - zeta2, - zeta3, - zeta4); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[2U] -) -{ - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t - high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) -{ - core_core_arch_arm_shared_neon_int16x8_t - one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t - low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, - (size_t)0U, - uint8_t, - uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t - high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, - (size_t)1U, - uint8_t, - uint8_t)); - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, - (int16_t)-7 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t - high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vandq_s16(low, one); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vandq_s16(high, one) - } - ); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[8U] -) -{ - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, - (int16_t)12 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - lowt = - libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), - shift); - core_core_arch_arm_shared_neon_uint16x8_t - hight = - libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), - shift); - uint64_t - sum0 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t - sum1 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t - sum2 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t - sum3 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) -{ - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t [8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t input = core_num__u64_9__from_le_bytes(ret); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input & 15ULL); - low[1U] = (int16_t)(input >> 4U & 15ULL); - low[2U] = (int16_t)(input >> 8U & 15ULL); - low[3U] = (int16_t)(input >> 12U & 15ULL); - low[4U] = (int16_t)(input >> 16U & 15ULL); - low[5U] = (int16_t)(input >> 20U & 15ULL); - low[6U] = (int16_t)(input >> 24U & 15ULL); - low[7U] = (int16_t)(input >> 28U & 15ULL); - high[0U] = (int16_t)(input >> 32U & 15ULL); - high[1U] = (int16_t)(input >> 36U & 15ULL); - high[2U] = (int16_t)(input >> 40U & 15ULL); - high[3U] = (int16_t)(input >> 44U & 15ULL); - high[4U] = (int16_t)(input >> 48U & 15ULL); - high[5U] = (int16_t)(input >> 52U & 15ULL); - high[6U] = (int16_t)(input >> 56U & 15ULL); - high[7U] = (int16_t)(input >> 60U & 15ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t ret[16U] -) -{ - int16_t out[16U] = { 0U }; - libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, - out, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, - out, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[10U] -) -{ - uint8_t res[10U] = { 0U }; - int16_t out[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); - res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); - res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); - res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); - res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); - res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); - res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | out[(size_t)8U + (size_t)1U] << 5U); - res[6U] = - (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | out[(size_t)8U + (size_t)2U] << 2U) - | out[(size_t)8U + (size_t)3U] << 7U); - res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | out[(size_t)8U + (size_t)4U] << 4U); - res[8U] = - (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | out[(size_t)8U + (size_t)5U] << 1U) - | out[(size_t)8U + (size_t)6U] << 6U); - res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | out[(size_t)8U + (size_t)7U] << 3U); - memcpy(ret, res, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)8U, - input0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____1[8U]; - memcpy(uu____1, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); - uint8_t input1[8U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)8U, - input1, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(low64 & 31ULL); - low[1U] = (int16_t)(low64 >> 5U & 31ULL); - low[2U] = (int16_t)(low64 >> 10U & 31ULL); - low[3U] = (int16_t)(low64 >> 15U & 31ULL); - low[4U] = (int16_t)(low64 >> 20U & 31ULL); - low[5U] = (int16_t)(low64 >> 25U & 31ULL); - low[6U] = (int16_t)(low64 >> 30U & 31ULL); - low[7U] = (int16_t)(low64 >> 35U & 31ULL); - high[0U] = (int16_t)(high64 & 31ULL); - high[1U] = (int16_t)(high64 >> 5U & 31ULL); - high[2U] = (int16_t)(high64 >> 10U & 31ULL); - high[3U] = (int16_t)(high64 >> 15U & 31ULL); - high[4U] = (int16_t)(high64 >> 20U & 31ULL); - high[5U] = (int16_t)(high64 >> 25U & 31ULL); - high[6U] = (int16_t)(high64 >> 30U & 31ULL); - high[7U] = (int16_t)(high64 >> 35U & 31ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[20U] -) -{ - core_core_arch_arm_shared_neon_int32x4_t - low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - mixt = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, - low00, - low10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, - low0, - low1, - core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t - high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, - high00, - high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, - high0, - high1, - core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)13U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)15U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)15U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)29U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - uint8_t input1[8U] = { 0U }; - uint8_t input2[4U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[4U]; - memcpy(uu____5, input2, (size_t)4U * sizeof (uint8_t)); - uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input00 & 1023ULL); - low[1U] = (int16_t)(input00 >> 10U & 1023ULL); - low[2U] = (int16_t)(input00 >> 20U & 1023ULL); - low[3U] = (int16_t)(input00 >> 30U & 1023ULL); - low[4U] = (int16_t)(input00 >> 40U & 1023ULL); - low[5U] = (int16_t)(input00 >> 50U & 1023ULL); - low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); - low[7U] = (int16_t)(input10 >> 6U & 1023ULL); - high[0U] = (int16_t)(input10 >> 16U & 1023ULL); - high[1U] = (int16_t)(input10 >> 26U & 1023ULL); - high[2U] = (int16_t)(input10 >> 36U & 1023ULL); - high[3U] = (int16_t)(input10 >> 46U & 1023ULL); - high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); - high[5U] = (int16_t)(input20 >> 2U & 1023U); - high[6U] = (int16_t)(input20 >> 12U & 1023U); - high[7U] = (int16_t)(input20 >> 22U & 1023U); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[22U] -) -{ - int16_t input[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)input[0U]; - result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); - result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); - result[3U] = (uint8_t)(input[2U] >> 2U); - result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); - result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); - result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); - result[7U] = (uint8_t)(input[5U] >> 1U); - result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); - result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); - result[10U] = (uint8_t)(input[7U] >> 3U); - result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; - result[(size_t)11U + (size_t)1U] = - (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | input[(size_t)8U + (size_t)1U] << 3U); - result[(size_t)11U + (size_t)2U] = - (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | input[(size_t)8U + (size_t)2U] << 6U); - result[(size_t)11U + (size_t)3U] = (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); - result[(size_t)11U + (size_t)4U] = - (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | input[(size_t)8U + (size_t)3U] << 1U); - result[(size_t)11U + (size_t)5U] = - (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | input[(size_t)8U + (size_t)4U] << 4U); - result[(size_t)11U + (size_t)6U] = - (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | input[(size_t)8U + (size_t)5U] << 7U); - result[(size_t)11U + (size_t)7U] = (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); - result[(size_t)11U + (size_t)8U] = - (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | input[(size_t)8U + (size_t)6U] << 2U); - result[(size_t)11U + (size_t)9U] = - (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | input[(size_t)8U + (size_t)7U] << 5U); - result[(size_t)11U + (size_t)10U] = (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - uint8_t input1[8U] = { 0U }; - uint8_t input2[8U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)8U, - input2, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[8U]; - memcpy(uu____5, input2, (size_t)8U * sizeof (uint8_t)); - uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input00 & 2047ULL); - low[1U] = (int16_t)(input00 >> 11U & 2047ULL); - low[2U] = (int16_t)(input00 >> 22U & 2047ULL); - low[3U] = (int16_t)(input00 >> 33U & 2047ULL); - low[4U] = (int16_t)(input00 >> 44U & 2047ULL); - low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); - low[6U] = (int16_t)(input10 >> 2U & 2047ULL); - low[7U] = (int16_t)(input10 >> 13U & 2047ULL); - high[0U] = (int16_t)(input10 >> 24U & 2047ULL); - high[1U] = (int16_t)(input10 >> 35U & 2047ULL); - high[2U] = (int16_t)(input10 >> 46U & 2047ULL); - high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); - high[4U] = (int16_t)(input20 >> 4U & 2047ULL); - high[5U] = (int16_t)(input20 >> 15U & 2047ULL); - high[6U] = (int16_t)(input20 >> 26U & 2047ULL); - high[7U] = (int16_t)(input20 >> 37U & 2047ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[24U] -) -{ - core_core_arch_arm_shared_neon_int32x4_t - low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - mixt = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, - low00, - low10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, - low0, - low1, - core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t - high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, - high00, - high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, - high0, - high1, - core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)6U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)14U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)18U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)18U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)30U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) -{ - uint8_t indexes[16U] = { 0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U }; - core_core_arch_arm_shared_neon_uint8x16_t - index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - indexes, - uint8_t, - Eurydice_slice)); - int16_t - shifts[8U] = - { - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, - (int16_t)-4 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift_vec = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifts, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)16U, - input0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_arm_shared_neon_uint8x16_t - input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - input0, - uint8_t, - Eurydice_slice)); - uint8_t input1[16U] = { 0U }; - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)16U, - input1, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_arm_shared_neon_uint8x16_t - input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - input1, - uint8_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, - index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t - shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted0, - mask12)); - core_core_arch_arm_shared_neon_uint16x8_t - moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, - index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t - shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted1, - mask12)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low, .high = high }); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); -} - -inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self -) -{ - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - v.low = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - v.low, - core_core_arch_arm_shared_neon_int16x8_t); - v.high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - v.high, - core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t(v); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t(a); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fm = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = self->shake128_state; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____2[168U]; - memcpy(uu____2, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____2, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____3, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_slice a) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash - xof_state = - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1(uu____3[i]); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[2U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [192U], - Eurydice_slice), - (size_t)1U, - uint8_t [192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[192U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [192U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)192U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[192U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [192U], void *); - libcrux_sha3_neon_x2_shake256(uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)192U, ret1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); - return uu____0; -} - -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct -__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; -} -__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, - fer); -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(b, zeta_r); - b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(self->coefficients[j]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - a_minus_b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &b)); - b = - montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_minus_b, - zeta_r); - return - ( - (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - tmp = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - tmp0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t(v); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t(v); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t(v); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t(v); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficients = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out -) -{ - compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = self->shake128_state; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____5 = &self->shake128_state[1U]; - uint8_t ret2[504U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[504U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____5, - uu____6, - Eurydice_array_to_slice((size_t)504U, ret3, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - uint8_t out2[168U] = { 0U }; - uint8_t out3[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____7[168U]; - memcpy(uu____7, out3, (size_t)168U * sizeof (uint8_t)); - memcpy(out[3U], uu____7, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash - xof_state = - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1(uu____3[i]); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[4U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - uint8_t ret2[128U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); - Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[128U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____6, - uu____7, - uu____8, - Eurydice_array_to_slice((size_t)128U, ret3, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out -) -{ - compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - uint8_t extra[504U] = { 0U }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = self->shake128_state; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____4 = &self->shake128_state[1U]; - uint8_t ret2[504U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____4, - uu____5, - Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - uint8_t out2[168U] = { 0U }; - uint8_t out3[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash - xof_state = - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1(uu____3[i]); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[3U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - uint8_t extra[128U] = { 0U }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - uint8_t ret2[128U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index b5af37f3c..2568ae2b2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c/libcrux_mlkem_sha3.h deleted file mode 100644 index f458aac48..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_sha3.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem_sha3_H -#define __libcrux_mlkem_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 0237027dc..5668bc9af 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 4ce0ae5d7..ca8fea08f 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "internal/libcrux_polynomial.h" diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index 7a5c9a696..126a8f779 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index ffc1bf395..518bbec6d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "libcrux_core.h" @@ -55,7 +55,7 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +static inline uint64_t rotate_left___1int32_t_63int32_t(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } @@ -63,7 +63,7 @@ inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ui inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); + return uu____0 ^ rotate_left___1int32_t_63int32_t(b); } inline uint64_t @@ -170,10 +170,8 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); } -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +new__uint64_t_1size_t(void) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; lit.st[0U][0U] = @@ -229,11 +227,7 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__Tra return lit; } -inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) +static inline void load_block___72size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { @@ -263,521 +257,395 @@ libcrux_sha3_portable_keccak_load_block___72size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void load_block___72size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); + load_block___72size_t(uu____0, uu____1); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +static inline uint64_t rotate_left___36int32_t_28int32_t(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); + return rotate_left___36int32_t_28int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___36int32_t_28int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); + return _vxarq_u64___36int32_t_28int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +static inline uint64_t rotate_left___3int32_t_61int32_t(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); + return rotate_left___3int32_t_61int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___3int32_t_61int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); + return _vxarq_u64___3int32_t_61int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +static inline uint64_t rotate_left___41int32_t_23int32_t(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); + return rotate_left___41int32_t_23int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___41int32_t_23int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); + return _vxarq_u64___41int32_t_23int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +static inline uint64_t rotate_left___18int32_t_46int32_t(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); + return rotate_left___18int32_t_46int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___18int32_t_46int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); + return _vxarq_u64___18int32_t_46int32_t(a, b); } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); + return rotate_left___1int32_t_63int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___1int32_t_63int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); + return _vxarq_u64___1int32_t_63int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +static inline uint64_t rotate_left___44int32_t_20int32_t(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); + return rotate_left___44int32_t_20int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___44int32_t_20int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); + return _vxarq_u64___44int32_t_20int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +static inline uint64_t rotate_left___10int32_t_54int32_t(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); + return rotate_left___10int32_t_54int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___10int32_t_54int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); + return _vxarq_u64___10int32_t_54int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +static inline uint64_t rotate_left___45int32_t_19int32_t(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); + return rotate_left___45int32_t_19int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___45int32_t_19int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); + return _vxarq_u64___45int32_t_19int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +static inline uint64_t rotate_left___2int32_t_62int32_t(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); + return rotate_left___2int32_t_62int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___2int32_t_62int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); + return _vxarq_u64___2int32_t_62int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +static inline uint64_t rotate_left___62int32_t_2int32_t(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); + return rotate_left___62int32_t_2int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___62int32_t_2int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); + return _vxarq_u64___62int32_t_2int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +static inline uint64_t rotate_left___6int32_t_58int32_t(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); + return rotate_left___6int32_t_58int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___6int32_t_58int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); + return _vxarq_u64___6int32_t_58int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +static inline uint64_t rotate_left___43int32_t_21int32_t(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); + return rotate_left___43int32_t_21int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___43int32_t_21int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); + return _vxarq_u64___43int32_t_21int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +static inline uint64_t rotate_left___15int32_t_49int32_t(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); + return rotate_left___15int32_t_49int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___15int32_t_49int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); + return _vxarq_u64___15int32_t_49int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +static inline uint64_t rotate_left___61int32_t_3int32_t(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); + return rotate_left___61int32_t_3int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___61int32_t_3int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); + return _vxarq_u64___61int32_t_3int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +static inline uint64_t rotate_left___28int32_t_36int32_t(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); + return rotate_left___28int32_t_36int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___28int32_t_36int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); + return _vxarq_u64___28int32_t_36int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +static inline uint64_t rotate_left___55int32_t_9int32_t(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); + return rotate_left___55int32_t_9int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___55int32_t_9int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); + return _vxarq_u64___55int32_t_9int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +static inline uint64_t rotate_left___25int32_t_39int32_t(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); + return rotate_left___25int32_t_39int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___25int32_t_39int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); + return _vxarq_u64___25int32_t_39int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +static inline uint64_t rotate_left___21int32_t_43int32_t(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); + return rotate_left___21int32_t_43int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___21int32_t_43int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); + return _vxarq_u64___21int32_t_43int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +static inline uint64_t rotate_left___56int32_t_8int32_t(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); + return rotate_left___56int32_t_8int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___56int32_t_8int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); + return _vxarq_u64___56int32_t_8int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +static inline uint64_t rotate_left___27int32_t_37int32_t(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); + return rotate_left___27int32_t_37int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___27int32_t_37int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); + return _vxarq_u64___27int32_t_37int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +static inline uint64_t rotate_left___20int32_t_44int32_t(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); + return rotate_left___20int32_t_44int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___20int32_t_44int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); + return _vxarq_u64___20int32_t_44int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +static inline uint64_t rotate_left___39int32_t_25int32_t(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); + return rotate_left___39int32_t_25int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___39int32_t_25int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); + return _vxarq_u64___39int32_t_25int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +static inline uint64_t rotate_left___8int32_t_56int32_t(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); + return rotate_left___8int32_t_56int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___8int32_t_56int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); + return _vxarq_u64___8int32_t_56int32_t(a, b); } -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +static inline uint64_t rotate_left___14int32_t_50int32_t(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +static inline uint64_t _vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); + return rotate_left___14int32_t_50int32_t(ab); } -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) +static inline uint64_t xor_and_rotate___14int32_t_50int32_t(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); + return _vxarq_u64___14int32_t_50int32_t(a, b); } -inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) +static inline void +theta_rho__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t uu____0 = @@ -855,132 +723,58 @@ libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); + uint64_t uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); + uint64_t uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); + uint64_t uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); + uint64_t uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); + uint64_t uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); + uint64_t uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); + uint64_t uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); + uint64_t uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); + uint64_t uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); + uint64_t uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); + uint64_t uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); + uint64_t uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); + uint64_t uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); + uint64_t uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); + uint64_t uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); + uint64_t uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); + uint64_t uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); + uint64_t uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); + uint64_t uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); + uint64_t uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); + uint64_t uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); + uint64_t uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); + uint64_t uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); + uint64_t uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____32; } -inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) +static inline void +pi__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t old[5U][5U]; core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, @@ -1014,10 +808,8 @@ libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( s->st[4U][4U] = old[4U][1U]; } -inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) +static inline void +chi__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); @@ -1039,11 +831,8 @@ libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( s->st[i1][j] = uu____0;);); } -inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) +static inline void +iota__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { uint64_t uu____0 = @@ -1052,23 +841,21 @@ libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( s->st[0U][0U] = uu____0; } -inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) +static inline void +keccakf1600__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + theta_rho__uint64_t_1size_t(s); + pi__uint64_t_1size_t(s); + chi__uint64_t_1size_t(s); + iota__uint64_t_1size_t(s, i0); } } -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( +static inline void +absorb_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -1076,37 +863,28 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block___72size_t0(uu____0, uu____1); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) +static inline void load_block_full___72size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); + load_block___72size_t(uu____0, buf); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) +static inline void load_block_full___72size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); + load_block_full___72size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( +static inline void +absorb_final__uint64_t_1size_t_72size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1130,13 +908,11 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block_full___72size_t0(uu____1, uu____2); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +static inline void store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { @@ -1162,42 +938,33 @@ libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_ } } -inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___72size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + store_block___72size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___72size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + store_block_full___72size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( +static inline void +squeeze_first_and_last__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); + store_block_full___72size_t0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1217,46 +984,39 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void store_block___72size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); + store_block___72size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( +static inline void +squeeze_first_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); + store_block___72size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( +static inline void +squeeze_next_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); + keccakf1600__uint64_t_1size_t(s); + store_block___72size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( +static inline void +squeeze_last__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); + store_block_full___72size_t0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1276,15 +1036,10 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( } } -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccak__uint64_t_1size_t_72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -1301,7 +1056,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -1312,13 +1067,13 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); } else { @@ -1330,7 +1085,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1360,40 +1115,33 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + squeeze_last__uint64_t_1size_t_72size_t(s, o1); } } } -inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccakx1___72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); + keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); } void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); + keccakx1___72size_t_6uint8_t(buf0, buf); } -inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) +static inline void load_block___136size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { @@ -1423,20 +1171,16 @@ libcrux_sha3_portable_keccak_load_block___136size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void load_block___136size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); + load_block___136size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( +static inline void +absorb_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -1444,37 +1188,28 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) +static inline void load_block_full___136size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); + load_block___136size_t(uu____0, buf); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) +static inline void load_block_full___136size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); + load_block_full___136size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( +static inline void +absorb_final__uint64_t_1size_t_136size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1498,13 +1233,11 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +static inline void store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { @@ -1530,42 +1263,33 @@ libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice } } -inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___136size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + store_block___136size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___136size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + store_block_full___136size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( +static inline void +squeeze_first_and_last__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); + store_block_full___136size_t0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1585,46 +1309,39 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void store_block___136size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); + store_block___136size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( +static inline void +squeeze_first_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); + store_block___136size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( +static inline void +squeeze_next_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); + keccakf1600__uint64_t_1size_t(s); + store_block___136size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( +static inline void +squeeze_last__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); + store_block_full___136size_t0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1644,15 +1361,10 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( } } -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccak__uint64_t_1size_t_136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -1669,7 +1381,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -1680,13 +1392,13 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); } else { @@ -1698,7 +1410,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1728,37 +1440,34 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + squeeze_last__uint64_t_1size_t_136size_t(s, o1); } } } -inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccakx1___136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); + keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); } void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); + keccakx1___136size_t_6uint8_t(buf0, buf); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( +static inline void +absorb_final__uint64_t_1size_t_136size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1782,20 +1491,14 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccak__uint64_t_1size_t_136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -1812,7 +1515,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -1823,13 +1526,13 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); } else { @@ -1841,7 +1544,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1871,47 +1574,39 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + squeeze_last__uint64_t_1size_t_136size_t(s, o1); } } } -inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccakx1___136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); + keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); } void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); + keccakx1___136size_t_31uint8_t(buf0, buf); } libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable_incremental_shake128_init(void) { - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + return new__uint64_t_1size_t(); } -inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) +static inline void load_block___168size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { @@ -1941,32 +1636,24 @@ libcrux_sha3_portable_keccak_load_block___168size_t( } } -inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) +static inline void load_block_full___168size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); + load_block___168size_t(uu____0, buf); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) +static inline void load_block_full___168size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); + load_block_full___168size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( +static inline void +absorb_final__uint64_t_1size_t_168size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1990,9 +1677,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__uint64_t_1size_t(s); } void @@ -2002,11 +1688,10 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( ) { Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); + absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); } -inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +static inline void store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { @@ -2032,24 +1717,19 @@ libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void store_block___168size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); + store_block___168size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( +static inline void +squeeze_next_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); + keccakf1600__uint64_t_1size_t(s); + store_block___168size_t0(s->st, out); } void @@ -2059,21 +1739,20 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( ) { Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); + squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( +static inline void +squeeze_first_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); + store_block___168size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( +static inline void +squeeze_first_three_blocks__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) @@ -2086,7 +1765,7 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, @@ -2095,8 +1774,8 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); + squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); } void @@ -2106,7 +1785,7 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( ) { Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); + squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); } size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) @@ -2143,11 +1822,7 @@ size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) return uu____0; } -inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) +static inline void load_block___144size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { @@ -2177,20 +1852,16 @@ libcrux_sha3_portable_keccak_load_block___144size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void load_block___144size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); + load_block___144size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( +static inline void +absorb_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -2198,37 +1869,28 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block___144size_t0(uu____0, uu____1); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) +static inline void load_block_full___144size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); + load_block___144size_t(uu____0, buf); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) +static inline void load_block_full___144size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); + load_block_full___144size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( +static inline void +absorb_final__uint64_t_1size_t_144size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -2252,13 +1914,11 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block_full___144size_t0(uu____1, uu____2); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +static inline void store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { @@ -2284,42 +1944,33 @@ libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice } } -inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___144size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + store_block___144size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___144size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + store_block_full___144size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( +static inline void +squeeze_first_and_last__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); + store_block_full___144size_t0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2339,46 +1990,39 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void store_block___144size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); + store_block___144size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( +static inline void +squeeze_first_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); + store_block___144size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( +static inline void +squeeze_next_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); + keccakf1600__uint64_t_1size_t(s); + store_block___144size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( +static inline void +squeeze_last__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); + store_block_full___144size_t0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2398,15 +2042,10 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( } } -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccak__uint64_t_1size_t_144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -2423,7 +2062,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -2434,13 +2073,13 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); } else { @@ -2452,7 +2091,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -2482,40 +2121,33 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + squeeze_last__uint64_t_1size_t_144size_t(s, o1); } } } -inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccakx1___144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); + keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); } inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); + keccakx1___144size_t_6uint8_t(buf0, buf); } -inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) +static inline void load_block___104size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { @@ -2545,20 +2177,16 @@ libcrux_sha3_portable_keccak_load_block___104size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void load_block___104size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); + load_block___104size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( +static inline void +absorb_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -2566,37 +2194,28 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block___104size_t0(uu____0, uu____1); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) +static inline void load_block_full___104size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); + load_block___104size_t(uu____0, buf); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) +static inline void load_block_full___104size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); + load_block_full___104size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( +static inline void +absorb_final__uint64_t_1size_t_104size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -2620,13 +2239,11 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block_full___104size_t0(uu____1, uu____2); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +static inline void store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { @@ -2652,42 +2269,33 @@ libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice } } -inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___104size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + store_block___104size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___104size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + store_block_full___104size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( +static inline void +squeeze_first_and_last__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); + store_block_full___104size_t0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2707,46 +2315,39 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( } } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void store_block___104size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); + store_block___104size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( +static inline void +squeeze_first_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); + store_block___104size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( +static inline void +squeeze_next_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); + keccakf1600__uint64_t_1size_t(s); + store_block___104size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( +static inline void +squeeze_last__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); + store_block_full___104size_t0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2766,15 +2367,10 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( } } -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccak__uint64_t_1size_t_104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -2791,7 +2387,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -2802,13 +2398,13 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); } else { @@ -2820,7 +2416,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -2850,33 +2446,30 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + squeeze_last__uint64_t_1size_t_104size_t(s, o1); } } } -inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccakx1___104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); + keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); } inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); + keccakx1___104size_t_6uint8_t(buf0, buf); } inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) @@ -2931,20 +2524,16 @@ inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) +static inline void load_block___168size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); + load_block___168size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( +static inline void +absorb_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -2952,47 +2541,37 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + load_block___168size_t0(uu____0, uu____1); + keccakf1600__uint64_t_1size_t(s); } -inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___168size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + store_block___168size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) +static inline void store_block_full___168size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + store_block_full___168size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( +static inline void +squeeze_first_and_last__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); + store_block_full___168size_t0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3012,16 +2591,15 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( } } -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( +static inline void +squeeze_last__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); + store_block_full___168size_t0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3041,15 +2619,10 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( } } -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccak__uint64_t_1size_t_168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -3066,7 +2639,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -3077,13 +2650,13 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); } else { @@ -3095,7 +2668,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -3125,33 +2698,30 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + squeeze_last__uint64_t_1size_t_168size_t(s, o1); } } } -inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) +static inline void +keccakx1___168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); + keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); } inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); + keccakx1___168size_t_31uint8_t(buf0, buf); } const diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index c33617199..0b6c8ceb8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_sha3_H @@ -38,8 +38,6 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 uint64_t e ); -uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); - uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); uint64_t @@ -100,483 +98,10 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -); - -void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t @@ -585,69 +110,18 @@ libcrux_sha3_portable_KeccakState1; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable_incremental_shake128_init(void); -void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice data0 ); -void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out0 ); -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, @@ -663,194 +137,8 @@ typedef uint8_t libcrux_sha3_Algorithm; size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); -void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); @@ -869,54 +157,6 @@ void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); extern const size_t libcrux_sha3_generic_keccak__PI[24U]; diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 2e3bf6588..6debe90bf 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "libcrux_sha3_avx2.h" @@ -206,10 +206,8 @@ split_at_mut_n(Eurydice_slice a[4U], size_t mid) return split_at_mut_4(a, mid); } -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -) +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +new__core_core_arch_x86___m256i_4size_t(void) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; lit.st[0U][0U] = zero(); @@ -1109,8 +1107,8 @@ xor_and_rotate___14int32_t_50int32_t( return _vxarq_u64___14int32_t_50int32_t(a, b); } -inline void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( +static inline void +theta_rho__core_core_arch_x86___m256i_4size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s ) { @@ -1231,8 +1229,8 @@ libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( s->st[4U][4U] = uu____32; } -inline void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( +static inline void +pi__core_core_arch_x86___m256i_4size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s ) { @@ -1268,8 +1266,8 @@ libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( s->st[4U][4U] = old[4U][1U]; } -inline void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( +static inline void +chi__core_core_arch_x86___m256i_4size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s ) { @@ -1293,8 +1291,8 @@ libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( s->st[i1][j] = uu____0;);); } -inline void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( +static inline void +iota__core_core_arch_x86___m256i_4size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, size_t i ) @@ -1304,23 +1302,23 @@ libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( s->st[0U][0U] = uu____0; } -inline void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( +static inline void +keccakf1600__core_core_arch_x86___m256i_4size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s ) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); + theta_rho__core_core_arch_x86___m256i_4size_t(s); + pi__core_core_arch_x86___m256i_4size_t(s); + chi__core_core_arch_x86___m256i_4size_t(s); + iota__core_core_arch_x86___m256i_4size_t(s, i0); } } -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( +static inline void +absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice blocks[4U] ) @@ -1329,7 +1327,7 @@ libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136 Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); load_block___136size_t0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); } static inline void @@ -1365,8 +1363,8 @@ load_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][ load_block_full___136size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( +static inline void +absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice last[4U] ) @@ -1393,7 +1391,7 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136 uint8_t uu____2[4U][200U]; memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); load_block_full___136size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); } static inline void @@ -1665,8 +1663,8 @@ store_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4 memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( +static inline void +squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) @@ -1700,8 +1698,8 @@ store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4 store_block___136size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) @@ -1709,23 +1707,23 @@ libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4siz store_block___136size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) { - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); store_block___136size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( +static inline void +squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, Eurydice_slice out[4U] ) { - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + keccakf1600__core_core_arch_x86___m256i_4size_t(&s); uint8_t b[4U][200U]; store_block_full___136size_t0(s.st, b); KRML_MAYBE_FOR4(i, @@ -1749,15 +1747,14 @@ libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136 void *);); } -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( +static inline void +keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( Eurydice_slice data[4U], Eurydice_slice out[4U] ) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); + s = new__core_core_arch_x86___m256i_4size_t(); for (size_t i = (size_t)0U; @@ -1771,8 +1768,7 @@ libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); Eurydice_slice ret[4U]; slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, - ret); + absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; @@ -1780,15 +1776,13 @@ libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); Eurydice_slice ret[4U]; slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); + absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); + squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, out); } else { @@ -1798,8 +1792,7 @@ libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o0); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1827,14 +1820,13 @@ libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); } } } @@ -1853,15 +1845,13 @@ libcrux_sha3_avx2_x4_shake256( { Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, - buf); + keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); } libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); + return new__core_core_arch_x86___m256i_4size_t(); } static inline void @@ -2170,8 +2160,8 @@ load_block_full___168size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][ load_block_full___168size_t(uu____0, uu____1); } -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( +static inline void +absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice last[4U] ) @@ -2198,7 +2188,7 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168 uint8_t uu____2[4U][200U]; memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); load_block_full___168size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); } void @@ -2211,8 +2201,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( ) { Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, - buf); + absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, buf); } static inline void @@ -2445,13 +2434,13 @@ store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4 store_block___168size_t(a, b); } -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) { - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); store_block___168size_t0(s->st, out); } @@ -2465,12 +2454,11 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( ) { Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) @@ -2478,8 +2466,8 @@ libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4siz store_block___168size_t0(s->st, out); } -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( +static inline void +squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) @@ -2490,18 +2478,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m25 memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o0); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = split_at_mut_n(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o1); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o2); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); } void @@ -2514,7 +2499,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( ) { Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); + squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 593485d1b..3572afcb8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_sha3_avx2_H @@ -22,79 +22,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m25 { core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -); - -void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -); - void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, @@ -113,12 +40,6 @@ libcrux_sha3_avx2_x4_incremental_KeccakState4; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, @@ -128,12 +49,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( Eurydice_slice data3 ); -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, @@ -143,18 +58,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( Eurydice_slice out3 ); -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e59cda99e..187b96ca1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index e87dedbca..4e9d840c8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 04cb86b9 + KaRaMeL version: 38d348ce */ #ifndef __libcrux_sha3_neon_H From 5bc3ad6bc4379149e393fcadd11f960443cfabcf Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 30 May 2024 17:32:59 -0700 Subject: [PATCH 82/94] Regenerated C code with fresh config --- libcrux-ml-kem/c.yaml | 137 +- libcrux-ml-kem/c/benches/sha3.cc | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 1 + libcrux-ml-kem/c/internal/libcrux_sha3.h | 53 + libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 41 + libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 5 + libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 5 - libcrux-ml-kem/c/libcrux_mlkem_neon.h | 27 - libcrux-ml-kem/c/libcrux_sha3.c | 1294 +++++++++++------ libcrux-ml-kem/c/libcrux_sha3.h | 760 ++++++++++ libcrux-ml-kem/c/libcrux_sha3_avx2.c | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 3 - 12 files changed, 1808 insertions(+), 536 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 9cae0a0e2..5a922be04 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -21,26 +21,39 @@ files: api: - [libcrux_sha3, neon, "*"] private: - - [libcrux_sha3, simd, arm64, "*"] - monomorphizations_of: - - [libcrux_sha3, neon, "*"] - - [libcrux_sha3, simd, arm64, "*"] - monomorphizations_using: - - [libcrux_sha3, neon, "*"] - - [libcrux_sha3, simd, arm64, "*"] + # When patterns is the only key of private, it is optional, and one may + # just specify a list of patterns that are understood to match patterns + # (not monomorphizations) + patterns: + - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_of: + - [libcrux_sha3, neon, "*"] + - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_using: + - [libcrux_sha3, neon, "*"] + - [libcrux_sha3, simd, arm64, "*"] include_in_h: - '"intrinsics/libcrux_intrinsics_arm64.h"' - name: libcrux_sha3_avx2 api: - [libcrux_sha3, avx2, "*"] + # This is needed solely for the benchmarking test -- otherwise these would + # all be private. + internal: + exact: + - [libcrux_sha3, avx2, x4, incremental, KeccakState4] + monomorphizations_exact: + - [libcrux_sha3, generic_keccak, absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t ] private: - - [libcrux_sha3, simd, avx2, "*"] - monomorphizations_of: - - [libcrux_sha3, avx2, "*"] - - [libcrux_sha3, simd, avx2, "*"] - monomorphizations_using: - - [libcrux_sha3, simd, avx2, "*"] + patterns: + - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_of: + - [libcrux_sha3, avx2, "*"] + - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_using: + - [libcrux_sha3, simd, avx2, "*"] include_in_h: - '"intrinsics/libcrux_intrinsics_avx2.h"' @@ -49,28 +62,27 @@ files: - [libcrux_ml_kem, vector, neon, "*"] - [libcrux_ml_kem, hash_functions, neon, "*"] - [libcrux_sha3, neon, "*"] - monomorphizations_using: - - [libcrux_ml_kem, vector, neon, "*"] - - [libcrux_ml_kem, hash_functions, neon, "*"] - - [libcrux_sha3, neon, "*"] - monomorphizations_of: - - [libcrux_ml_kem, vector, neon, "*"] - - [libcrux_ml_kem, hash_functions, neon, "*"] - - [libcrux_sha3, neon, "*"] + private: + monomorphizations_using: + - [libcrux_ml_kem, vector, neon, "*"] + - [libcrux_ml_kem, hash_functions, neon, "*"] + - [libcrux_sha3, neon, "*"] + monomorphizations_of: + - [libcrux_ml_kem, vector, neon, "*"] + - [libcrux_ml_kem, hash_functions, neon, "*"] + - [libcrux_sha3, neon, "*"] - name: libcrux_mlkem_avx2 api: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_sha3, avx2, "*"] - monomorphizations_using: - - [libcrux_ml_kem, vector, avx2, "*"] - - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_sha3, avx2, "*"] - monomorphizations_of: - - [libcrux_ml_kem, vector, avx2, "*"] - - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_sha3, avx2, "*"] + private: + monomorphizations_using: + - [libcrux_ml_kem, vector, avx2, "*"] + - [libcrux_ml_kem, hash_functions, avx2, "*"] + monomorphizations_of: + - [libcrux_ml_kem, vector, avx2, "*"] + - [libcrux_ml_kem, hash_functions, avx2, "*"] # Common parts of SHA3 (this catches stuff that hasn't matched above) - name: libcrux_sha3 @@ -82,45 +94,48 @@ files: - '"libcrux_core.h"' - name: libcrux_core - monomorphizations_of: - - [ core, "*"] - - [ libcrux_ml_kem, types, "*"] - - [ libcrux_ml_kem, constant_time_ops, "*"] - monomorphizations_using: - - [ Eurydice, "*" ] - - [ libcrux_ml_kem, types, "*"] - monomorphizations_exact: - - [ K, "__uint8_t[1536size_t]_uint8_t[1568size_t]" ] - - [ K, "__uint8_t[1152size_t]_uint8_t[1184size_t]" ] - - [ K, "__uint8_t[768size_t]_uint8_t[800size_t]" ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___33size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___34size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___64size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___800size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___1120size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___1600size_t ] private: - - [ core, "*"] - - [ libcrux_ml_kem, types ] - - [ libcrux_ml_kem, constants ] - - [ libcrux_ml_kem, constant_time_ops, "*"] + monomorphizations_of: + - [ core, "*"] + - [ libcrux_ml_kem, types, "*"] + - [ libcrux_ml_kem, constant_time_ops, "*"] + monomorphizations_using: + - [ Eurydice, "*" ] + - [ libcrux_ml_kem, types, "*"] + monomorphizations_exact: + - [ K, "__uint8_t[1536size_t]_uint8_t[1568size_t]" ] + - [ K, "__uint8_t[1152size_t]_uint8_t[1184size_t]" ] + - [ K, "__uint8_t[768size_t]_uint8_t[800size_t]" ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___33size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___34size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___64size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___800size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___1120size_t ] + - [ libcrux_ml_kem, ind_cpa, into_padded_array___1600size_t ] + patterns: + - [ core, "*"] + - [ libcrux_ml_kem, types ] + - [ libcrux_ml_kem, constants ] + - [ libcrux_ml_kem, constant_time_ops, "*"] api: - [Eurydice, "*"] - name: libcrux_polynomial private: - - [ libcrux_ml_kem, polynomial, "*" ] - - [ libcrux_ml_kem, vector, "*" ] - monomorphizations_of: - - [ libcrux_ml_kem, polynomial, "*" ] - - [ libcrux_ml_kem, vector, "*" ] - monomorphizations_using: - - [ libcrux_ml_kem, polynomial, "*" ] - - [ libcrux_ml_kem, vector, traits, "*" ] + patterns: + - [ libcrux_ml_kem, polynomial, "*" ] + - [ libcrux_ml_kem, vector, "*" ] + monomorphizations_of: + - [ libcrux_ml_kem, polynomial, "*" ] + - [ libcrux_ml_kem, vector, "*" ] + monomorphizations_using: + - [ libcrux_ml_kem, polynomial, "*" ] + - [ libcrux_ml_kem, vector, traits, "*" ] - name: libcrux_mlkem_sha3_avx2 - monomorphizations_using: - - [libcrux_ml_kem, hash_functions, avx2, "*"] + private: + monomorphizations_using: + - [libcrux_ml_kem, hash_functions, avx2, "*"] api: - [libcrux_ml_kem, hash_functions, avx2, "*"] diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 1902dea18..6866ec65f 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -8,8 +8,8 @@ #include -#include "libcrux_sha3_avx2.h" #include "internal/libcrux_sha3.h" +#include "internal/libcrux_sha3_avx2.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 254e3a321..821a7784c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -12,6 +12,7 @@ extern "C" { #endif +#include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_core.h" #include "../libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3.h b/libcrux-ml-kem/c/internal/libcrux_sha3.h new file mode 100644 index 000000000..81ca17a35 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_sha3.h @@ -0,0 +1,53 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 38d348ce + */ + +#ifndef __internal_libcrux_sha3_H +#define __internal_libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_core.h" +#include "../libcrux_sha3.h" +#include "eurydice_glue.h" + +extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; + +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); + +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void); + +void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +); + +void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h new file mode 100644 index 000000000..eafd022a6 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -0,0 +1,41 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: 58c915a8 + KaRaMeL version: 38d348ce + */ + +#ifndef __internal_libcrux_sha3_avx2_H +#define __internal_libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "intrinsics/libcrux_intrinsics_avx2.h" + +#include "internal/libcrux_core.h" +#include "../libcrux_sha3_avx2.h" +#include "eurydice_glue.h" + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice last[4U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, + Eurydice_slice out[4U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 83b2dbbcc..fc64d618c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,9 +7,12 @@ #include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_core.h" +typedef core_core_arch_x86___m256i SIMD256Vector; + inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); @@ -2663,6 +2666,8 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ )); } +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; + static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 5f74e41b4..3148b7dbc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -17,8 +17,6 @@ extern "C" { #include "libcrux_core.h" #include "eurydice_glue.h" -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); core_core_arch_x86___m256i @@ -423,9 +421,6 @@ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD { core_core_arch_x86___m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h deleted file mode 100644 index 2568ae2b2..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 38d348ce - */ - -#ifndef __libcrux_mlkem_neon_H -#define __libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3_neon.h" -#include "eurydice_glue.h" - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s -{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } -libcrux_ml_kem_hash_functions_neon_Simd128Hash; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index 518bbec6d..a31a6a18a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -55,7 +55,7 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); } -static inline uint64_t rotate_left___1int32_t_63int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } @@ -63,7 +63,7 @@ static inline uint64_t rotate_left___1int32_t_63int32_t(uint64_t x) inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ rotate_left___1int32_t_63int32_t(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); } inline uint64_t @@ -170,8 +170,10 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); } -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -new__uint64_t_1size_t(void) +inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; lit.st[0U][0U] = @@ -227,7 +229,11 @@ new__uint64_t_1size_t(void) return lit; } -static inline void load_block___72size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) +inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { @@ -257,395 +263,521 @@ static inline void load_block___72size_t(uint64_t (*s)[5U], Eurydice_slice block } } -static inline void load_block___72size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - load_block___72size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); } -static inline uint64_t rotate_left___36int32_t_28int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } -static inline uint64_t _vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___36int32_t_28int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); } -static inline uint64_t xor_and_rotate___36int32_t_28int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___36int32_t_28int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); } -static inline uint64_t rotate_left___3int32_t_61int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } -static inline uint64_t _vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___3int32_t_61int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); } -static inline uint64_t xor_and_rotate___3int32_t_61int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___3int32_t_61int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); } -static inline uint64_t rotate_left___41int32_t_23int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } -static inline uint64_t _vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___41int32_t_23int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); } -static inline uint64_t xor_and_rotate___41int32_t_23int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___41int32_t_23int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); } -static inline uint64_t rotate_left___18int32_t_46int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } -static inline uint64_t _vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___18int32_t_46int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); } -static inline uint64_t xor_and_rotate___18int32_t_46int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___18int32_t_46int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); } -static inline uint64_t _vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___1int32_t_63int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); } -static inline uint64_t xor_and_rotate___1int32_t_63int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___1int32_t_63int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); } -static inline uint64_t rotate_left___44int32_t_20int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } -static inline uint64_t _vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___44int32_t_20int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); } -static inline uint64_t xor_and_rotate___44int32_t_20int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___44int32_t_20int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); } -static inline uint64_t rotate_left___10int32_t_54int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } -static inline uint64_t _vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___10int32_t_54int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); } -static inline uint64_t xor_and_rotate___10int32_t_54int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___10int32_t_54int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); } -static inline uint64_t rotate_left___45int32_t_19int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } -static inline uint64_t _vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___45int32_t_19int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); } -static inline uint64_t xor_and_rotate___45int32_t_19int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___45int32_t_19int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); } -static inline uint64_t rotate_left___2int32_t_62int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } -static inline uint64_t _vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___2int32_t_62int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); } -static inline uint64_t xor_and_rotate___2int32_t_62int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___2int32_t_62int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); } -static inline uint64_t rotate_left___62int32_t_2int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } -static inline uint64_t _vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___62int32_t_2int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); } -static inline uint64_t xor_and_rotate___62int32_t_2int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___62int32_t_2int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); } -static inline uint64_t rotate_left___6int32_t_58int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } -static inline uint64_t _vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___6int32_t_58int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); } -static inline uint64_t xor_and_rotate___6int32_t_58int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___6int32_t_58int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); } -static inline uint64_t rotate_left___43int32_t_21int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } -static inline uint64_t _vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___43int32_t_21int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); } -static inline uint64_t xor_and_rotate___43int32_t_21int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___43int32_t_21int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); } -static inline uint64_t rotate_left___15int32_t_49int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } -static inline uint64_t _vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___15int32_t_49int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); } -static inline uint64_t xor_and_rotate___15int32_t_49int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___15int32_t_49int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); } -static inline uint64_t rotate_left___61int32_t_3int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } -static inline uint64_t _vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___61int32_t_3int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); } -static inline uint64_t xor_and_rotate___61int32_t_3int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___61int32_t_3int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); } -static inline uint64_t rotate_left___28int32_t_36int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } -static inline uint64_t _vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___28int32_t_36int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); } -static inline uint64_t xor_and_rotate___28int32_t_36int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___28int32_t_36int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); } -static inline uint64_t rotate_left___55int32_t_9int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } -static inline uint64_t _vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___55int32_t_9int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); } -static inline uint64_t xor_and_rotate___55int32_t_9int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___55int32_t_9int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); } -static inline uint64_t rotate_left___25int32_t_39int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } -static inline uint64_t _vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___25int32_t_39int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); } -static inline uint64_t xor_and_rotate___25int32_t_39int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___25int32_t_39int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); } -static inline uint64_t rotate_left___21int32_t_43int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } -static inline uint64_t _vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___21int32_t_43int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); } -static inline uint64_t xor_and_rotate___21int32_t_43int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___21int32_t_43int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); } -static inline uint64_t rotate_left___56int32_t_8int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } -static inline uint64_t _vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___56int32_t_8int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); } -static inline uint64_t xor_and_rotate___56int32_t_8int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___56int32_t_8int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); } -static inline uint64_t rotate_left___27int32_t_37int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } -static inline uint64_t _vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___27int32_t_37int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); } -static inline uint64_t xor_and_rotate___27int32_t_37int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___27int32_t_37int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); } -static inline uint64_t rotate_left___20int32_t_44int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } -static inline uint64_t _vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___20int32_t_44int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); } -static inline uint64_t xor_and_rotate___20int32_t_44int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___20int32_t_44int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); } -static inline uint64_t rotate_left___39int32_t_25int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } -static inline uint64_t _vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___39int32_t_25int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); } -static inline uint64_t xor_and_rotate___39int32_t_25int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___39int32_t_25int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); } -static inline uint64_t rotate_left___8int32_t_56int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } -static inline uint64_t _vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___8int32_t_56int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); } -static inline uint64_t xor_and_rotate___8int32_t_56int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___8int32_t_56int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); } -static inline uint64_t rotate_left___14int32_t_50int32_t(uint64_t x) +inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } -static inline uint64_t _vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return rotate_left___14int32_t_50int32_t(ab); + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); } -static inline uint64_t xor_and_rotate___14int32_t_50int32_t(uint64_t a, uint64_t b) +inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) { - return _vxarq_u64___14int32_t_50int32_t(a, b); + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); } -static inline void -theta_rho__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) +inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) { uint64_t uu____0 = @@ -723,58 +855,132 @@ theta_rho__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1 libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; - uint64_t uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); s->st[1U][0U] = uu____9; - uint64_t uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); s->st[2U][0U] = uu____10; - uint64_t uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); s->st[3U][0U] = uu____11; - uint64_t uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); s->st[4U][0U] = uu____12; - uint64_t uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); s->st[0U][1U] = uu____13; - uint64_t uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); s->st[1U][1U] = uu____14; - uint64_t uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); s->st[2U][1U] = uu____15; - uint64_t uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); s->st[3U][1U] = uu____16; - uint64_t uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); s->st[4U][1U] = uu____17; - uint64_t uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); s->st[0U][2U] = uu____18; - uint64_t uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); s->st[1U][2U] = uu____19; - uint64_t uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); s->st[2U][2U] = uu____20; - uint64_t uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); s->st[3U][2U] = uu____21; - uint64_t uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); s->st[4U][2U] = uu____22; - uint64_t uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); s->st[0U][3U] = uu____23; - uint64_t uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); s->st[1U][3U] = uu____24; - uint64_t uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); s->st[2U][3U] = uu____25; - uint64_t uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); s->st[3U][3U] = uu____26; - uint64_t uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); s->st[4U][3U] = uu____27; - uint64_t uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); s->st[0U][4U] = uu____28; - uint64_t uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); s->st[1U][4U] = uu____29; - uint64_t uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); s->st[2U][4U] = uu____30; - uint64_t uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); s->st[3U][4U] = uu____31; - uint64_t uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); s->st[4U][4U] = uu____32; } -static inline void -pi__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) +inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) { uint64_t old[5U][5U]; core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, @@ -808,8 +1014,10 @@ pi__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s->st[4U][4U] = old[4U][1U]; } -static inline void -chi__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) +inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); @@ -831,8 +1039,11 @@ chi__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s->st[i1][j] = uu____0;);); } -static inline void -iota__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) +inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) { uint64_t uu____0 = @@ -841,21 +1052,23 @@ iota__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_ s->st[0U][0U] = uu____0; } -static inline void -keccakf1600__uint64_t_1size_t(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) +inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho__uint64_t_1size_t(s); - pi__uint64_t_1size_t(s); - chi__uint64_t_1size_t(s); - iota__uint64_t_1size_t(s, i0); + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); } } -static inline void -absorb_block__uint64_t_1size_t_72size_t( +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -863,28 +1076,37 @@ absorb_block__uint64_t_1size_t_72size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - load_block___72size_t0(uu____0, uu____1); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void load_block_full___72size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) +inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - load_block___72size_t(uu____0, buf); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); } -static inline void load_block_full___72size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___72size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); } -static inline void -absorb_final__uint64_t_1size_t_72size_t_6uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -908,11 +1130,13 @@ absorb_final__uint64_t_1size_t_72size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___72size_t0(uu____1, uu____2); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { @@ -938,33 +1162,42 @@ static inline void store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[ } } -static inline void store_block_full___72size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - store_block___72size_t(uu____0, buf); + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -static inline void store_block_full___72size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) { uint8_t ret0[1U][200U]; - store_block_full___72size_t(a, ret0); + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -static inline void -squeeze_first_and_last__uint64_t_1size_t_72size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - store_block_full___72size_t0(s->st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -984,39 +1217,46 @@ squeeze_first_and_last__uint64_t_1size_t_72size_t( } } -static inline void store_block___72size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { - store_block___72size_t(a, b); + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); } -static inline void -squeeze_first_block__uint64_t_1size_t_72size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - store_block___72size_t0(s->st, out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); } -static inline void -squeeze_next_block__uint64_t_1size_t_72size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(s); - store_block___72size_t0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); } -static inline void -squeeze_last__uint64_t_1size_t_72size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(&s); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - store_block_full___72size_t0(s.st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1036,10 +1276,15 @@ squeeze_last__uint64_t_1size_t_72size_t( } } -static inline void -keccak__uint64_t_1size_t_72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -1056,7 +1301,7 @@ keccak__uint64_t_1size_t_72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sli i0 * (size_t)72U, (size_t)72U, ret); - absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -1067,13 +1312,13 @@ keccak__uint64_t_1size_t_72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sli core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); } else { @@ -1085,7 +1330,7 @@ keccak__uint64_t_1size_t_72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sli memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1115,33 +1360,40 @@ keccak__uint64_t_1size_t_72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sli memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - squeeze_last__uint64_t_1size_t_72size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); } } } -static inline void -keccakx1___72size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); } void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - keccakx1___72size_t_6uint8_t(buf0, buf); + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); } -static inline void load_block___136size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) +inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { @@ -1171,16 +1423,20 @@ static inline void load_block___136size_t(uint64_t (*s)[5U], Eurydice_slice bloc } } -static inline void load_block___136size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); } -static inline void -absorb_block__uint64_t_1size_t_136size_t( +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -1188,28 +1444,37 @@ absorb_block__uint64_t_1size_t_136size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void load_block_full___136size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) +inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - load_block___136size_t(uu____0, buf); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); } -static inline void load_block_full___136size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___136size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); } -static inline void -absorb_final__uint64_t_1size_t_136size_t_6uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1233,11 +1498,13 @@ absorb_final__uint64_t_1size_t_136size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { @@ -1263,33 +1530,42 @@ static inline void store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out } } -static inline void store_block_full___136size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - store_block___136size_t(uu____0, buf); + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -static inline void store_block_full___136size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) { uint8_t ret0[1U][200U]; - store_block_full___136size_t(a, ret0); + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -static inline void -squeeze_first_and_last__uint64_t_1size_t_136size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - store_block_full___136size_t0(s->st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1309,39 +1585,46 @@ squeeze_first_and_last__uint64_t_1size_t_136size_t( } } -static inline void store_block___136size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { - store_block___136size_t(a, b); + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); } -static inline void -squeeze_first_block__uint64_t_1size_t_136size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - store_block___136size_t0(s->st, out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); } -static inline void -squeeze_next_block__uint64_t_1size_t_136size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(s); - store_block___136size_t0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); } -static inline void -squeeze_last__uint64_t_1size_t_136size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(&s); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - store_block_full___136size_t0(s.st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1361,10 +1644,15 @@ squeeze_last__uint64_t_1size_t_136size_t( } } -static inline void -keccak__uint64_t_1size_t_136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -1381,7 +1669,7 @@ keccak__uint64_t_1size_t_136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -1392,13 +1680,13 @@ keccak__uint64_t_1size_t_136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); } else { @@ -1410,7 +1698,7 @@ keccak__uint64_t_1size_t_136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1440,34 +1728,37 @@ keccak__uint64_t_1size_t_136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - squeeze_last__uint64_t_1size_t_136size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); } } } -static inline void -keccakx1___136size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); } void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - keccakx1___136size_t_6uint8_t(buf0, buf); + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); } -static inline void -absorb_final__uint64_t_1size_t_136size_t_31uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1491,14 +1782,20 @@ absorb_final__uint64_t_1size_t_136size_t_31uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -keccak__uint64_t_1size_t_136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -1515,7 +1812,7 @@ keccak__uint64_t_1size_t_136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -1526,13 +1823,13 @@ keccak__uint64_t_1size_t_136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); } else { @@ -1544,7 +1841,7 @@ keccak__uint64_t_1size_t_136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -1574,39 +1871,47 @@ keccak__uint64_t_1size_t_136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - squeeze_last__uint64_t_1size_t_136size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); } } } -static inline void -keccakx1___136size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); } void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - keccakx1___136size_t_31uint8_t(buf0, buf); + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); } libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable_incremental_shake128_init(void) { - return new__uint64_t_1size_t(); + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); } -static inline void load_block___168size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) +inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { @@ -1636,24 +1941,32 @@ static inline void load_block___168size_t(uint64_t (*s)[5U], Eurydice_slice bloc } } -static inline void load_block_full___168size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) +inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - load_block___168size_t(uu____0, buf); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); } -static inline void load_block_full___168size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___168size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); } -static inline void -absorb_final__uint64_t_1size_t_168size_t_31uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1677,8 +1990,9 @@ absorb_final__uint64_t_1size_t_168size_t_31uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } void @@ -1688,10 +2002,11 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( ) { Eurydice_slice buf[1U] = { data0 }; - absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); } -static inline void store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { @@ -1717,19 +2032,24 @@ static inline void store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out } } -static inline void store_block___168size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { - store_block___168size_t(a, b); + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); } -static inline void -squeeze_next_block__uint64_t_1size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(s); - store_block___168size_t0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); } void @@ -1739,20 +2059,21 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( ) { Eurydice_slice buf[1U] = { out0 }; - squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); } -static inline void -squeeze_first_block__uint64_t_1size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - store_block___168size_t0(s->st, out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); } -static inline void -squeeze_first_three_blocks__uint64_t_1size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) @@ -1765,7 +2086,7 @@ squeeze_first_three_blocks__uint64_t_1size_t_168size_t( memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, @@ -1774,8 +2095,8 @@ squeeze_first_three_blocks__uint64_t_1size_t_168size_t( memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); } void @@ -1785,7 +2106,7 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( ) { Eurydice_slice buf[1U] = { out0 }; - squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); } size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) @@ -1822,7 +2143,11 @@ size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) return uu____0; } -static inline void load_block___144size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) +inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { @@ -1852,16 +2177,20 @@ static inline void load_block___144size_t(uint64_t (*s)[5U], Eurydice_slice bloc } } -static inline void load_block___144size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - load_block___144size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); } -static inline void -absorb_block__uint64_t_1size_t_144size_t( +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -1869,28 +2198,37 @@ absorb_block__uint64_t_1size_t_144size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - load_block___144size_t0(uu____0, uu____1); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void load_block_full___144size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) +inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - load_block___144size_t(uu____0, buf); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); } -static inline void load_block_full___144size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___144size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); } -static inline void -absorb_final__uint64_t_1size_t_144size_t_6uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -1914,11 +2252,13 @@ absorb_final__uint64_t_1size_t_144size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___144size_t0(uu____1, uu____2); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { @@ -1944,33 +2284,42 @@ static inline void store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out } } -static inline void store_block_full___144size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - store_block___144size_t(uu____0, buf); + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -static inline void store_block_full___144size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) { uint8_t ret0[1U][200U]; - store_block_full___144size_t(a, ret0); + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -static inline void -squeeze_first_and_last__uint64_t_1size_t_144size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - store_block_full___144size_t0(s->st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1990,39 +2339,46 @@ squeeze_first_and_last__uint64_t_1size_t_144size_t( } } -static inline void store_block___144size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { - store_block___144size_t(a, b); + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); } -static inline void -squeeze_first_block__uint64_t_1size_t_144size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - store_block___144size_t0(s->st, out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); } -static inline void -squeeze_next_block__uint64_t_1size_t_144size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(s); - store_block___144size_t0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); } -static inline void -squeeze_last__uint64_t_1size_t_144size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(&s); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - store_block_full___144size_t0(s.st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2042,10 +2398,15 @@ squeeze_last__uint64_t_1size_t_144size_t( } } -static inline void -keccak__uint64_t_1size_t_144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -2062,7 +2423,7 @@ keccak__uint64_t_1size_t_144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl i0 * (size_t)144U, (size_t)144U, ret); - absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -2073,13 +2434,13 @@ keccak__uint64_t_1size_t_144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); } else { @@ -2091,7 +2452,7 @@ keccak__uint64_t_1size_t_144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -2121,33 +2482,40 @@ keccak__uint64_t_1size_t_144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - squeeze_last__uint64_t_1size_t_144size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); } } } -static inline void -keccakx1___144size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); } inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - keccakx1___144size_t_6uint8_t(buf0, buf); + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); } -static inline void load_block___104size_t(uint64_t (*s)[5U], Eurydice_slice blocks[1U]) +inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { @@ -2177,16 +2545,20 @@ static inline void load_block___104size_t(uint64_t (*s)[5U], Eurydice_slice bloc } } -static inline void load_block___104size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - load_block___104size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); } -static inline void -absorb_block__uint64_t_1size_t_104size_t( +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -2194,28 +2566,37 @@ absorb_block__uint64_t_1size_t_104size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - load_block___104size_t0(uu____0, uu____1); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void load_block_full___104size_t(uint64_t (*s)[5U], uint8_t blocks[1U][200U]) +inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) { uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - load_block___104size_t(uu____0, buf); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); } -static inline void load_block_full___104size_t0(uint64_t (*a)[5U], uint8_t b[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) { uint64_t (*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___104size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); } -static inline void -absorb_final__uint64_t_1size_t_104size_t_6uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice last[1U] ) @@ -2239,11 +2620,13 @@ absorb_final__uint64_t_1size_t_104size_t_6uint8_t( uint64_t (*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - load_block_full___104size_t0(uu____1, uu____2); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { @@ -2269,33 +2652,42 @@ static inline void store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out } } -static inline void store_block_full___104size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - store_block___104size_t(uu____0, buf); + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -static inline void store_block_full___104size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) { uint8_t ret0[1U][200U]; - store_block_full___104size_t(a, ret0); + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -static inline void -squeeze_first_and_last__uint64_t_1size_t_104size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - store_block_full___104size_t0(s->st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2315,39 +2707,46 @@ squeeze_first_and_last__uint64_t_1size_t_104size_t( } } -static inline void store_block___104size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { - store_block___104size_t(a, b); + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); } -static inline void -squeeze_first_block__uint64_t_1size_t_104size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - store_block___104size_t0(s->st, out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); } -static inline void -squeeze_next_block__uint64_t_1size_t_104size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(s); - store_block___104size_t0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); } -static inline void -squeeze_last__uint64_t_1size_t_104size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(&s); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - store_block_full___104size_t0(s.st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2367,10 +2766,15 @@ squeeze_last__uint64_t_1size_t_104size_t( } } -static inline void -keccak__uint64_t_1size_t_104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -2387,7 +2791,7 @@ keccak__uint64_t_1size_t_104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl i0 * (size_t)104U, (size_t)104U, ret); - absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -2398,13 +2802,13 @@ keccak__uint64_t_1size_t_104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); } else { @@ -2416,7 +2820,7 @@ keccak__uint64_t_1size_t_104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -2446,30 +2850,33 @@ keccak__uint64_t_1size_t_104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_sl memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - squeeze_last__uint64_t_1size_t_104size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); } } } -static inline void -keccakx1___104size_t_6uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); } inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - keccakx1___104size_t_6uint8_t(buf0, buf); + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); } inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) @@ -2524,16 +2931,20 @@ inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); } -static inline void load_block___168size_t0(uint64_t (*a)[5U], Eurydice_slice b[1U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) { uint64_t (*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - load_block___168size_t(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); } -static inline void -absorb_block__uint64_t_1size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice blocks[1U] ) @@ -2541,37 +2952,47 @@ absorb_block__uint64_t_1size_t_168size_t( uint64_t (*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - load_block___168size_t0(uu____0, uu____1); - keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void store_block_full___168size_t(uint64_t (*s)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) { uint8_t out[200U] = { 0U }; uint64_t (*uu____0)[5U] = s; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - store_block___168size_t(uu____0, buf); + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); uint8_t uu____1[200U]; memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); } -static inline void store_block_full___168size_t0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) +inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) { uint8_t ret0[1U][200U]; - store_block_full___168size_t(a, ret0); + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); } -static inline void -squeeze_first_and_last__uint64_t_1size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U] ) { uint8_t b[1U][200U]; - store_block_full___168size_t0(s->st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2591,15 +3012,16 @@ squeeze_first_and_last__uint64_t_1size_t_168size_t( } } -static inline void -squeeze_last__uint64_t_1size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, Eurydice_slice out[1U] ) { - keccakf1600__uint64_t_1size_t(&s); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - store_block_full___168size_t0(s.st, b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2619,10 +3041,15 @@ squeeze_last__uint64_t_1size_t_168size_t( } } -static inline void -keccak__uint64_t_1size_t_168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = new__uint64_t_1size_t(); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); for (size_t i = (size_t)0U; @@ -2639,7 +3066,7 @@ keccak__uint64_t_1size_t_168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s i0 * (size_t)168U, (size_t)168U, ret); - absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; @@ -2650,13 +3077,13 @@ keccak__uint64_t_1size_t_168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); } else { @@ -2668,7 +3095,7 @@ keccak__uint64_t_1size_t_168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( @@ -2698,30 +3125,33 @@ keccak__uint64_t_1size_t_168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_s memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); } } if (last < outlen) { - squeeze_last__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); } } } -static inline void -keccakx1___168size_t_31uint8_t(Eurydice_slice data[1U], Eurydice_slice out[1U]) +inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); } inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; Eurydice_slice buf[1U] = { digest }; - keccakx1___168size_t_31uint8_t(buf0, buf); + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); } const diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 0b6c8ceb8..c279c7f95 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -38,6 +38,8 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 uint64_t e ); +uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); + uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); uint64_t @@ -98,10 +100,483 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +); + +void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +); + +uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); + +uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); + +uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +); + +void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +); + +void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); +void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t @@ -110,18 +585,69 @@ libcrux_sha3_portable_KeccakState1; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable_incremental_shake128_init(void); +void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice data0 ); +void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out0 ); +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, @@ -137,8 +663,194 @@ typedef uint8_t libcrux_sha3_Algorithm; size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); +void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); +void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +); + +void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); + +void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); @@ -157,6 +869,54 @@ void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +); + +void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +); + +void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +); + +void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +); + +void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + +void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); + void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); extern const size_t libcrux_sha3_generic_keccak__PI[24U]; diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 6debe90bf..0c99c983a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,7 +5,7 @@ KaRaMeL version: 38d348ce */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" @@ -2160,8 +2160,8 @@ load_block_full___168size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][ load_block_full___168size_t(uu____0, uu____1); } -static inline void -absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( +inline void +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice last[4U] ) @@ -2201,7 +2201,8 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( ) { Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; - absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, buf); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, + buf); } static inline void @@ -2466,8 +2467,8 @@ squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( store_block___168size_t0(s->st, out); } -static inline void -squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, Eurydice_slice out[4U] ) @@ -2499,6 +2500,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( ) { Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, + buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 3572afcb8..46453b145 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -34,9 +34,6 @@ libcrux_sha3_avx2_x4_shake256( Eurydice_slice out3 ); -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_KeccakState4; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); From 4efb699556453cf3bff977d41bb3e28355930fee Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 30 May 2024 21:53:55 -0700 Subject: [PATCH 83/94] Revised config --- libcrux-ml-kem/c.yaml | 68 +- libcrux-ml-kem/c/benches/sha3.cc | 12 +- libcrux-ml-kem/c/eurydice_glue.h | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 11 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 5 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/internal/libcrux_sha3.h | 75 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 5 +- .../c/internal/libcrux_sha3_internal.h | 3208 +++++++++++++++++ .../c/karamel/include/krml/internal/target.h | 7 +- libcrux-ml-kem/c/libcrux_core.c | 4 +- libcrux-ml-kem/c/libcrux_core.h | 11 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 5 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 5 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 5 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 5 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 5 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 5 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_platform.h | 4 +- libcrux-ml-kem/c/libcrux_polynomial.c | 4 +- libcrux-ml-kem/c/libcrux_polynomial.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.c | 3159 +--------------- libcrux-ml-kem/c/libcrux_sha3.h | 897 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 5 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 5 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 27 + libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- 31 files changed, 3433 insertions(+), 4136 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_internal.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3_internal.h diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 5a922be04..350c390c1 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,5 +1,6 @@ files: - # Intrinsics, in their own separate files. + # INTRINSICS + - name: libcrux_intrinsics_neon library: true inline_static: true @@ -16,6 +17,8 @@ files: api: - [libcrux_platform, "*"] + # SHA3 (no mention of libcrux_mlkem in this section, please) + # Keep the per-target seperation idea: each SHA3 variant in its own file - name: libcrux_sha3_neon api: @@ -36,16 +39,19 @@ files: - '"intrinsics/libcrux_intrinsics_arm64.h"' - name: libcrux_sha3_avx2 - api: - - [libcrux_sha3, avx2, "*"] # This is needed solely for the benchmarking test -- otherwise these would - # all be private. + # all be private. Note that the order matters! So we put these first so that + # they match immediately (and get promoted to internal), then the rest of + # the behavior applies. internal: exact: - [libcrux_sha3, avx2, x4, incremental, KeccakState4] monomorphizations_exact: + - [libcrux_sha3, avx2, x4, incremental, KeccakState4] - [libcrux_sha3, generic_keccak, absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t ] - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t ] + api: + - [libcrux_sha3, avx2, "*"] private: patterns: - [libcrux_sha3, simd, avx2, "*"] @@ -53,24 +59,63 @@ files: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] monomorphizations_using: + # Should this also include the monomorphizations using + # core.arch.x86.__m256i? - [libcrux_sha3, simd, avx2, "*"] + monomorphizations_exact: + - [libcrux_sha3, generic_keccak, "KeccakState__core_core_arch_x86___m256i_$4size_t"] include_in_h: - '"intrinsics/libcrux_intrinsics_avx2.h"' + # Public API header for SHA3 + - name: libcrux_sha3 + api: + exact: + - [libcrux_sha3, hash] + - [libcrux_sha3, sha224] + - [libcrux_sha3, sha256] + - [libcrux_sha3, sha384] + - [libcrux_sha3, sha512] + - [libcrux_sha3, keccakx1] + - [libcrux_sha3, shake128] + - [libcrux_sha3, shake256] + - [libcrux_sha3, sha224_ema] + - [libcrux_sha3, sha256_ema] + - [libcrux_sha3, sha384_ema] + - [libcrux_sha3, sha512_ema] + - [libcrux_sha3, portable, sha224] + - [libcrux_sha3, portable, sha256] + - [libcrux_sha3, portable, sha384] + - [libcrux_sha3, portable, sha512] + - [libcrux_sha3, portable, keccakx1] + - [libcrux_sha3, portable, shake128] + - [libcrux_sha3, portable, shake256] + + # Common parts of SHA3 (this catches stuff that hasn't matched above). Must + # come after the (more precise) patterns above concerning platform-specific hash_functions + - name: libcrux_sha3_internal + internal: + patterns: + - [libcrux_sha3, "*"] + monomorphizations_of: + - [libcrux_sha3, "*"] + monomorphizations_using: + - [libcrux_sha3, "*"] + inline_static: true + + # MLKEM + - name: libcrux_mlkem_neon api: - [libcrux_ml_kem, vector, neon, "*"] - [libcrux_ml_kem, hash_functions, neon, "*"] - - [libcrux_sha3, neon, "*"] private: monomorphizations_using: - [libcrux_ml_kem, vector, neon, "*"] - [libcrux_ml_kem, hash_functions, neon, "*"] - - [libcrux_sha3, neon, "*"] monomorphizations_of: - [libcrux_ml_kem, vector, neon, "*"] - [libcrux_ml_kem, hash_functions, neon, "*"] - - [libcrux_sha3, neon, "*"] - name: libcrux_mlkem_avx2 api: @@ -84,15 +129,6 @@ files: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - # Common parts of SHA3 (this catches stuff that hasn't matched above) - - name: libcrux_sha3 - api: - - [libcrux_sha3, "*"] - private: - - [libcrux_ml_kem, hash_functions, "*"] - include_in_c: - - '"libcrux_core.h"' - - name: libcrux_core private: monomorphizations_of: diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 6866ec65f..fa077330f 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -6,13 +6,19 @@ * - http://opensource.org/licenses/MIT */ + #include -#include "internal/libcrux_sha3.h" -#include "internal/libcrux_sha3_avx2.h" +// TODO: FIXME: why is the macro definition in +// karamel/include/krml/internal/target.h not working? +// This is only broken in C++ +#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) + +#include "intrinsics/libcrux_intrinsics_avx2.h" +#include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" - +#include "internal/libcrux_sha3_avx2.h" void generate_random(uint8_t *output, uint32_t output_len) { diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index dd4888af3..4189011b6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -66,7 +66,7 @@ typedef struct { #define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ ((ret_t){ \ .fst = { .ptr = slice.ptr, .len = mid }, \ - .snd = { .ptr = slice.ptr + mid * sizeof(element_type), .len = slice.len - mid }}) + .snd = { .ptr = (char*)slice.ptr + mid * sizeof(element_type), .len = slice.len - mid }}) // Can't have a flexible array as a member of a union -- this violates strict aliasing rules. diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 8b84914a7..38ab82532 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __internal_libcrux_core_H @@ -346,6 +346,13 @@ typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s } K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; +typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s +{ + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index 56594814d..2779bfc58 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __internal_libcrux_mlkem768_H @@ -12,6 +12,7 @@ extern "C" { #endif +#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 821a7784c..2be794e4d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index c8f3a70ba..5d1c707b7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __internal_libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3.h b/libcrux-ml-kem/c/internal/libcrux_sha3.h index 81ca17a35..f46b7abec 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __internal_libcrux_sha3_H @@ -16,34 +16,89 @@ extern "C" { #include "../libcrux_sha3.h" #include "eurydice_glue.h" -extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; +static const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +); -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); +void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +); -void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void); +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +); + +static inline void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice data0 -); +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +static inline void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out0 -); +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +); + +static inline void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out0 -); +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index eafd022a6..a8df11919 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __internal_libcrux_sha3_avx2_H @@ -14,6 +14,7 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" +#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_core.h" #include "../libcrux_sha3_avx2.h" #include "eurydice_glue.h" diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h new file mode 100644 index 000000000..bf3c5b03f --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -0,0 +1,3208 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + F* version: 58c915a8 + KaRaMeL version: 5666a5de + */ + +#ifndef __internal_libcrux_sha3_internal_H +#define __internal_libcrux_sha3_internal_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_core.h" +#include "../libcrux_sha3_internal.h" +#include "eurydice_glue.h" + +static const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) +{ + return 0ULL; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) +{ + uint64_t uu____0 = a; + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) +{ + return a ^ (b & ~c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) +{ + return a ^ c; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +) +{ + return a ^ b; +} + +static inline void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + ret[0U] = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out[0U], + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +) +{ + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_KeccakState1; + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + uint64_t + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + uint64_t + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + uint64_t + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + uint64_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + uint64_t + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + uint64_t + uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + uint64_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t i1 = i0; + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t j = i; + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) +{ + size_t uu____0; + switch (mode) + { + case libcrux_sha3_Sha224: + { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = (size_t)64U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +static const +size_t +libcrux_sha3_generic_keccak__PI[24U] = + { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, + (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, + (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, + (size_t)14U, (size_t)15U, (size_t)21U + }; + +static const +size_t +libcrux_sha3_generic_keccak__ROTC[24U] = + { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, + (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, + (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, + (size_t)61U, (size_t)56U, (size_t)14U + }; + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +) +{ + return self[0U]; +} + +static inline uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +) +{ + uint32_t uu____0; + switch (v) + { + case libcrux_sha3_Sha224: + { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = 4U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +static inline libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) +{ + libcrux_sha3_Algorithm uu____0; + switch (v) + { + case 1U: + { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: + { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: + { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: + { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } + } + return uu____0; +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)168U, + (size_t)168U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)104U, + (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)144U, + (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)72U, + (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); +} + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_internal_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index d4252a108..d53314766 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -29,9 +29,10 @@ # define KRML_HOST_PRINTF printf #endif -#if ( \ - (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - (!(defined KRML_HOST_EPRINTF))) +#if \ + ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + (defined(__cplusplus) && __cplusplus > 199711L)) && \ + (!defined(KRML_HOST_EPRINTF)) # define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) #elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER) # define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 86b0159ff..fc51e9434 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 039867223..edaba5325 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_core_H @@ -120,13 +120,6 @@ typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_3 } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; -typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s -{ - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index c7aebcdc1..c5fe4e5fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,12 +1,13 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "libcrux_mlkem1024.h" +#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_mlkem768.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index edf3db49e..980141a72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_mlkem1024_H @@ -12,6 +12,7 @@ extern "C" { #endif +#include "libcrux_sha3_internal.h" #include "libcrux_sha3.h" #include "libcrux_polynomial.h" #include "libcrux_platform.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 7f71d87c2..4f053a8eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,12 +1,13 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "libcrux_mlkem512.h" +#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_mlkem768.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 70de4394d..5aef2c477 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_mlkem512_H @@ -12,6 +12,7 @@ extern "C" { #endif +#include "libcrux_sha3_internal.h" #include "libcrux_sha3.h" #include "libcrux_polynomial.h" #include "libcrux_platform.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index f3b18f2e7..ee4de14ff 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,12 +1,13 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 53ebb47e2..c1e09dfe0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_mlkem768_H @@ -12,6 +12,7 @@ extern "C" { #endif +#include "libcrux_sha3_internal.h" #include "libcrux_sha3.h" #include "libcrux_polynomial.h" #include "libcrux_platform.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index fc64d618c..8c3b28331 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 3148b7dbc..0076b6fec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 5668bc9af..e4cd1123d 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index ca8fea08f..57da0a217 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "internal/libcrux_polynomial.h" diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index 126a8f779..b7d170d43 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index a31a6a18a..dced9bf34 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,1386 +1,13 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ -#include "libcrux_core.h" - -#include "libcrux_sha3.h" - -#include "internal/libcrux_core.h" - -const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) -{ - return 0ULL; -} - -inline uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; -} - -inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) -{ - uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) -{ - return a ^ (b & ~c); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); -} - -inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) -{ - return a ^ c; -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -) -{ - return a ^ b; -} - -inline void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - ret[0U] = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); -} - -inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out[0U], - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -) -{ - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; - lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - return lit; -} - -inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - uint64_t - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - uint64_t - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - uint64_t - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - uint64_t - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - uint64_t - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - uint64_t - uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], - t[0U]); - s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); - s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); - s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); - s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); - s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); - s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); - s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); - s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); - s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); - s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); - s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); - s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); - s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); - s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); - s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); - s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); - s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); - s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); - s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); - s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); - s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); - s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); - s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); - s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); - s->st[4U][4U] = uu____32; -} - -inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - uint64_t [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)72U, - (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); - } - } -} +#include "libcrux_sha3.h" -inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); -} +#include "internal/libcrux_sha3_internal.h" void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { @@ -1389,367 +16,6 @@ void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); } -inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); -} - void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; @@ -1757,142 +23,6 @@ void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); } -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); -} - void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; @@ -1900,610 +30,6 @@ void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); } -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); -} - -inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); -} - -inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); -} - -void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); -} - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) -{ - size_t uu____0; - switch (mode) - { - case libcrux_sha3_Sha224: - { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = (size_t)64U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)144U, - (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); -} - inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; @@ -2511,367 +37,6 @@ inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice d libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); } -inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)104U, - (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); -} - inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; @@ -2931,222 +96,6 @@ inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); } -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)168U, - (size_t)168U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); -} - inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = { data }; @@ -3154,103 +103,3 @@ inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); } -const -size_t -libcrux_sha3_generic_keccak__PI[24U] = - { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, - (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, - (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, - (size_t)14U, (size_t)15U, (size_t)21U - }; - -const -size_t -libcrux_sha3_generic_keccak__ROTC[24U] = - { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, - (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, - (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, - (size_t)61U, (size_t)56U, (size_t)14U - }; - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -) -{ - return self[0U]; -} - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -) -{ - uint32_t uu____0; - switch (v) - { - case libcrux_sha3_Sha224: - { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = 4U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) -{ - libcrux_sha3_Algorithm uu____0; - switch (v) - { - case 1U: - { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: - { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: - { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: - { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index c279c7f95..580a93be2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_sha3_H @@ -15,842 +15,14 @@ extern "C" { #include "libcrux_core.h" #include "eurydice_glue.h" -extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); - -uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -); - -uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -); - -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid); - -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -); - -typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s -{ uint64_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -); - -void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_KeccakState1; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void); - -void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -); - -void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -); - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); - -void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); @@ -869,73 +41,8 @@ void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); -extern const size_t libcrux_sha3_generic_keccak__PI[24U]; - -extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -); - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -); - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 0c99c983a..b51d8e770 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,12 +1,13 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "internal/libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_core.h" static inline core_core_arch_x86___m256i zero(void) diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 46453b145..9fb42949a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_sha3_avx2_H @@ -14,7 +14,6 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3.h" #include "libcrux_core.h" #include "eurydice_glue.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h new file mode 100644 index 000000000..d01d478bc --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -0,0 +1,27 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + F* version: 58c915a8 + KaRaMeL version: 5666a5de + */ + +#ifndef __libcrux_sha3_internal_H +#define __libcrux_sha3_internal_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s +{ uint64_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_internal_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 187b96ca1..116b8891d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 4e9d840c8..f1d6c8630 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign F* version: 58c915a8 - KaRaMeL version: 38d348ce + KaRaMeL version: 5666a5de */ #ifndef __libcrux_sha3_neon_H @@ -14,7 +14,7 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" #include "libcrux_core.h" #include "eurydice_glue.h" From a91effc833b3b9db1d56e3216d190c7512a33a6f Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 30 May 2024 21:57:57 -0700 Subject: [PATCH 84/94] Refresh --- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_neon.h | 97 ---------------- .../c/internal/libcrux_polynomial.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3.h | 108 ------------------ libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_platform.h | 2 +- libcrux-ml-kem/c/libcrux_polynomial.c | 2 +- libcrux-ml-kem/c/libcrux_polynomial.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.c | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 28 files changed, 26 insertions(+), 231 deletions(-) delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3.h diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 38ab82532..6cc9db6d1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index 2779bfc58..d139756ab 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 2be794e4d..b348c7f7e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h deleted file mode 100644 index 557f90c7a..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_mlkem_neon_H -#define __internal_libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" -#include "../libcrux_mlkem_neon.h" -#include "eurydice_glue.h" - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 5d1c707b7..14e4e04e7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3.h b/libcrux-ml-kem/c/internal/libcrux_sha3.h deleted file mode 100644 index f46b7abec..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_sha3.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de - */ - -#ifndef __internal_libcrux_sha3_H -#define __internal_libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_core.h" -#include "../libcrux_sha3.h" -#include "eurydice_glue.h" - -static const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -); - -void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); -} - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -static inline void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); -} - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -static inline void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); -} - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -static inline void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); -} - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a8df11919..afce612fc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index bf3c5b03f..28e10ce9a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index fc51e9434..a52a80c18 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index edaba5325..095d8a726 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index c5fe4e5fc..bdf92bc24 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 980141a72..08b6097df 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 4f053a8eb..1baeae0cb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 5aef2c477..41cbcafa1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index ee4de14ff..0aedc431c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index c1e09dfe0..278529eaa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 8c3b28331..f77c98154 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0076b6fec..12e2c9489 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index e4cd1123d..7fe9692e4 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 57da0a217..459b8fe83 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index b7d170d43..bfde0dcce 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index dced9bf34..1d6b807b2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 580a93be2..0952f0695 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index b51d8e770..9f70b1575 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9fb42949a..26342807e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index d01d478bc..9b8eca3cc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 116b8891d..a00b2700b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f1d6c8630..2e3dd1398 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,6 +1,6 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase2.2,Reassign + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 5666a5de */ From a9888dd9a88842579d29385fc6b6194d2879032a Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 31 May 2024 10:00:03 +0200 Subject: [PATCH 85/94] clang-format --- libcrux-ml-kem/c.sh | 13 +- libcrux-ml-kem/c/CMakeLists.txt | 18 +- libcrux-ml-kem/c/eurydice_glue.h | 274 +- libcrux-ml-kem/c/internal/libcrux_core.h | 309 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 222 +- .../c/internal/libcrux_mlkem_avx2.h | 102 +- .../c/internal/libcrux_polynomial.h | 295 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 39 +- .../c/internal/libcrux_sha3_internal.h | 3230 ++-- .../c/intrinsics/libcrux_intrinsics_arm64.h | 833 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 486 +- libcrux-ml-kem/c/libcrux_core.c | 569 +- libcrux-ml-kem/c/libcrux_core.h | 119 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 2837 ++-- libcrux-ml-kem/c/libcrux_mlkem1024.h | 85 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 2670 ++- libcrux-ml-kem/c/libcrux_mlkem512.h | 83 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 4027 ++--- libcrux-ml-kem/c/libcrux_mlkem768.h | 83 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 13860 +++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 384 +- libcrux-ml-kem/c/libcrux_platform.h | 8 +- libcrux-ml-kem/c/libcrux_polynomial.c | 3141 ++-- libcrux-ml-kem/c/libcrux_polynomial.h | 21 +- libcrux-ml-kem/c/libcrux_sha3.c | 115 +- libcrux-ml-kem/c/libcrux_sha3.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 3376 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 76 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 256 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 55 +- libcrux-ml-kem/c/tests/mlkem768.cc | 3 - libcrux-sha3/benches/sha3.rs | 36 + 33 files changed, 16025 insertions(+), 21626 deletions(-) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 79ceb6d80..cf72853bb 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -54,13 +54,6 @@ echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . -# if [[ -n "$HACL_PACKAGES_HOME" && "$no_hacl" = 0 ]]; then -# # clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h -# cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ -# cp *.h $HACL_PACKAGES_HOME/libcrux/include -# cp *.c $HACL_PACKAGES_HOME/libcrux/src -# elif [[ "$no_hacl" = 0 ]]; then -# echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 -# else -# echo "Copy to hacl-packages was disabled with --no-hacl" 1>&2 -# fi +clang-format --style=Google -i *.c *.h +clang-format --style=Google -i internal/*.h +clang-format --style=Google -i intrinsics/*.h diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index d090524f5..5310489cd 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -1,5 +1,7 @@ # cmake -B build -G "Ninja Multi-Config" # cmake --build build +# # For release (benchmarks) +# cmake --build build --config Release cmake_minimum_required(VERSION 3.10) @@ -8,7 +10,21 @@ project(libcrux-ml-kem LANGUAGES C CXX ) -set(CMAKE_C_FLAGS " -Wall ") +set(CMAKE_C_STANDARD 11) +add_compile_options( + -Wall + # -Wextra + # -pedantic + # -Wconversion + # -Wsign-conversion + $<$:-g> + $<$:-Og> + $<$:-g> + $<$:-O3> + -fno-omit-frame-pointer + -flto +) +add_link_options(-flto) set(CMAKE_COLOR_DIAGNOSTICS "ON") include_directories( ${PROJECT_SOURCE_DIR} diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 4189011b6..f798f970b 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -5,82 +5,101 @@ extern "C" { #endif #include -#include -#include #include +#include +#include #include -#include "krml/lowstar_endianness.h" #include "krml/internal/target.h" +#include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) // SLICES, ARRAYS, ETC. -// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. -// the number of elements in the slice (this is NOT the number of bytes). This design choice has two -// important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it +// We represent a slice as a pair of an (untyped) pointer, along with the length +// of the slice, i.e. the number of elements in the slice (this is NOT the +// number of bytes). This design choice has two important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* +// performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the +// type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you +// need to multiply it // by sizeof t, where t is the type of the elements. typedef struct { void *ptr; size_t len; } Eurydice_slice; -// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end -// index in x (excluded). The argument x must be suitably cast to something that can decay (see -// remark above about how pointer arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) +// Helper macro to create a slice out of a pointer x, a start index in x +// (included), and an end index in x (excluded). The argument x must be suitably +// cast to something that can decay (see remark above about how pointer +// arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) \ + ((Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an // array, you cannot simply write `t x` as it would yield `int[4] x` instead, // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t) s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ + EURYDICE_SLICE((t *)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ + EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ + EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) \ + EURYDICE_SLICE(x, 0, \ + end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ + EURYDICE_SLICE((t *)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ + EURYDICE_SLICE((t *)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ + EURYDICE_SLICE((t *)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ + ERROR "should've been desugared" #define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ + memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ + ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ + (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq \ + Eurydice_array_eq #define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) + ((ret_t){.fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) #define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = { .ptr = slice.ptr, .len = mid }, \ - .snd = { .ptr = (char*)slice.ptr + mid * sizeof(element_type), .len = slice.len - mid }}) + ((ret_t){.fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ + .len = slice.len - mid}}) - -// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. -typedef struct -{ +// Can't have a flexible array as a member of a union -- this violates strict +// aliasing rules. +typedef struct { uint8_t tag; uint8_t case_Ok[]; -} -result_tryfromslice_flexible; +} result_tryfromslice_flexible; // See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ + Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, \ + sizeof(t_arr)) -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, + Eurydice_slice src, size_t sz) { dst->tag = 0; memcpy(dst->case_Ok, src.ptr, sz); } @@ -92,8 +111,8 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } -static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { - store64_le(buf,v); +static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { + store64_le(buf, v); } static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); @@ -104,66 +123,83 @@ core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { return x; } -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { return __builtin_popcount(x0); } +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { + return __builtin_popcount(x0); +} // unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { + return x + y; +} +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { + return x - y; +} -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, + int32_t *x1) { *x0 = *x0 + *x1; } -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { + return (*p) & v; +} +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { + return (*p) >> v; +} // ITERATORS #define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ - ((iter_ptr)->start == (iter_ptr)->end) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ - ) +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ + Eurydice_range_iter_next // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ + Eurydice_into_iter typedef struct { Eurydice_slice slice; size_t chunk_size; } Eurydice_chunks; - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static -// inline function cannot receive a type as an argument. Instead, we receive the element size and -// use it to peform manual offset computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); - chunks->slice = ((Eurydice_slice) { - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size - }); +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a +// type, and this static inline function cannot receive a type as an argument. +// Instead, we receive the element size and use it to peform manual offset +// computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, + size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size + ? chunks->chunk_size + : chunks->slice.len; + Eurydice_slice curr_chunk = + ((Eurydice_slice){.ptr = chunks->slice.ptr, .len = chunk_size}); + chunks->slice = ((Eurydice_slice){ + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size}); return curr_chunk; } -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ - .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ - .chunk_size = sz_ }) +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){ \ + .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ + .chunk_size = sz_}) #define core_slice_iter_Chunks Eurydice_chunks #define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t)) })) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( \ + iter, t, ret_t) \ + (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t))})) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ + iter, t, _ret_t) \ core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) typedef struct { @@ -171,14 +207,16 @@ typedef struct { size_t index; } Eurydice_slice_iterator; -#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) +#define core_slice___Slice_T___iter(x, t, _ret_t) \ + ((Eurydice_slice_iterator){.s = x, .index = 0}) #define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ - (((iter)->index == (iter)->s.len) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ + ret_t) \ + (((iter)->index == (iter)->s.len) \ + ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ + .f0 = ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) // STRINGS @@ -189,7 +227,9 @@ typedef const char *Prims_string; typedef void *core_fmt_Formatter; typedef void *core_fmt_Arguments; typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, x4) NULL +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ + x4) \ + NULL // VECTORS (ANCIENT, POSSIBLY UNTESTED) @@ -198,7 +238,7 @@ typedef void *core_fmt_rt_Argument; * pointer (one word). */ typedef struct { void *ptr; - size_t len; /* the number of elements */ + size_t len; /* the number of elements */ size_t alloc_size; /* the size of the allocation, in number of BYTES */ } Eurydice_vec_s, *Eurydice_vec; @@ -206,40 +246,50 @@ typedef struct { * statement-expression -- this suitably initializes ptr to NULL and len and * size to 0. */ #define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size/sizeof(t)) { \ +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size / sizeof(t)) { \ /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX/2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t*)v->ptr)[v->len] = x; \ - v->len++; \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX / 2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t *)v->ptr)[v->len] = x; \ + v->len++; \ } while (0) #define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ + do { \ + free(v->ptr); \ + free(v); \ } while (0) -#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] +#define EURYDICE_VEC_INDEX(v, i, t) &((t *)v->ptr)[i] #define EURYDICE_VEC_LEN(v, t) (v)->len /* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) - -#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) +#define EURYDICE_BOX_NEW(x, t) \ + ({ \ + t *p = malloc(sizeof(t)); \ + *p = x; \ + p; \ + }) + +#define EURYDICE_REPLACE(ptr, new_v, t) \ + ({ \ + t old_v = *ptr; \ + *ptr = new_v; \ + old_v; \ + }) #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6cc9db6d1..66b65563c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __internal_libcrux_core_H @@ -15,17 +15,16 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( + core_fmt_rt_Argument x0[0U]); -extern core_fmt_Arguments -core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); +extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( + Eurydice_slice x0, Eurydice_slice x1); -typedef struct core_option_Option__size_t_s -{ +typedef struct core_option_Option__size_t_s { core_option_Option__size_t_tags tag; size_t f0; -} -core_option_Option__size_t; +} core_option_Option__size_t; #define CORE_NUM__U32_8__BITS (32U) @@ -37,21 +36,18 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -); +void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]); #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \ + (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) @@ -59,299 +55,240 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U] -); + uint8_t value[800U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -); + uint8_t value[1632U]); -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s -{ +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { uint8_t fst[768U]; uint8_t snd[800U]; -} -K___uint8_t_768size_t__uint8_t_800size_t_; +} K___uint8_t_768size_t__uint8_t_800size_t_; libcrux_ml_kem_types_MlKemCiphertext____768size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U] -); + uint8_t value[768U]); -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -); +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self); uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice lhs, Eurydice_slice rhs); -typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; +} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -); + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]); libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U] -); + uint8_t value[1568U]); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -); + uint8_t value[3168U]); -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s -{ +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s { uint8_t fst[1536U]; uint8_t snd[1568U]; -} -K___uint8_t_1536size_t__uint8_t_1568size_t_; +} K___uint8_t_1536size_t__uint8_t_1568size_t_; libcrux_ml_kem_types_MlKemCiphertext____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U] -); + uint8_t value[1568U]); -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -); +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self); uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice lhs, Eurydice_slice rhs); Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self); -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]); libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U] -); + uint8_t value[1184U]); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -); + uint8_t value[2400U]); -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s -{ +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { uint8_t fst[1152U]; uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; +} K___uint8_t_1152size_t__uint8_t_1184size_t_; libcrux_ml_kem_types_MlKemCiphertext____1088size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U] -); + uint8_t value[1088U]); -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -); +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self); uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice lhs, Eurydice_slice rhs); -typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; +} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]); -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]); -typedef struct K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; +} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; -typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; +} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self); -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]); -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]); #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; +typedef uint8_t + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; -typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s -{ +typedef struct + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; -void -core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U] -); +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]); -typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s -{ +typedef struct + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; -void -core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U] -); +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]); -typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s -{ +typedef struct + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; -void -core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U] -); +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]); -typedef struct core_option_Option__Eurydice_slice_uint8_t_s -{ +typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; +} core_option_Option__Eurydice_slice_uint8_t; -typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s -{ +typedef struct + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; -void -core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -); +void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U]); -typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { Eurydice_slice fst[4U]; Eurydice_slice snd[4U]; -} -K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; +} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; -typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ +typedef struct + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -); +void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U]); -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; +} K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; -typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s { Eurydice_slice fst[1U]; Eurydice_slice snd[1U]; -} -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; +} K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index d139756ab..a08af7da2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __internal_libcrux_mlkem768_H @@ -12,157 +12,129 @@ extern "C" { #endif -#include "internal/libcrux_sha3_internal.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_core.h" #include "../libcrux_mlkem768.h" #include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_internal.h" libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); + Eurydice_slice serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); + Eurydice_slice serialized); + +void libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t layer, size_t _initial_coefficient_bound); + +void libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound); + +void libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound); + +void libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound); + +void libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); + Eurydice_slice serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -); + Eurydice_slice serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -); + Eurydice_slice serialized); + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer); + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer); + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer); + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t layer); + +void libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + uint8_t ret[32U]); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); + Eurydice_slice serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -); + Eurydice_slice randomness); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -); + Eurydice_slice randomness); -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); +void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -); + uint8_t serialized[32U]); + +void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]); + +void libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice serialized); + +void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice out); + +void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[384U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b348c7f7e..720396567 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -12,83 +12,65 @@ extern "C" { #endif -#include "internal/libcrux_sha3_avx2.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" #include "../libcrux_mlkem_avx2.h" #include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_avx2.h" -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 14e4e04e7..a7f4030b3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __internal_libcrux_polynomial_H @@ -12,318 +12,257 @@ extern "C" { #endif -#include "internal/libcrux_core.h" #include "../libcrux_polynomial.h" #include "eurydice_glue.h" +#include "internal/libcrux_core.h" extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); + libcrux_ml_kem_vector_PortableVector v, int16_t c); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); + libcrux_ml_kem_vector_PortableVector a, int16_t zeta); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); + libcrux_ml_kem_vector_PortableVector a, int16_t zeta); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[2U]); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[8U]); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[10U]); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[20U]); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[22U]); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[24U]); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -); + Eurydice_slice a); size_t libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); + Eurydice_slice a, Eurydice_slice out); -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ + ((int16_t)1353) typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + fst[2U]; uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; +} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs); typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + fst[4U]; uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; +} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs); -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error); typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + fst[3U]; uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; +} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -); + void); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -); + Eurydice_slice a); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -); + libcrux_ml_kem_vector_PortableVector a); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + b); -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -); +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -); + libcrux_ml_kem_vector_PortableVector v, int16_t fer); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); + libcrux_ml_kem_vector_PortableVector v); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index afce612fc..5d535614b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __internal_libcrux_sha3_avx2_H @@ -12,27 +12,24 @@ extern "C" { #endif -#include "intrinsics/libcrux_intrinsics_avx2.h" - -#include "internal/libcrux_sha3_internal.h" -#include "internal/libcrux_core.h" #include "../libcrux_sha3_avx2.h" #include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_sha3_internal.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_KeccakState4; - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); + libcrux_sha3_avx2_x4_incremental_KeccakState4; + +void libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]); + +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 28e10ce9a..eb20079a3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __internal_libcrux_sha3_internal_H @@ -12,36 +12,44 @@ extern "C" { #endif -#include "internal/libcrux_core.h" #include "../libcrux_sha3_internal.h" #include "eurydice_glue.h" +#include "internal/libcrux_core.h" -static const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) -{ +static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { + 1ULL, + 32898ULL, + 9223372036854808714ULL, + 9223372039002292224ULL, + 32907ULL, + 2147483649ULL, + 9223372039002292353ULL, + 9223372036854808585ULL, + 138ULL, + 136ULL, + 2147516425ULL, + 2147483658ULL, + 2147516555ULL, + 9223372036854775947ULL, + 9223372036854808713ULL, + 9223372036854808579ULL, + 9223372036854808578ULL, + 9223372036854775936ULL, + 32778ULL, + 9223372039002259466ULL, + 9223372039002292353ULL, + 9223372036854808704ULL, + 2147483649ULL, + 9223372039002292232ULL}; + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( + void) { return 0ULL; } -static inline uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ +static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { uint64_t ab = a ^ b; uint64_t cd = c ^ d; uint64_t abcd = ab ^ cd; @@ -50,116 +58,82 @@ libcrux_sha3_portable_keccak__veor5q_u64( static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ + uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } -static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) -{ +static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, + uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); + return uu____0 ^ + libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); } -static inline uint64_t -libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) -{ +static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, + uint64_t b, + uint64_t c) { return a ^ (b & ~c); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -) -{ + uint64_t a, uint64_t b, uint64_t c) { return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); } -static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) -{ +static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, + uint64_t c) { return a ^ c; } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -) -{ + uint64_t a, uint64_t c) { return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return a ^ b; } -static inline void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - ret[0U] = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); +static inline void libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { + ret[0U] = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ + Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out[0U], - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], + size_t mid) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out[0U], mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; @@ -170,109 +144,91 @@ libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -) -{ + Eurydice_slice a[1U], size_t mid) { return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); } typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_KeccakState1; + libcrux_sha3_portable_KeccakState1; static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) -{ + void) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); return lit; } static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); } -static inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -280,766 +236,601 @@ libcrux_sha3_portable_keccak_load_block___168size_t( } } -static inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); } -static inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - uint64_t - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - uint64_t - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - uint64_t - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - uint64_t - c[5U] = - { +static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + uint64_t uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + uint64_t uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + uint64_t uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + uint64_t c[5U] = { uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - uint64_t - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t - t[5U] = - { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + uint64_t uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t t[5U] = { uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - uint64_t - uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], - t[0U]); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + uint64_t uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); + uint64_t uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); + uint64_t uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); + uint64_t uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); + uint64_t uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); + uint64_t uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); + uint64_t uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); + uint64_t uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); + uint64_t uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); + uint64_t uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); + uint64_t uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); + uint64_t uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); + uint64_t uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); + uint64_t uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); + uint64_t uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); + uint64_t uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); + uint64_t uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); + uint64_t uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); + uint64_t uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); + uint64_t uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); + uint64_t uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); + uint64_t uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); + uint64_t uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); + uint64_t uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); + uint64_t uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____32; } -static inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ +static inline void libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - uint64_t [5U], - void *); + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, uint64_t[5U], void *); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1066,51 +857,31 @@ libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( s->st[4U][4U] = old[4U][1U]; } -static inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ +static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); s->st[0U][0U] = uu____0; } -static inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { +static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); @@ -1121,146 +892,120 @@ libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; - blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; + blocks[i][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +static inline void libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + s, buf); } -static inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___168size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___168size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + s->st, out); } static inline void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, buf); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o10, (size_t)168U); Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o2); } static inline void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + s, buf); } #define libcrux_sha3_Sha224 0 @@ -1270,202 +1015,162 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) -{ +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; - switch (mode) - { - case libcrux_sha3_Sha224: - { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = (size_t)64U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } } return uu____0; } -static const -size_t -libcrux_sha3_generic_keccak__PI[24U] = - { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, - (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, - (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, - (size_t)14U, (size_t)15U, (size_t)21U - }; - -static const -size_t -libcrux_sha3_generic_keccak__ROTC[24U] = - { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, - (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, - (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, - (size_t)61U, (size_t)56U, (size_t)14U - }; +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { return self[0U]; } static inline uint32_t libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -) -{ + libcrux_sha3_Algorithm v) { uint32_t uu____0; - switch (v) - { - case libcrux_sha3_Sha224: - { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = 4U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } + switch (v) { + case libcrux_sha3_Sha224: { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: { + uu____0 = 4U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } } return uu____0; } static inline libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) -{ +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from( + uint32_t v) { libcrux_sha3_Algorithm uu____0; - switch (v) - { - case 1U: - { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: - { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: - { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: - { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch (v) { + case 1U: { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); + } } return uu____0; } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1473,28 +1178,23 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1502,151 +1202,114 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)168U, - (size_t)168U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)168U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)168U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1656,147 +1319,112 @@ libcrux_sha3_portable_keccak_load_block___104size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; + blocks[i][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___104size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1804,58 +1432,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___104size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1863,151 +1479,114 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)104U, - (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)104U, (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)104U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)104U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)104U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)104U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2017,147 +1596,112 @@ libcrux_sha3_portable_keccak_load_block___144size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; + blocks[i][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___144size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2165,58 +1709,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___144size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2224,151 +1756,114 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)144U, - (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)144U, (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)144U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)144U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)144U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)144U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2378,147 +1873,112 @@ libcrux_sha3_portable_keccak_load_block___136size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + blocks[i][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___136size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2526,58 +1986,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___136size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2585,287 +2033,222 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)136U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)136U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + uu____0, out); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + blocks[i][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)136U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)136U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2875,147 +2258,112 @@ libcrux_sha3_portable_keccak_load_block___72size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; + blocks[i][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___72size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3023,58 +2371,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___72size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3082,122 +2418,96 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)72U, - (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)72U, (size_t)72U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, + ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)72U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)72U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)72U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)72U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h index b14f283be..4f6a5f8c7 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h @@ -9,540 +9,467 @@ #define __libcrux_intrinsics_arm64_H #if defined(__cplusplus) -extern "C" -{ +extern "C" { #endif -#include "eurydice_glue.h" #include - // NEON Vector Types - typedef int16x4_t core_core_arch_arm_shared_neon_int16x4_t; - typedef uint16x4_t core_core_arch_arm_shared_neon_uint16x4_t; - typedef int8x16_t core_core_arch_arm_shared_neon_int8x16_t; - typedef uint8x16_t core_core_arch_arm_shared_neon_uint8x16_t; - typedef int16x8_t core_core_arch_arm_shared_neon_int16x8_t; - typedef uint16x8_t core_core_arch_arm_shared_neon_uint16x8_t; - typedef int32x4_t core_core_arch_arm_shared_neon_int32x4_t; - typedef uint32x4_t core_core_arch_arm_shared_neon_uint32x4_t; - typedef int64x2_t core_core_arch_arm_shared_neon_int64x2_t; - typedef uint64x2_t core_core_arch_arm_shared_neon_uint64x2_t; - - // Casting Between Vector Types - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vreinterpretq_s16_u16(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_u16_s16(a); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vreinterpretq_u32_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_u32_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vreinterpretq_s32_u32( - core_core_arch_arm_shared_neon_uint32x4_t a) - { - return vreinterpretq_s32_u32(a); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - core_core_arch_arm_shared_neon_int32x4_t a) - { - return vreinterpretq_u32_s32(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_u32( - core_core_arch_arm_shared_neon_uint32x4_t a) - { - return vreinterpretq_s16_u32(a); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_s32_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - core_core_arch_arm_shared_neon_int32x4_t a) - { - return vreinterpretq_s16_s32(a); - } - - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vreinterpretq_s64_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_s64_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - core_core_arch_arm_shared_neon_int64x2_t a) - { - return vreinterpretq_s16_s64(a); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vreinterpretq_u8_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_u8_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - core_core_arch_arm_shared_neon_uint8x16_t a) - { - return vreinterpretq_s16_u8(a); - } - - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - core_core_arch_arm_shared_neon_int32x4_t a) - { - return vreinterpretq_s64_s32(a); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vreinterpretq_u8_s64( - core_core_arch_arm_shared_neon_int64x2_t a) - { - return vreinterpretq_u8_s64(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - core_core_arch_arm_shared_neon_uint8x16_t a) - { - return vreinterpretq_u16_u8(a); - } - - // Initialize, Load, Store - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vdupq_n_s16(int16_t c) - { - return vdupq_n_s16(c); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t a) - { - return vdupq_n_u32(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value); - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice slice) - { - return vld1q_s16((int16_t*)slice.ptr); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice slice) - { - return vld1q_u8((uint8_t*)slice.ptr); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vld1q_u16(Eurydice_slice slice) - { - return vld1q_u16((uint16_t*)slice.ptr); - } - - static inline void libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_slice out, - core_core_arch_arm_shared_neon_int16x8_t a) - { - vst1q_s16((int16_t*)out.ptr, a); - } - - static inline void libcrux_intrinsics_arm64__vst1q_u8( - Eurydice_slice out, - core_core_arch_arm_shared_neon_uint8x16_t a) - { - vst1q_u8((uint8_t*)out.ptr, a); - } - - // Arithmetic: Add, Sub - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vaddq_s16( +#include "eurydice_glue.h" + +// NEON Vector Types +typedef int16x4_t core_core_arch_arm_shared_neon_int16x4_t; +typedef uint16x4_t core_core_arch_arm_shared_neon_uint16x4_t; +typedef int8x16_t core_core_arch_arm_shared_neon_int8x16_t; +typedef uint8x16_t core_core_arch_arm_shared_neon_uint8x16_t; +typedef int16x8_t core_core_arch_arm_shared_neon_int16x8_t; +typedef uint16x8_t core_core_arch_arm_shared_neon_uint16x8_t; +typedef int32x4_t core_core_arch_arm_shared_neon_int32x4_t; +typedef uint32x4_t core_core_arch_arm_shared_neon_uint32x4_t; +typedef int64x2_t core_core_arch_arm_shared_neon_int64x2_t; +typedef uint64x2_t core_core_arch_arm_shared_neon_uint64x2_t; + +// Casting Between Vector Types +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) { + return vreinterpretq_s16_u16(a); +} + +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vreinterpretq_u16_s16(a); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vreinterpretq_u32_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vreinterpretq_u32_s16(a); +} + +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vreinterpretq_s32_u32( + core_core_arch_arm_shared_neon_uint32x4_t a) { + return vreinterpretq_s32_u32(a); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + core_core_arch_arm_shared_neon_int32x4_t a) { + return vreinterpretq_u32_s32(a); +} + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_u32( + core_core_arch_arm_shared_neon_uint32x4_t a) { + return vreinterpretq_s16_u32(a); +} + +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vreinterpretq_s32_s16(a); +} + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + core_core_arch_arm_shared_neon_int32x4_t a) { + return vreinterpretq_s16_s32(a); +} + +static inline core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vreinterpretq_s64_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vreinterpretq_s64_s16(a); +} + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + core_core_arch_arm_shared_neon_int64x2_t a) { + return vreinterpretq_s16_s64(a); +} + +static inline core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vreinterpretq_u8_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vreinterpretq_u8_s16(a); +} + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + core_core_arch_arm_shared_neon_uint8x16_t a) { + return vreinterpretq_s16_u8(a); +} + +static inline core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + core_core_arch_arm_shared_neon_int32x4_t a) { + return vreinterpretq_s64_s32(a); +} + +static inline core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vreinterpretq_u8_s64( + core_core_arch_arm_shared_neon_int64x2_t a) { + return vreinterpretq_u8_s64(a); +} + +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + core_core_arch_arm_shared_neon_uint8x16_t a) { + return vreinterpretq_u16_u8(a); +} + +// Initialize, Load, Store + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vdupq_n_s16(int16_t c) { + return vdupq_n_s16(c); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t a) { + return vdupq_n_u32(a); +} + +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value); + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice slice) { + return vld1q_s16((int16_t*)slice.ptr); +} + +static inline core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice slice) { + return vld1q_u8((uint8_t*)slice.ptr); +} + +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vld1q_u16(Eurydice_slice slice) { + return vld1q_u16((uint16_t*)slice.ptr); +} + +static inline void libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_slice out, core_core_arch_arm_shared_neon_int16x8_t a) { + vst1q_s16((int16_t*)out.ptr, a); +} + +static inline void libcrux_intrinsics_arm64__vst1q_u8( + Eurydice_slice out, core_core_arch_arm_shared_neon_uint8x16_t a) { + vst1q_u8((uint8_t*)out.ptr, a); +} + +// Arithmetic: Add, Sub + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vaddq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vaddq_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vaddq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vaddq_u32( +static inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vaddq_u32( core_core_arch_arm_shared_neon_uint32x4_t a, - core_core_arch_arm_shared_neon_uint32x4_t b) - { - return vaddq_u32(a, b); - } - - static inline int16_t libcrux_intrinsics_arm64__vaddvq_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vaddvq_s16(a); - } - - static inline uint16_t libcrux_intrinsics_arm64__vaddv_u16( - core_core_arch_arm_shared_neon_uint16x4_t a) - { - return vaddv_s16(a); - } - - static inline uint16_t libcrux_intrinsics_arm64__vaddvq_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vaddvq_u16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vsubq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vsubq_s16(a, b); - } + core_core_arch_arm_shared_neon_uint32x4_t b) { + return vaddq_u32(a, b); +} - // Arithmetic: Mul, Mul-High, Mul-Add +static inline int16_t libcrux_intrinsics_arm64__vaddvq_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vaddvq_s16(a); +} - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vmulq_n_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - int16_t c) - { - return vmulq_n_s16(a, c); - } +static inline uint16_t libcrux_intrinsics_arm64__vaddv_u16( + core_core_arch_arm_shared_neon_uint16x4_t a) { + return vaddv_s16(a); +} - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vqdmulhq_n_s16( +static inline uint16_t libcrux_intrinsics_arm64__vaddvq_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) { + return vaddvq_u16(a); +} + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vsubq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - int16_t c) - { - return vqdmulhq_n_s16(a, c); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vsubq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vmulq_n_u16( - core_core_arch_arm_shared_neon_uint16x8_t a, - uint16_t c) - { - return vmulq_n_s16(a, c); - } +// Arithmetic: Mul, Mul-High, Mul-Add - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - core_core_arch_arm_shared_neon_int32x4_t a, - int32_t c) - { - return vqdmulhq_n_s32(a, c); - } +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vmulq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t a, int16_t c) { + return vmulq_n_s16(a, c); +} - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vmulq_n_u32( - core_core_arch_arm_shared_neon_uint32x4_t a, - uint32_t c) - { - return vmulq_n_u32(a, c); - } +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vqdmulhq_n_s16( + core_core_arch_arm_shared_neon_int16x8_t a, int16_t c) { + return vqdmulhq_n_s16(a, c); +} - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vmulq_s16( +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vmulq_n_u16( + core_core_arch_arm_shared_neon_uint16x8_t a, uint16_t c) { + return vmulq_n_s16(a, c); +} + +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vqdmulhq_n_s32( + core_core_arch_arm_shared_neon_int32x4_t a, int32_t c) { + return vqdmulhq_n_s32(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vmulq_n_u32( + core_core_arch_arm_shared_neon_uint32x4_t a, uint32_t c) { + return vmulq_n_u32(a, c); +} + +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vmulq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vmulq_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vmulq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vqdmulhq_s16( +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vqdmulhq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vqdmulhq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmull_s16( - core_core_arch_arm_shared_neon_int16x4_t a, - core_core_arch_arm_shared_neon_int16x4_t b); - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmull_high_s16( + core_core_arch_arm_shared_neon_int16x8_t b) { + return vqdmulhq_s16(a, b); +} + +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmull_s16(core_core_arch_arm_shared_neon_int16x4_t a, + core_core_arch_arm_shared_neon_int16x4_t b); + +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmull_high_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vmull_high_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vmull_high_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmlal_s16( +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmlal_s16( core_core_arch_arm_shared_neon_int32x4_t a, core_core_arch_arm_shared_neon_int16x4_t b, - core_core_arch_arm_shared_neon_int16x4_t c) - { - return vmlal_s16(a, b, c); - } + core_core_arch_arm_shared_neon_int16x4_t c) { + return vmlal_s16(a, b, c); +} - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmlal_high_s16( +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vmlal_high_s16( core_core_arch_arm_shared_neon_int32x4_t a, core_core_arch_arm_shared_neon_int16x8_t b, - core_core_arch_arm_shared_neon_int16x8_t c) - { - return vmlal_high_s16(a, b, c); - } + core_core_arch_arm_shared_neon_int16x8_t c) { + return vmlal_high_s16(a, b, c); +} - // Comparisons +// Comparisons - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vcgeq_s16( +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vcgeq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vcgeq_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vcgeq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vcleq_s16( +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vcleq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vcleq_s16(a, b); - } - - // Bitwise Operations - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vandq_s16( + core_core_arch_arm_shared_neon_int16x8_t b) { + return vcleq_s16(a, b); +} + +// Bitwise Operations +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vandq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vandq_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vandq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__veorq_s16( +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__veorq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return veorq_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return veorq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vandq_u32( +static inline core_core_arch_arm_shared_neon_uint32x4_t +libcrux_intrinsics_arm64__vandq_u32( core_core_arch_arm_shared_neon_uint32x4_t a, - core_core_arch_arm_shared_neon_uint32x4_t b) - { - return vandq_u32(a, b); - } + core_core_arch_arm_shared_neon_uint32x4_t b) { + return vandq_u32(a, b); +} - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vandq_u16( +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vandq_u16( core_core_arch_arm_shared_neon_uint16x8_t a, - core_core_arch_arm_shared_neon_uint16x8_t b) - { - return vandq_u16(a, b); - } + core_core_arch_arm_shared_neon_uint16x8_t b) { + return vandq_u16(a, b); +} - // Shift Operations +// Shift Operations -#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a) \ +#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a) \ (vshrq_n_s16(a, SHIFT_BY)) -#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a) \ +#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a) \ (vshrq_n_u16(a, SHIFT_BY)) #define libcrux_intrinsics_arm64__vshrq_n_u32(N, a) (vshrq_n_u32(a, N)) #define libcrux_intrinsics_arm64__vshlq_n_u32(N, a) (vshlq_n_u32(a, N)) -#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a) \ +#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a) \ (vshlq_n_s16(a, SHIFT_BY)) - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vshlq_s16( +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vshlq_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vshlq_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vshlq_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vshlq_u16( +static inline core_core_arch_arm_shared_neon_uint16x8_t +libcrux_intrinsics_arm64__vshlq_u16( core_core_arch_arm_shared_neon_uint16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vshlq_u16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vshlq_u16(a, b); +} #define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b) (vsliq_n_s16(a, b, N)) #define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b) (vsliq_n_s64(a, b, N)) - // Transpose and Vector Manipulations +// Transpose and Vector Manipulations - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vtrn1q_s16( +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vtrn1q_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vtrn1q_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vtrn1q_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vtrn2q_s16( +static inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_intrinsics_arm64__vtrn2q_s16( core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vtrn2q_s16(a, b); - } + core_core_arch_arm_shared_neon_int16x8_t b) { + return vtrn2q_s16(a, b); +} - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vtrn1q_s32( +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vtrn1q_s32( core_core_arch_arm_shared_neon_int32x4_t a, - core_core_arch_arm_shared_neon_int32x4_t b) - { - return vtrn1q_s32(a, b); - } + core_core_arch_arm_shared_neon_int32x4_t b) { + return vtrn1q_s32(a, b); +} - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vtrn2q_s32( +static inline core_core_arch_arm_shared_neon_int32x4_t +libcrux_intrinsics_arm64__vtrn2q_s32( core_core_arch_arm_shared_neon_int32x4_t a, - core_core_arch_arm_shared_neon_int32x4_t b) - { - return vtrn2q_s32(a, b); - } + core_core_arch_arm_shared_neon_int32x4_t b) { + return vtrn2q_s32(a, b); +} - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vtrn1q_s64( +static inline core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vtrn1q_s64( core_core_arch_arm_shared_neon_int64x2_t a, - core_core_arch_arm_shared_neon_int64x2_t b) - { - return vtrn1q_s64(a, b); - } + core_core_arch_arm_shared_neon_int64x2_t b) { + return vtrn1q_s64(a, b); +} - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vtrn2q_s64( +static inline core_core_arch_arm_shared_neon_int64x2_t +libcrux_intrinsics_arm64__vtrn2q_s64( core_core_arch_arm_shared_neon_int64x2_t a, - core_core_arch_arm_shared_neon_int64x2_t b) - { - return vtrn2q_s64(a, b); - } - - static inline core_core_arch_arm_shared_neon_int16x4_t - libcrux_intrinsics_arm64__vget_low_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vget_low_s16(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x4_t - libcrux_intrinsics_arm64__vget_low_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vget_low_u16(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x4_t - libcrux_intrinsics_arm64__vget_high_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vget_high_u16(a); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vqtbl1q_u8( + core_core_arch_arm_shared_neon_int64x2_t b) { + return vtrn2q_s64(a, b); +} + +static inline core_core_arch_arm_shared_neon_int16x4_t +libcrux_intrinsics_arm64__vget_low_s16( + core_core_arch_arm_shared_neon_int16x8_t a) { + return vget_low_s16(a); +} + +static inline core_core_arch_arm_shared_neon_uint16x4_t +libcrux_intrinsics_arm64__vget_low_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) { + return vget_low_u16(a); +} + +static inline core_core_arch_arm_shared_neon_uint16x4_t +libcrux_intrinsics_arm64__vget_high_u16( + core_core_arch_arm_shared_neon_uint16x8_t a) { + return vget_high_u16(a); +} + +static inline core_core_arch_arm_shared_neon_uint8x16_t +libcrux_intrinsics_arm64__vqtbl1q_u8( core_core_arch_arm_shared_neon_uint8x16_t a, - core_core_arch_arm_shared_neon_uint8x16_t b) - { - return vqtbl1q_u8(a, b); - } + core_core_arch_arm_shared_neon_uint8x16_t b) { + return vqtbl1q_u8(a, b); +} -#define libcrux_intrinsics_arm64__vshlq_n_u64(SHIFT_BY, x, _ret_t) \ +#define libcrux_intrinsics_arm64__vshlq_n_u64(SHIFT_BY, x, _ret_t) \ (vshlq_n_u64(x, SHIFT_BY)) -#define libcrux_intrinsics_arm64__vshrq_n_u64(SHIFT_BY, x, _ret_t) \ +#define libcrux_intrinsics_arm64__vshrq_n_u64(SHIFT_BY, x, _ret_t) \ (vshrq_n_u64(x, SHIFT_BY)) - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__veorq_u64( +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__veorq_u64( core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return veorq_u64(x0, x1); - } + core_core_arch_arm_shared_neon_uint64x2_t x1) { + return veorq_u64(x0, x1); +} - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vbicq_u64( +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vbicq_u64( core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return vbicq_u64(x0, x1); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0) - { - return vdupq_n_u64(x0); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0) - { - return vld1q_u64((uint64_t*)x0.ptr); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vtrn1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t x1) { + return vbicq_u64(x0, x1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0) { + return vdupq_n_u64(x0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0) { + return vld1q_u64((uint64_t*)x0.ptr); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vtrn1q_u64( core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return vtrn1q_u64(x0, x1); - } + core_core_arch_arm_shared_neon_uint64x2_t x1) { + return vtrn1q_u64(x0, x1); +} - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vtrn2q_u64( +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vtrn2q_u64( core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return vtrn2q_u64(x0, x1); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0) - { - return vld1q_u64((uint64_t*)x0.ptr); - } - - static inline void libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - vst1q_u64((uint64_t*)x0.ptr, x1); - } + core_core_arch_arm_shared_neon_uint64x2_t x1) { + return vtrn2q_u64(x0, x1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0) { + return vld1q_u64((uint64_t*)x0.ptr); +} + +static inline void libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice x0, core_core_arch_arm_shared_neon_uint64x2_t x1) { + vst1q_u64((uint64_t*)x0.ptr, x1); +} #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index eee258a04..099dfb82e 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -1,8 +1,9 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: + KaRaMeL invocation: + /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL + version: */ #ifndef __libcrux_intrinsics_avx2_H @@ -21,464 +22,339 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a){ +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a){ +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a){ +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void){ +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a){ +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a){ +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a){ +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( + int16_t a) { return _mm_set1_epi16(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16( - int16_t x0, - int16_t x1, - int16_t x2, - int16_t x3, - int16_t x4, - int16_t x5, - int16_t x6, - int16_t x7, - int16_t x8, - int16_t x9, - int16_t x10, - int16_t x11, - int16_t x12, - int16_t x13, - int16_t x14, - int16_t x15 -){ - return _mm256_set_epi16(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi8( - int8_t x0, - int8_t x1, - int8_t x2, - int8_t x3, - int8_t x4, - int8_t x5, - int8_t x6, - int8_t x7, - int8_t x8, - int8_t x9, - int8_t x10, - int8_t x11, - int8_t x12, - int8_t x13, - int8_t x14, - int8_t x15, - int8_t x16, - int8_t x17, - int8_t x18, - int8_t x19, - int8_t x20, - int8_t x21, - int8_t x22, - int8_t x23, - int8_t x24, - int8_t x25, - int8_t x26, - int8_t x27, - int8_t x28, - int8_t x29, - int8_t x30, - int8_t x31 -){ - return _mm256_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15, - x16,x17,x18,x19,x20,x21,x22,x23, - x24,x25,x26,x27,x28,x29,x30,x31); - -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_set_epi8( - uint8_t x0, - uint8_t x1, - uint8_t x2, - uint8_t x3, - uint8_t x4, - uint8_t x5, - uint8_t x6, - uint8_t x7, - uint8_t x8, - uint8_t x9, - uint8_t x10, - uint8_t x11, - uint8_t x12, - uint8_t x13, - uint8_t x14, - uint8_t x15 -){ - return _mm_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15); +libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, + int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, + int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, + int16_t x15) { + return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, + x13, x14, x15); +} + +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, + int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, + int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, + int8_t x19, int8_t x20, int8_t x21, int8_t x22, int8_t x23, int8_t x24, + int8_t x25, int8_t x26, int8_t x27, int8_t x28, int8_t x29, int8_t x30, + int8_t x31) { + return _mm256_set_epi8(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, + x13, x14, x15, x16, x17, x18, x19, x20, x21, x22, x23, + x24, x25, x26, x27, x28, x29, x30, x31); +} + +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, + uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, + uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { + return _mm_set_epi8(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, + x13, x14, x15); } - - static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32( - int32_t x0, - int32_t x1, - int32_t x2, - int32_t x3, - int32_t x4, - int32_t x5, - int32_t x6, - int32_t x7 -){ - return _mm256_set_epi32(x0,x1,x2,x3,x4,x5,x6,x7); +libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, + int32_t x3, int32_t x4, int32_t x5, + int32_t x6, int32_t x7) { + return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } - - static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ - return _mm256_loadu_si256((const __m256i*) a.ptr); +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { + return _mm256_loadu_si256((const __m256i*)a.ptr); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ - return _mm256_loadu_si256((const __m256i*) a.ptr); +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { + return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ - return _mm_loadu_si128((const __m128i*) a.ptr); +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice a) { + return _mm_loadu_si128((const __m128i*)a.ptr); } - -static inline void -libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128((__m128i*) a.ptr,b); +static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_slice a, core_core_arch_x86___m128i b) { + return _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void -libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, - core_core_arch_x86___m256i b -){ - return _mm256_storeu_si256((__m256i*) a.ptr,b); +static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice a, core_core_arch_x86___m256i b) { + return _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void -libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, - core_core_arch_x86___m256i b -){ - return _mm256_storeu_si256((__m256i*) a.ptr,b); +static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice a, core_core_arch_x86___m256i b) { + return _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void -libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128((__m128i*) a.ptr,b); +static inline void libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice a, core_core_arch_x86___m128i b) { + return _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub - + static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b - ){ - return _mm256_add_epi16(a,b); +libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_add_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_add_epi32(a,b); +libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_add_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_add_epi16(a,b); +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { + return _mm_add_epi16(a, b); } - static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_sub_epi16(a,b); +libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_sub_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_sub_epi16(a,b); +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { + return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mullo_epi16(a,b); +libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_mullo_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mulhi_epi16(a,b); +libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_mulhi_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mul_epu32(a,b); +libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_mul_epu32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mullo_epi32(a,b); +libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mullo_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_mullo_epi16(a,b); +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { + return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mulhi_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_mulhi_epi16(a,b); +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { + return _mm_mulhi_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_madd_epi16(a,b); +libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_madd_epi16(a, b); } // Comparison static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_cmpgt_epi16(a,b); +libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_cmpgt_epi16(a, b); } // Bitwise operations - + static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_and_si256(a,b); +libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_and_si256(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_andnot_si256(a,b); +libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_andnot_si256(a, b); } - static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_xor_si256(a,b); +libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ +static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( + core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b,a)) +#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ + (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b,a)) +#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ + (_mm256_srli_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ + (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b,a)) - -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b,a)) +#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ + (_mm256_slli_epi32(b, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_slli_epi64(b,a); +libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, + core_core_arch_x86___m256i b) { + return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) +#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ + (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b,a)) +#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ + (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b,a)) +#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ + (_mm256_srli_epi32(b, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_sllv_epi32(a,b); +libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_sllv_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srli_epi64(b,a); +libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, + core_core_arch_x86___m256i b) { + return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_srli_epi64_(a,b)) +#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ + (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpacklo_epi32(a,b); +libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_unpacklo_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpacklo_epi64(a,b); +libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_unpacklo_epi64(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpackhi_epi32(a,b); +libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_unpackhi_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpackhi_epi64(a,b); +libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_unpackhi_epi64(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_packs_epi32(a,b); +libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_packs_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_packs_epi16(a,b); +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { + return _mm_packs_epi16(a, b); } - #define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b,a)) + (_mm256_shuffle_epi32(b, a)) #define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b,a)) + (_mm256_extracti128_si256(b, a)) #define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b,a)) + (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) +#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ + (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ - a,\ - b,\ - c,\ - _\ -) (_mm256_inserti128_si256(b,c,a)) - -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b,c,_) \ - (_mm256_blend_epi16(b,c,a)) +#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ + (_mm256_inserti128_si256(b, c, a)) +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ + (_mm256_blend_epi16(b, c, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_shuffle_epi8(a,b); +libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return _mm256_shuffle_epi8(a, b); } - static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_permutevar8x32_epi32(a,b); + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _mm256_permutevar8x32_epi32(a, b); } - static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_shuffle_epi8(a,b); +libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b) { + return _mm_shuffle_epi8(a, b); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index a52a80c18..775e119a6 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "internal/libcrux_core.h" @@ -11,514 +11,399 @@ typedef size_t RangeTo__size_t; typedef size_t RangeFrom__size_t; -typedef struct Option__int32_t_s -{ +typedef struct Option__int32_t_s { core_option_Option__size_t_tags tag; int32_t f0; -} -Option__int32_t; +} Option__int32_t; -typedef struct Option__uint32_t_s -{ +typedef struct Option__uint32_t_s { core_option_Option__size_t_tags tag; uint32_t f0; -} -Option__uint32_t; +} Option__uint32_t; -static uint8_t is_non_zero(uint8_t value) -{ +static uint8_t is_non_zero(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; + uint16_t result = (((uint32_t)uu____0 | + (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & + 0xFFFFU) >> + 8U & + 1U; return (uint8_t)result; } -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, + uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); - uint8_t out[32U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) - { + uint8_t out[32U] = {0U}; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; + i++) { size_t i0 = i; - uint8_t - uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); + uint8_t uu____0 = + (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)mask; + uint8_t *uu____1 = + &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); } - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U] -) -{ + uint8_t value[800U]) { uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ + .sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____1632size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -) -{ + uint8_t value[1632U]) { uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemCiphertext____768size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U] -) -{ + uint8_t value[768U]) { uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -) -{ +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self) { return self->value; } uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ + Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)768U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -) -{ - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, + Eurydice_slice); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) -{ - uint8_t out[800U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)800U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U] -) -{ + uint8_t value[1568U]) { uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ + .sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____3168size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -) -{ + uint8_t value[3168U]) { uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemCiphertext____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U] -) -{ + uint8_t value[1568U]) { uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -) -{ +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self) { return self->value; } uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ + Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, + Eurydice_slice); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) -{ - uint8_t out[1600U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1600U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U] -) -{ + uint8_t value[1184U]) { uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ + .sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____2400size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -) -{ + uint8_t value[2400U]) { uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemCiphertext____1088size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U] -) -{ + uint8_t value[1088U]) { uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -) -{ +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self) { return self->value; } uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ + Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) -{ - uint8_t out[33U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]) { + uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) -{ - uint8_t out[34U] = { 0U }; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)33U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]) { + uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)34U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, + Eurydice_slice); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) -{ - uint8_t out[1120U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1120U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U] -) -{ - if (self.tag == core_result_Ok) - { + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)64U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } -void -core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U] -) -{ - if (self.tag == core_result_Ok) - { +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } -void -core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U] -) -{ - if (self.tag == core_result_Ok) - { +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } -void -core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -) -{ - if (self.tag == core_result_Ok) - { +void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U]) { + if (self.tag == core_result_Ok) { int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { +void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U]) { + if (self.tag == core_result_Ok) { uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } - diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 095d8a726..dca41c145 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_core_H @@ -14,12 +14,10 @@ extern "C" { #include "eurydice_glue.h" -typedef struct core_ops_range_Range__size_t_s -{ +typedef struct core_ops_range_Range__size_t_s { size_t start; size_t end; -} -core_ops_range_Range__size_t; +} core_ops_range_Range__size_t; extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); @@ -30,95 +28,92 @@ extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); typedef uint8_t core_option_Option__size_t_tags; -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } -libcrux_ml_kem_types_MlKemPublicKey____800size_t; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey____800size_t; -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s -{ +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s { core_option_Option__size_t_tags tag; libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s -{ +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s { libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; +} libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } -libcrux_ml_kem_types_MlKemCiphertext____768size_t; +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext____768size_t; -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s -{ +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s { libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; +} K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemPublicKey____1568size_t; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemPublicKey____1568size_t; -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s -{ +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s { core_option_Option__size_t_tags tag; libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { + uint8_t value[3168U]; +} libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s -{ +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s { libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; +} libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemCiphertext____1568size_t; +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemCiphertext____1568size_t; -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s -{ +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s { libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; +} K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } -libcrux_ml_kem_types_MlKemPublicKey____1184size_t; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey____1184size_t; -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s -{ +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s { core_option_Option__size_t_tags tag; libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s -{ +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s { libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; +} libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } -libcrux_ml_kem_types_MlKemCiphertext____1088size_t; +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { + uint8_t value[1088U]; +} libcrux_ml_kem_types_MlKemCiphertext____1088size_t; -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s -{ +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s { libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; +} K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index bdf92bc24..5d3cae109 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,1537 +1,1211 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "libcrux_mlkem1024.h" -#include "internal/libcrux_sha3_internal.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_mlkem768.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_internal.h" static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); + libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + serialized); return uu____0; } -static inline void -ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ +static inline void ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); } static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( + u_bytes); u_as_ntt[i0] = uu____0; ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); + libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_4size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product);); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + &result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + v, result); return result; } static void decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, - secret_as_ntt); + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( + secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, - secret_as_ntt, - u_as_ntt); + message = compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static void closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -typedef struct PortableHash____4size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } -PortableHash____4size_t; +typedef struct PortableHash____4size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; +} PortableHash____4size_t; -static inline PortableHash____4size_t shake128_init_absorb___4size_t(uint8_t input[4U][34U]) -{ +static inline PortableHash____4size_t shake128_init_absorb___4size_t( + uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; - memcpy(uu____1, - state, - (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + uu____1, state, + (size_t)4U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____4size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + lit.shake128_state, uu____1, + (size_t)4U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -static inline void -shake128_squeeze_three_blocks___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][504U]) -{ - uint8_t out[4U][504U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +static inline void shake128_squeeze_three_blocks___4size_t( + PortableHash____4size_t *self, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][168U]) -{ - uint8_t out[4U][168U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +static inline void shake128_squeeze_block___4size_t( + PortableHash____4size_t *self, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); PortableHash____4size_t xof_state = shake128_init_absorb___4size_t(uu____0); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (!!done) { break; } uint8_t randomness[4U][168U]; shake128_squeeze_block___4size_t(&xof_state, randomness); uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uu____2, sampled_coefficients, out); } int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]);); - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] - )); + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [4U])); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) -{ - uint8_t out[4U][128U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); lit.snd = domain_separator; return lit; } -static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t0(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_4size_t0(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [4U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( + &result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_1[i1]); } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product);); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + &result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + error_2, message, result); return result; } static inline void compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); + compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, - out); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + re, out); } static void encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; + A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, - 0U); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, - domain_separator0); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; + v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } static void decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static void decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - } - else - { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + if (uu____1) { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____2); + } else { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); } -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ + uu____2; + if (uu____1) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + } else { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6); return uu____2; } return uu____2; @@ -1539,600 +1213,473 @@ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11si K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [4U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + matrix_element, &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + &result[i1], &product); } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } static K___uint8_t_1536size_t__uint8_t_1568size_t_ generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; + A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, - 0U); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); + serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value) { + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); } static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; - if (uu____1) - { + if (uu____1) { uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness, implicit_rejection_value); + } else { uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness, implicit_rejection_value); } return uu____2; } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static bool validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ + uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); + serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static bool validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) -{ +static bool validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } bool uu____2; - if (uu____1) - { + if (uu____1) { uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); - } - else - { + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + public_key); + } else { uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + public_key); } return uu____2; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if (validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 08b6097df..caa4855fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_mlkem1024_H @@ -12,67 +12,88 @@ extern "C" { #endif -#include "libcrux_sha3_internal.h" -#include "libcrux_sha3.h" -#include "libcrux_polynomial.h" -#include "libcrux_platform.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_platform.h" +#include "libcrux_polynomial.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * \ + LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) #define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + \ + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + \ + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 1baeae0cb..7cd2b7f54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,1409 +1,1113 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "libcrux_mlkem512.h" -#include "internal/libcrux_sha3_internal.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_mlkem768.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_internal.h" static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_2size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product);); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + &result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + v, result); return result; } static void decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); + v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, - secret_as_ntt); + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( + secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, - secret_as_ntt, - u_as_ntt); + message = compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static void closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -typedef struct PortableHash____2size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } -PortableHash____2size_t; +typedef struct PortableHash____2size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; +} PortableHash____2size_t; -static inline PortableHash____2size_t shake128_init_absorb___2size_t(uint8_t input[2U][34U]) -{ +static inline PortableHash____2size_t shake128_init_absorb___2size_t( + uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; - memcpy(uu____1, - state, - (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + uu____1, state, + (size_t)2U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____2size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + lit.shake128_state, uu____1, + (size_t)2U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -static inline void -shake128_squeeze_three_blocks___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][504U]) -{ - uint8_t out[2U][504U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +static inline void shake128_squeeze_three_blocks___2size_t( + PortableHash____2size_t *self, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][168U]) -{ - uint8_t out[2U][168U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +static inline void shake128_squeeze_block___2size_t( + PortableHash____2size_t *self, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); PortableHash____2size_t xof_state = shake128_init_absorb___2size_t(uu____0); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (!!done) { break; } uint8_t randomness[2U][168U]; shake128_squeeze_block___2size_t(&xof_state, randomness); uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uu____2, sampled_coefficients, out); } int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]);); - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] - )); + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [2U])); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) -{ - uint8_t out[2U][192U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + randomness); return uu____0; } static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) -{ - uint8_t out[2U][128U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); lit.snd = domain_separator; return lit; } -static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t0(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_2size_t0(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [2U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( + &result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_1[i1]); } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product);); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + &result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + error_2, message, result); return result; } static void compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static void encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; + A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, - 0U); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, - domain_separator0); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; + v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } static void decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static void decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - } - else - { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + if (uu____1) { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____2); + } else { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); } -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ + uu____2; + if (uu____1) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4); + } else { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6); + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6); return uu____2; } return uu____2; @@ -1411,600 +1115,472 @@ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [2U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + matrix_element, &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + &result[i1], &product); } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } static K___uint8_t_768size_t__uint8_t_800size_t_ generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; + A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, - 0U); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); + serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( + uu____5, secret_key_serialized); uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value) { + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); } static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; - if (uu____1) - { + if (uu____1) { uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness, implicit_rejection_value); + } else { uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness, implicit_rejection_value); } return uu____2; } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static bool validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ + uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); + serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static bool validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) -{ +static bool validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } bool uu____2; - if (uu____1) - { + if (uu____1) { uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); - } - else - { + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + public_key); + } else { uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + public_key); } return uu____2; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (validate_public_key___2size_t_768size_t_800size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); + if (validate_public_key___2size_t_768size_t_800size_t(public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 41cbcafa1..514674b40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_mlkem512_H @@ -12,67 +12,86 @@ extern "C" { #endif -#include "libcrux_sha3_internal.h" -#include "libcrux_sha3.h" -#include "libcrux_polynomial.h" -#include "libcrux_platform.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_platform.h" +#include "libcrux_polynomial.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) #define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ + (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + \ + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 0aedc431c..aa8db57a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,56 +1,45 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "internal/libcrux_mlkem768.h" -#include "internal/libcrux_sha3_internal.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_internal.h" static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) -{ +deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + coefficient); re.coefficients[i0] = uu____0; } return re; @@ -58,38 +47,26 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(Eurydice_sl libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + coefficient); re.coefficients[i0] = uu____0; } return re; @@ -97,71 +74,57 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_P libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + serialized); return uu____0; } -typedef struct __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s -{ +typedef struct + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s { libcrux_ml_kem_vector_PortableVector fst; libcrux_ml_kem_vector_PortableVector snd; -} -__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; +} __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, - zeta_r); - b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, - &t); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -) -{ + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { + libcrux_ml_kem_vector_PortableVector t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + b, zeta_r); + b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + a, &t); + a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, .snd = b}); +} + +void libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; size_t offset = round * step * (size_t)2U; size_t offset_vec = offset / (size_t)16U; size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); libcrux_ml_kem_vector_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -170,202 +133,148 @@ libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( } } -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ +void libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +void libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +void libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +void libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); } static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) -{ +deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + coefficient); re.coefficients[i0] = uu____0; } return re; @@ -373,39 +282,27 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(Eurydice_sli libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + bytes); re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -413,52 +310,38 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_Po libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; + uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + bytes); re.coefficients[i0] = uu____0; } return re; @@ -466,171 +349,132 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_ke static inline void deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); } static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, - &a); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &b)); - b = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, - zeta_r); - return - ( - (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -) -{ + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { + libcrux_ml_kem_vector_PortableVector a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + b, &a); + a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, .snd = b}); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); libcrux_ml_kem_vector_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -641,201 +485,151 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_Port static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product);); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + v, result); return result; } -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *);); - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +void libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } static void decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); + v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, - secret_as_ntt); + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, - secret_as_ntt, - u_as_ntt); + message = compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + coefficient); re.coefficients[i0] = uu____0; } return re; @@ -843,1507 +637,1183 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vec static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static void closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -typedef struct PortableHash____3size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } -PortableHash____3size_t; - -static inline PortableHash____3size_t shake128_init_absorb___3size_t(uint8_t input[3U][34U]) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +typedef struct PortableHash____3size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; +} PortableHash____3size_t; + +static inline PortableHash____3size_t shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; - memcpy(uu____1, - state, - (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + uu____1, state, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____3size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + lit.shake128_state, uu____1, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -static inline void -shake128_squeeze_three_blocks___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][504U]) -{ - uint8_t out[3U][504U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +static inline void shake128_squeeze_three_blocks___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][168U]) -{ - uint8_t out[3U][168U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +static inline void shake128_squeeze_block___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (!!done) { break; } uint8_t randomness[3U][168U]; shake128_squeeze_block___3size_t(&xof_state, randomness); uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uu____2, sampled_coefficients, out); } int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]);); - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] - )); + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U])); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) -{ - uint8_t out[3U][128U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { uint32_t outcome_set = i; uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); size_t offset = (size_t)(outcome_set0 >> 2U); sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { int32_t outcome_set = i; int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); size_t offset = (size_t)(outcome_set0 / (int32_t)6); sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + randomness); return uu____0; } -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ +static inline void ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], - &t); + libcrux_ml_kem_vector_PortableVector t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + re->coefficients[j], &t); re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], - &t); + libcrux_ml_kem_vector_PortableVector uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + re->coefficients[j], &t); re->coefficients[j] = uu____1; } } -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ +void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); } static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); lit.snd = domain_separator; return lit; } -static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_1[i1]); } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -) -{ + uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); - re.coefficients[i0] = uu____0;); + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); return re; } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product);); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result, &product);); invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + error_2, message, result); return result; } static inline void compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ +void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); + compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { +void libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficients = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); + libcrux_ml_kem_vector_PortableVector coefficients = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ +void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice out) { compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); } static void encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; + A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, - 0U); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, - domain_separator0); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; + v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } static void decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static void decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - } - else - { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + if (uu____1) { + libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____2); + } else { + decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____2); + memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); } -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ + uu____2; + if (uu____1) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { + libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + } else { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); + encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6); return uu____2; } return uu____2; @@ -2351,637 +1821,500 @@ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10siz K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + matrix_element, &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1], &product); } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } static K___uint8_t_1152size_t__uint8_t_1184size_t_ generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; + A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, - 0U); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value) { + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); } static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; - if (uu____1) - { + if (uu____1) { uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { + libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness, implicit_rejection_value); + } else { uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); + generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness, implicit_rejection_value); } return uu____2; } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } static bool validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ + uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static bool validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) -{ + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static bool validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { bool uu____0; uu____0 = true; bool uu____1; - if (uu____0) - { + if (uu____0) { uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { + } else { uu____1 = false; } bool uu____2; - if (uu____1) - { + if (uu____1) { uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); - } - else - { + libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + public_key); + } else { uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); + validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + public_key); } return uu____2; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if (validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 278529eaa..fb0703c75 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_mlkem768_H @@ -12,67 +12,86 @@ extern "C" { #endif -#include "libcrux_sha3_internal.h" -#include "libcrux_sha3.h" -#include "libcrux_polynomial.h" -#include "libcrux_platform.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_platform.h" +#include "libcrux_polynomial.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index f77c98154..105ae90aa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,1782 +1,1140 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_sha3_avx2.h" -#include "internal/libcrux_polynomial.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_avx2.h" typedef core_core_arch_x86___m256i SIMD256Vector; -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) -{ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -) -{ + void) { return libcrux_ml_kem_vector_avx2_zero(); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) -{ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -) -{ + Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ + core_core_arch_x86___m256i vector, int16_t constant) { core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -) -{ + core_core_arch_x86___m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ + core_core_arch_x86___m256i vector, int16_t constant) { core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + return libcrux_intrinsics_avx2_mm256_and_si256( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i - sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - v_minus_field_modulus, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, - field_modulus); - return - libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -) -{ + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) -{ +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - t = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); core_core_arch_x86___m256i uu____1 = t; - core_core_arch_x86___m256i - t0 = - libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i - quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, - t0, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____2 = quotient; - core_core_arch_x86___m256i - quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -) -{ + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i - value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)2); - core_core_arch_x86___m256i - field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)4); - core_core_arch_x86___m256i - shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i - mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - shifted, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i - shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - shifted_to_positive_in_range, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - lhs, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - prod13 = - libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); - core_core_arch_x86___m256i - uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); - return - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + uu____0, libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + uu____1, libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, - -zeta3, - zeta3, - zeta3, - -zeta2, - -zeta2, - zeta2, - zeta2, - -zeta1, - -zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, - -zeta1, - -zeta1, - -zeta1, - zeta1, - zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - -zeta0, - -zeta0, - zeta0, - zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, - vector, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } inline core_core_arch_x86___m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -) -{ - core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); core_core_arch_x86___m128i uu____0 = value_low; - core_core_arch_x86___m128i - k = - libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); core_core_arch_x86___m128i uu____1 = k; - core_core_arch_x86___m128i - k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); core_core_arch_x86___m128i uu____0 = rhs; - core_core_arch_x86___m128i - rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i - upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients, - core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); return combined0; } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ + core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); core_core_arch_x86___m256i uu____1 = sum0; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, - zeta3, - (int16_t)0, - (int16_t)0, - zeta2, - zeta2, - (int16_t)0, - (int16_t)0, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0)); - core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, - vector, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); core_core_arch_x86___m256i uu____1 = sum; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, - zeta1, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0)); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); core_core_arch_x86___m128i uu____0 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients0, - core_core_arch_x86___m256i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, + core_core_arch_x86___m256i); return combined0; } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ + core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) -{ +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { core_core_arch_x86___m256i uu____0 = v; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, - v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i - result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - result, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, - result0, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0, - (int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0); - core_core_arch_x86___m256i - lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i - lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - lhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i - lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i - lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i - rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i - rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - rhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i - rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i - rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - rhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i - left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i - right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i - right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); core_core_arch_x86___m256i uu____0 = right0; - core_core_arch_x86___m256i - right1 = - libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, - (int32_t)zeta3, - -(int32_t)zeta2, - (int32_t)zeta2, - -(int32_t)zeta1, - (int32_t)zeta1, - -(int32_t)zeta0, - (int32_t)zeta0)); - core_core_arch_x86___m256i - products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i - products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); core_core_arch_x86___m256i uu____1 = rhs; - core_core_arch_x86___m256i - rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2)); - core_core_arch_x86___m256i - products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i - products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); - core_core_arch_x86___m256i - products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - products_right0, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, - products_left0, - products_right1, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, + (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, + (int8_t)0, (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return - libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], - rhs[0U], - zeta0, - zeta1, - zeta2, - zeta3); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - core_core_arch_x86___m256i - lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i - high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lsb_to_msb, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = { 0U }; + uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); } -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { uint8_t ret0[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) -{ - int16_t - uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i - shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U, - (int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U); - core_core_arch_x86___m256i - coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, - core_core_arch_x86___m256i); +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -) -{ + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t serialized[16U] = { 0U }; +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1)); + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)4, - (int32_t)0)); - core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, - serialized, - uint8_t, - Eurydice_slice), - combined0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); uint8_t ret0[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)16U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)16U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { uint8_t ret0[8U]; libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - int16_t - uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i - coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients_in_msb, - core_core_arch_x86___m256i); +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____15, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); + return libcrux_intrinsics_avx2_mm256_and_si256( + uu____15, libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - + (int16_t)1)); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -) -{ + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t serialized[32U] = { 0U }; +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1)); + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, - adjacent_4_combined0, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_8_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined1, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)5U, .end = (size_t)21U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); uint8_t ret0[10U]; core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [10U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { uint8_t ret0[10U]; libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) -{ - uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m128i - coefficients = - libcrux_intrinsics_avx2_mm_set_epi8(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + uint8_t uu____0 = + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____2 = + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____3 = + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____5 = + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____7 = + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____8 = + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____10 = + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____11 = + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____12 = + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____14 = + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, uu____14, Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i - coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i - coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients_loaded, - coefficients, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____15 = coefficients_loaded0; - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)15, - (int8_t)14, - (int8_t)13, - (int8_t)12, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)9, - (int8_t)8, - (int8_t)7, - (int8_t)6, - (int8_t)7, - (int8_t)6, - (int8_t)5, - (int8_t)4, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)1, - (int8_t)0)); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); core_core_arch_x86___m256i uu____16 = coefficients0; - core_core_arch_x86___m256i - coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U, - (int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, - coefficients1, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____16, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -) -{ + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t serialized[32U] = { 0U }; +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1)); + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_4_combined, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, + (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)10U, .end = (size_t)26U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); uint8_t ret0[20U]; core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [20U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { uint8_t ret0[20U]; libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(9U, - 8U, - 8U, - 7U, - 7U, - 6U, - 6U, - 5U, - 4U, - 3U, - 3U, - 2U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)4U, + .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 13U, - 12U, - 12U, - 11U, - 10U, - 9U, - 9U, - 8U, - 8U, - 7U, - 7U, - 6U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, - coefficients1, - core_core_arch_x86___m256i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 13U, + 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + core_core_arch_x86___m256i coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); return coefficients3; } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -) -{ + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } -inline void -libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) -{ - int16_t output[16U] = { 0U }; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, - output, - int16_t, - Eurydice_slice), - v); - memcpy(ret, output, (size_t)16U * sizeof (int16_t)); +inline void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) -{ +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) { int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); + memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); + memcpy(lit.elements, uu____0, (size_t)16U * sizeof(int16_t)); return lit; } -inline void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -) -{ - uint8_t result[22U] = { 0U }; +inline void libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]) { + uint8_t result[22U] = {0U}; result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[1U] >> 5U); result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | + (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | + (uint32_t)(uint8_t)(v.elements[4U] >> 4U); result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | + (uint32_t)(uint8_t)(v.elements[6U] >> 6U); result[10U] = (uint8_t)(v.elements[7U] >> 3U); result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U]; libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector - input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector input = + libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); uint8_t ret0[22U]; libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { uint8_t ret0[22U]; libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void) -{ +libcrux_ml_kem_vector_avx2_portable_zero(void) { libcrux_ml_kem_vector_avx2_portable_PortableVector lit; lit.elements[0U] = (int16_t)0; lit.elements[1U] = (int16_t)0; @@ -1798,575 +1156,436 @@ libcrux_ml_kem_vector_avx2_portable_zero(void) } inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - result = libcrux_ml_kem_vector_avx2_portable_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_avx2_portable_PortableVector result = + libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = - uu____4 - | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____5 = + uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = - uu____11 - | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____12 = + uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t - uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____17 = + &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)7) - << 8U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 5U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____23 = + uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 7U; - uint8_t - *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)127) - << 4U; - uint8_t - *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____30 = + uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, + uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - & (int16_t)31) - << 6U; - uint8_t - *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) - << 3U; - uint8_t - *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, + uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; return result; } -inline void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -) -{ - memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); +inline void libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]) { + memcpy(ret, v.elements, (size_t)16U * sizeof(int16_t)); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_avx2_portable_PortableVector output = + libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); int16_t ret[16U]; libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); - return - libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, - ret, - int16_t, - Eurydice_slice)); + return libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_array_to_slice((size_t)16U, ret, int16_t, Eurydice_slice)); } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -) -{ + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t serialized[32U] = { 0U }; +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1)); + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, - adjacent_4_combined, - core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)12U, .end = (size_t)28U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); uint8_t ret0[24U]; core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [24U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { uint8_t ret0[24U]; libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(11U, - 10U, - 10U, - 9U, - 8U, - 7U, - 7U, - 6U, - 5U, - 4U, - 4U, - 3U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 12U, - 11U, - 11U, - 10U, - 9U, - 8U, - 8U, - 7U, - 6U, - 5U, - 5U, - 4U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients1, - core_core_arch_x86___m256i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, + 11U, 11U, 10U, 9U, 8U, + 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + core_core_arch_x86___m256i coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); return coefficients3; } core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -) -{ + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } -inline size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i - compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); +inline size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); uint8_t lower_shuffles[16U]; memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - lower_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - upper_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - potential_coefficients, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, - ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_coefficients0); + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice( + output, + ((core_ops_range_Range__size_t){.start = sampled_count, + .end = sampled_count + (size_t)8U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } size_t libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ + Eurydice_slice input, Eurydice_slice output) { return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } inline libcrux_ml_kem_vector_avx2_portable_PortableVector libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -) -{ + libcrux_ml_kem_vector_avx2_portable_PortableVector *self) { return self[0U]; } inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -) -{ + core_core_arch_x86___m256i *self) { return self[0U]; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; +ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + lit; lit.coefficients[0U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[1U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[2U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[3U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[4U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[5U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[6U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[7U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[8U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[9U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[10U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[11U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[12U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[13U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[14U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); lit.coefficients[15U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + coefficient); re.coefficients[i0] = uu____0; } return re; @@ -2374,556 +1593,401 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static inline core_core_arch_x86___m256i -shift_right___15int32_t(core_core_arch_x86___m256i vector) -{ - return - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); +static inline core_core_arch_x86___m256i shift_right___15int32_t( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); } -static core_core_arch_x86___m256i shift_right___15int32_t0(core_core_arch_x86___m256i vector) -{ +static core_core_arch_x86___m256i shift_right___15int32_t0( + core_core_arch_x86___m256i vector) { return shift_right___15int32_t(vector); } static core_core_arch_x86___m256i to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a -) -{ + core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = shift_right___15int32_t0(a); - core_core_arch_x86___m256i - fm = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &fm); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &fm); } static inline void serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); + core_core_arch_x86___m256i coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___2size_t(uint8_t input[2U][34U]) -{ +shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } -static inline void -shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - uint8_t dummy_out0[504U] = { 0U }; - uint8_t dummy_out1[504U] = { 0U }; +static inline void shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; + uint8_t dummy_out1[504U] = {0U}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____1, - uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - uint8_t dummy_out0[168U] = { 0U }; - uint8_t dummy_out1[168U] = { 0U }; +static inline void shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; + uint8_t dummy_out1[168U] = {0U}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [168U], - Eurydice_slice), - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____1, - uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) -{ +from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice_subslice( + a, + ((core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); result.coefficients[i0] = uu____0; } return result; @@ -2931,438 +1995,343 @@ from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = shake128_init_absorb___2size_t(uu____0); + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___2size_t(uu____0); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (!!done) { break; } uint8_t randomness[2U][168U]; shake128_squeeze_block___2size_t(&xof_state, randomness); uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); } int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0(A_transpose[i]);); - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] - )); + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); } typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s -{ + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; + fst[2U]; uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) -{ - uint8_t out[2U][192U] = { { 0U } }; - uint8_t dummy_out0[192U] = { 0U }; - uint8_t dummy_out1[192U] = { 0U }; +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t dummy_out0[192U] = {0U}; + uint8_t dummy_out1[192U] = {0U}; K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [192U], - Eurydice_slice), - (size_t)1U, - uint8_t [192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], + Eurydice_slice), + (size_t)1U, uint8_t[192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { uint32_t outcome_set = i; uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); size_t offset = (size_t)(outcome_set0 >> 2U); sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { int32_t outcome_set = i; int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); size_t offset = (size_t)(outcome_set0 / (int32_t)6); sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness -) -{ + Eurydice_slice randomness) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; + uu____0; uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); return uu____0; } -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ +static inline void ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], - &t); + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + re->coefficients[j], &t); re->coefficients[j + step] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], - &t); + core_core_arch_x86___m256i uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + re->coefficients[j], &t); re->coefficients[j] = uu____1; } } typedef struct -__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s { core_core_arch_x86___m256i fst; core_core_arch_x86___m256i snd; -} -__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; +} __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; static core_core_arch_x86___m256i montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - fer); + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + v, fer); } static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - t = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, zeta_r); - b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, + zeta_r); + b = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + a, &t); + a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, .snd = b}); } static inline void ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -) -{ + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; size_t offset = round * step * (size_t)2U; size_t offset_vec = offset / (size_t)16U; size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; core_core_arch_x86___m256i y = uu____0.snd; re->coefficients[j] = x; @@ -3371,94 +2340,82 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( } } -static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +static inline void ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } static inline void poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + self->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); @@ -3467,100 +2424,81 @@ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); out.coefficients[i0] = uu____0; } return out; @@ -3568,674 +2506,544 @@ ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline void add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static core_core_arch_x86___m256i -to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } static inline void add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + self->coefficients[j]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static K___uint8_t_768size_t__uint8_t_800size_t_ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; + A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uu____5, secret_key_serialized); uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; } -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value) { + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) -{ - uint8_t out[2U][128U] = { { 0U } }; - uint8_t dummy_out0[128U] = { 0U }; - uint8_t dummy_out1[128U] = { 0U }; +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; + uint8_t dummy_out1[128U] = {0U}; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness -) -{ + Eurydice_slice randomness) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; + uu____0; uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); return uu____0; } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } static inline void invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } static inline void invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); } static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - a_minus_b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, zeta_r); - return - ( - (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + b, &a); + a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, .snd = b}); } static inline void invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -) -{ + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; core_core_arch_x86___m256i y = uu____0.snd; re->coefficients[j] = x; @@ -4246,176 +3054,161 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); } -static inline void -add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { +static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static core_core_arch_x86___m256i -decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), +decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), (int16_t)1665); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - uu____0 = decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); - re.coefficients[i0] = uu____0;); + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i uu____0 = + decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); return re; } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - tmp = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - core_core_arch_x86___m256i - tmp0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &tmp); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &tmp); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + tmp0); result.coefficients[i0] = uu____0; } return result; @@ -4423,983 +3216,769 @@ add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); return result; } static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___10int32_t(core_core_arch_x86___m256i vector) -{ +compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___10int32_t( + core_core_arch_x86___m256i vector) { return compress_ciphertext_coefficient___10int32_t(vector); } static inline void compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = compress___10int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___11int32_t(core_core_arch_x86___m256i vector) -{ +compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___11int32_t( + core_core_arch_x86___m256i vector) { return compress_ciphertext_coefficient___11int32_t(vector); } static inline void compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = compress___11int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___4int32_t(core_core_arch_x86___m256i vector) -{ +compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___4int32_t( + core_core_arch_x86___m256i vector) { return compress_ciphertext_coefficient___4int32_t(vector); } static inline void compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + core_core_arch_x86___m256i coefficient = compress___4int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___5int32_t(core_core_arch_x86___m256i vector) -{ +compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___5int32_t( + core_core_arch_x86___m256i vector) { return compress_ciphertext_coefficient___5int32_t(vector); } static inline void compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficients = - compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); + core_core_arch_x86___m256i coefficients = compress___5int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice out) { compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); } static void encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); +decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t0(core_core_arch_x86___m256i vector) -{ +decompress_ciphertext_coefficient___10int32_t0( + core_core_arch_x86___m256i vector) { return decompress_ciphertext_coefficient___10int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); - core_core_arch_x86___m256i - uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); +decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___11int32_t0(core_core_arch_x86___m256i vector) -{ +decompress_ciphertext_coefficient___11int32_t0( + core_core_arch_x86___m256i vector) { return decompress_ciphertext_coefficient___11int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); - core_core_arch_x86___m256i - uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5407,25 +3986,28 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); return uu____0; } static inline void ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); @@ -5434,290 +4016,214 @@ ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___4int32_t0(core_core_arch_x86___m256i vector) -{ +decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i decompress_ciphertext_coefficient___4int32_t0( + core_core_arch_x86___m256i vector) { return decompress_ciphertext_coefficient___4int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); - core_core_arch_x86___m256i - uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___5int32_t0(core_core_arch_x86___m256i vector) -{ +decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i decompress_ciphertext_coefficient___5int32_t0( + core_core_arch_x86___m256i vector) { return decompress_ciphertext_coefficient___5int32_t(vector); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + bytes); re.coefficients[i0] = uu____0; - core_core_arch_x86___m256i - uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + core_core_arch_x86___m256i uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5725,51 +4231,38 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); re.coefficients[i0] = uu____0; } return re; @@ -5777,75 +4270,55 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vect static inline void deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); b.coefficients[i0] = uu____0; } return b; @@ -5853,1981 +4326,1549 @@ subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; } static inline void compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *);); - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } static void decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___4size_t(uint8_t input[4U][34U]) -{ +shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); return state; } -static inline void -shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; +static inline void shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out123 = uu____0.snd; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out1 = uu____1.fst; Eurydice_slice out23 = uu____1.snd; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out2 = uu____2.fst; Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____3, - uu____4, - uu____5, - uu____6, - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; +static inline void shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [168U], - Eurydice_slice), - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out123 = uu____0.snd; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out1 = uu____1.fst; Eurydice_slice out23 = uu____1.snd; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out2 = uu____2.fst; Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____3, - uu____4, - uu____5, - uu____6, - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], + uint8_t(*)[168U], uint8_t[168U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = shake128_init_absorb___4size_t(uu____0); + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___4size_t(uu____0); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (!!done) { break; } uint8_t randomness[4U][168U]; shake128_squeeze_block___4size_t(&xof_state, randomness); uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); } int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0(A_transpose[i]);); - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] - )); + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); } typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s -{ + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; + fst[4U]; uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) -{ - uint8_t out[4U][128U] = { { 0U } }; +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out123 = uu____0.snd; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out1 = uu____1.fst; Eurydice_slice out23 = uu____1.snd; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out2 = uu____2.fst; Eurydice_slice out3 = uu____2.snd; - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____7 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____8 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____9 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____9 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static K___uint8_t_1536size_t__uint8_t_1568size_t_ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; + A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value) { + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); } static inline void compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); return result; } static inline void compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = compress___10int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = compress___11int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice out) { compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); } static void encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); return uu____0; } static inline void ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); @@ -7836,2220 +5877,1717 @@ ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; } static void decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___3size_t(uint8_t input[3U][34U]) -{ +shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } -static inline void -shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - uint8_t dummy_out0[504U] = { 0U }; +static inline void shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out1 = uu____1.fst; Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____2, - uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - uint8_t dummy_out0[168U] = { 0U }; +static inline void shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [168U], - Eurydice_slice), - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out1 = uu____1.fst; Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = shake128_init_absorb___3size_t(uu____0); + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___3size_t(uu____0); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (!!done) { break; } uint8_t randomness[3U][168U]; shake128_squeeze_block___3size_t(&xof_state, randomness); uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); } int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0(A_transpose[i]);); - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] - )); + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); } typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s -{ + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; + fst[3U]; uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) -{ - uint8_t out[3U][128U] = { { 0U } }; - uint8_t dummy_out0[128U] = { 0U }; +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out1 = uu____1.fst; Eurydice_slice out2 = uu____1.snd; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____7 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____8 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static K___uint8_t_1152size_t__uint8_t_1184size_t_ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; + A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness, + Eurydice_slice implicit_rejection_value) { + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); } static inline void compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); return result; } static void compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static void encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) -{ +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; } static void decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 12e2c9489..3558b9157 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_mlkem_avx2_H @@ -12,347 +12,229 @@ extern "C" { #endif -#include "libcrux_sha3_avx2.h" -#include "libcrux_sha3.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -); + void); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -); + Eurydice_slice array); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); + core_core_arch_x86___m256i vector, int16_t constant); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -); + core_core_arch_x86___m256i v, int16_t c); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); + core_core_arch_x86___m256i vector, int16_t constant); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); + core_core_arch_x86___m256i vector, int16_t constant); core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -); + core_core_arch_x86___m256i vector); -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -); + core_core_arch_x86___m256i vector); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); + core_core_arch_x86___m256i vector, int16_t constant); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); + core_core_arch_x86___m256i vector, int16_t constant); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -); + core_core_arch_x86___m256i vector); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -); + core_core_arch_x86___m256i vector); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -); + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); core_core_arch_x86___m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -); + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); + core_core_arch_x86___m256i vector, int16_t zeta); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); + core_core_arch_x86___m256i vector, int16_t zeta); core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -); + Eurydice_slice bytes); -void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -); + Eurydice_slice bytes); -void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -); + Eurydice_slice bytes); -void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -); + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); -typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_avx2_portable_PortableVector; +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_avx2_portable_PortableVector; libcrux_ml_kem_vector_avx2_portable_PortableVector libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); -void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -); +void libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]); -void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); libcrux_ml_kem_vector_avx2_portable_PortableVector libcrux_ml_kem_vector_avx2_portable_zero(void); @@ -360,66 +242,48 @@ libcrux_ml_kem_vector_avx2_portable_zero(void); libcrux_ml_kem_vector_avx2_portable_PortableVector libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); -void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -); +void libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -); + Eurydice_slice bytes); -void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -); + Eurydice_slice bytes); -size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -); +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); size_t libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -); + Eurydice_slice input, Eurydice_slice output); libcrux_ml_kem_vector_avx2_portable_PortableVector libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -); + libcrux_ml_kem_vector_avx2_portable_PortableVector *self); core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -); + core_core_arch_x86___m256i *self); typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ core_core_arch_x86___m256i coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 7fe9692e4..17e047fa9 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 459b8fe83..b043bdaf0 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,311 +1,564 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "internal/libcrux_polynomial.h" #include "internal/libcrux_core.h" -const -int16_t -libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, - (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, - (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, - (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, - (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, - (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, - (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, - (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, - (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, - (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, - (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, - (int16_t)1522, (int16_t)1628 - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = - { - { - 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, - { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }, - { - 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }, - { - 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }, - { - 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }, - { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U } - }; - -static inline libcrux_ml_kem_vector_PortableVector zero(void) -{ +const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, + (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, + (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, + (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383, + (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, + (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571, + (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, + (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666, + (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, + (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951, + (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, + (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843, + (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, + (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653, + (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, + (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349, + (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, + (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384, + (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, + (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794, + (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, + (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + +static inline libcrux_ml_kem_vector_PortableVector zero(void) { libcrux_ml_kem_vector_PortableVector lit; lit.elements[0U] = (int16_t)0; lit.elements[1U] = (int16_t)0; @@ -326,41 +579,37 @@ static inline libcrux_ml_kem_vector_PortableVector zero(void) return lit; } -static libcrux_ml_kem_vector_PortableVector ZERO(void) -{ - return zero(); -} +static libcrux_ml_kem_vector_PortableVector ZERO(void) { return zero(); } -static inline libcrux_ml_kem_vector_PortableVector from_i16_array(Eurydice_slice array) -{ +static inline libcrux_ml_kem_vector_PortableVector from_i16_array( + Eurydice_slice array) { libcrux_ml_kem_vector_PortableVector lit; int16_t ret[16U]; core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - int16_t [16U], - void *); - core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, - ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } -static libcrux_ml_kem_vector_PortableVector from_i16_array0(Eurydice_slice array) -{ +static libcrux_ml_kem_vector_PortableVector from_i16_array0( + Eurydice_slice array) { return from_i16_array(array); } -static inline libcrux_ml_kem_vector_PortableVector -add(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector add( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; @@ -370,18 +619,16 @@ add(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVect libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs) { return add(lhs, rhs); } -static inline libcrux_ml_kem_vector_PortableVector -sub(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector sub( + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; @@ -391,18 +638,15 @@ sub(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVect libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ + libcrux_ml_kem_vector_PortableVector lhs, + libcrux_ml_kem_vector_PortableVector *rhs) { return sub(lhs, rhs); } -static inline libcrux_ml_kem_vector_PortableVector -multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector multiply_by_constant( + libcrux_ml_kem_vector_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; v.elements[uu____0] = v.elements[uu____0] * c; @@ -412,18 +656,14 @@ multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ + libcrux_ml_kem_vector_PortableVector v, int16_t c) { return multiply_by_constant(v, c); } -static inline libcrux_ml_kem_vector_PortableVector -bitwise_and_with_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector bitwise_and_with_constant( + libcrux_ml_kem_vector_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; v.elements[uu____0] = v.elements[uu____0] & c; @@ -431,20 +671,17 @@ bitwise_and_with_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) return v; } -static libcrux_ml_kem_vector_PortableVector -bitwise_and_with_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ +static libcrux_ml_kem_vector_PortableVector bitwise_and_with_constant0( + libcrux_ml_kem_vector_PortableVector v, int16_t c) { return bitwise_and_with_constant(v, c); } -static inline libcrux_ml_kem_vector_PortableVector -cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector cond_subtract_3329( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) - { + if (v.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; } @@ -454,9 +691,7 @@ cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return cond_subtract_3329(v); } @@ -466,18 +701,16 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m #define BARRETT_R ((int32_t)1 << (uint32_t)BARRETT_SHIFT) -static int16_t barrett_reduce_element(int16_t value) -{ +static int16_t barrett_reduce_element(int16_t value) { int32_t t = (int32_t)value * BARRETT_MULTIPLIER + (BARRETT_R >> 1U); int16_t quotient = (int16_t)(t >> (uint32_t)BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } -static inline libcrux_ml_kem_vector_PortableVector -barrett_reduce(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector barrett_reduce( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = barrett_reduce_element(v.elements[i0]); v.elements[i0] = uu____0; @@ -487,37 +720,32 @@ barrett_reduce(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return barrett_reduce(v); } #define MONTGOMERY_SHIFT (16U) -static int16_t montgomery_reduce_element(int32_t value) -{ - int32_t - k = - (int32_t)(int16_t)value - * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t - k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static int16_t montgomery_reduce_element(int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; int16_t c = (int16_t)(k_times_modulus >> (uint32_t)MONTGOMERY_SHIFT); int16_t value_high = (int16_t)(value >> (uint32_t)MONTGOMERY_SHIFT); return value_high - c; } -static inline int16_t montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) -{ +static inline int16_t montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) { return montgomery_reduce_element((int32_t)fe * (int32_t)fer); } static inline libcrux_ml_kem_vector_PortableVector -montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, + int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = montgomery_multiply_fe_by_fer(v.elements[i0], c); v.elements[i0] = uu____0; @@ -525,14 +753,12 @@ montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t return v; } -static libcrux_ml_kem_vector_PortableVector -montgomery_multiply_by_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t r) -{ +static libcrux_ml_kem_vector_PortableVector montgomery_multiply_by_constant0( + libcrux_ml_kem_vector_PortableVector v, int16_t r) { return montgomery_multiply_by_constant(v, r); } -static uint8_t compress_message_coefficient(uint16_t fe) -{ +static uint8_t compress_message_coefficient(uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; @@ -540,11 +766,10 @@ static uint8_t compress_message_coefficient(uint16_t fe) return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } -static inline libcrux_ml_kem_vector_PortableVector -compress_1(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector compress_1( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; uint8_t uu____0 = compress_message_coefficient((uint16_t)v.elements[i0]); v.elements[i0] = (int16_t)uu____0; @@ -554,35 +779,27 @@ compress_1(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return compress_1(v); } -static inline uint32_t get_n_least_significant_bits(uint8_t n, uint32_t value) -{ +static inline uint32_t get_n_least_significant_bits(uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } -static int16_t compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) -{ +static int16_t compress_ciphertext_coefficient(uint8_t coefficient_bits, + uint16_t fe) { uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; - return (int16_t)get_n_least_significant_bits(coefficient_bits, (uint32_t)compressed); + return (int16_t)get_n_least_significant_bits(coefficient_bits, + (uint32_t)compressed); } -static inline libcrux_ml_kem_vector_PortableVector -ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ +static inline libcrux_ml_kem_vector_PortableVector ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { int16_t t = montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); v.elements[2U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; @@ -595,36 +812,42 @@ ntt_layer_1_step( int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); v.elements[7U] = v.elements[5U] - t2; v.elements[5U] = v.elements[5U] + t2; - int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], zeta2); - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], zeta2); - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta3); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta3); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + int16_t t3 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], zeta2); + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], zeta2); + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta3); + v.elements[(size_t)8U + (size_t)6U] = + v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = + v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t t6 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta3); + v.elements[(size_t)8U + (size_t)7U] = + v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = + v.elements[(size_t)8U + (size_t)5U] + t6; return v; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); } -static inline libcrux_ml_kem_vector_PortableVector -ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) -{ +static inline libcrux_ml_kem_vector_PortableVector ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) { int16_t t = montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); v.elements[4U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; @@ -637,34 +860,41 @@ ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); v.elements[7U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], zeta1); - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], zeta1); - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta1); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta1); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + int16_t t3 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], zeta1); + v.elements[(size_t)8U + (size_t)4U] = + v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], zeta1); + v.elements[(size_t)8U + (size_t)5U] = + v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta1); + v.elements[(size_t)8U + (size_t)6U] = + v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t t6 = + montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta1); + v.elements[(size_t)8U + (size_t)7U] = + v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + (size_t)3U] + t6; return v; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1) { return ntt_layer_2_step(a, zeta0, zeta1); } -static inline libcrux_ml_kem_vector_PortableVector -ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) -{ +static inline libcrux_ml_kem_vector_PortableVector ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector v, int16_t zeta) { int16_t t = montgomery_multiply_fe_by_fer(v.elements[8U], zeta); v.elements[8U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; @@ -694,22 +924,13 @@ ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ + libcrux_ml_kem_vector_PortableVector a, int16_t zeta) { return ntt_layer_3_step(a, zeta); } -static inline libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ +static inline libcrux_ml_kem_vector_PortableVector inv_ntt_layer_1_step( + libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { int16_t a_minus_b = v.elements[2U] - v.elements[0U]; int16_t uu____0 = barrett_reduce_element(v.elements[0U] + v.elements[2U]); v.elements[0U] = uu____0; @@ -730,39 +951,34 @@ inv_ntt_layer_1_step( v.elements[5U] = uu____6; int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); v.elements[7U] = uu____7; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t - uu____8 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)2U]); + int16_t a_minus_b3 = + v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t uu____8 = barrett_reduce_element(v.elements[(size_t)8U + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); v.elements[(size_t)8U + (size_t)0U] = uu____8; int16_t uu____9 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); v.elements[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t - uu____10 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)3U]); + int16_t a_minus_b4 = + v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t uu____10 = + barrett_reduce_element(v.elements[(size_t)8U + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); v.elements[(size_t)8U + (size_t)1U] = uu____10; int16_t uu____11 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); v.elements[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t - uu____12 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)4U] - + v.elements[(size_t)8U + (size_t)6U]); + int16_t a_minus_b5 = + v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____12 = + barrett_reduce_element(v.elements[(size_t)8U + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); v.elements[(size_t)8U + (size_t)4U] = uu____12; int16_t uu____13 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); v.elements[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t - uu____14 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)5U] - + v.elements[(size_t)8U + (size_t)7U]); + int16_t a_minus_b6 = + v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____14 = + barrett_reduce_element(v.elements[(size_t)8U + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); v.elements[(size_t)8U + (size_t)5U] = uu____14; int16_t uu____15 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); v.elements[(size_t)8U + (size_t)7U] = uu____15; @@ -771,19 +987,13 @@ inv_ntt_layer_1_step( libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); } -static inline libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) -{ +static inline libcrux_ml_kem_vector_PortableVector inv_ntt_layer_2_step( + libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) { int16_t a_minus_b = v.elements[4U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[4U]; int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); @@ -800,32 +1010,28 @@ inv_ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int1 v.elements[3U] = v.elements[3U] + v.elements[7U]; int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); v.elements[7U] = uu____3; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t a_minus_b3 = + v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)4U]; + v.elements[(size_t)8U + (size_t)0U] + v.elements[(size_t)8U + (size_t)4U]; int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); v.elements[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t a_minus_b4 = + v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)5U]; + v.elements[(size_t)8U + (size_t)1U] + v.elements[(size_t)8U + (size_t)5U]; int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); v.elements[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + int16_t a_minus_b5 = + v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U - + (size_t)2U] - + v.elements[(size_t)8U + (size_t)6U]; + v.elements[(size_t)8U + (size_t)2U] + v.elements[(size_t)8U + (size_t)6U]; int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); v.elements[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + int16_t a_minus_b6 = + v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U - + (size_t)3U] - + v.elements[(size_t)8U + (size_t)7U]; + v.elements[(size_t)8U + (size_t)3U] + v.elements[(size_t)8U + (size_t)7U]; int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); v.elements[(size_t)8U + (size_t)7U] = uu____7; return v; @@ -833,17 +1039,12 @@ inv_ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int1 libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ + libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1) { return inv_ntt_layer_2_step(a, zeta0, zeta1); } -static inline libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) -{ +static inline libcrux_ml_kem_vector_PortableVector inv_ntt_layer_3_step( + libcrux_ml_kem_vector_PortableVector v, int16_t zeta) { int16_t a_minus_b = v.elements[8U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[8U]; int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); @@ -881,51 +1082,36 @@ inv_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ + libcrux_ml_kem_vector_PortableVector a, int16_t zeta) { return inv_ntt_layer_3_step(a, zeta); } -typedef struct __int16_t_int16_t_s -{ +typedef struct __int16_t_int16_t_s { int16_t fst; int16_t snd; -} -__int16_t_int16_t; +} __int16_t_int16_t; -static inline __int16_t_int16_t -ntt_multiply_binomials(__int16_t_int16_t _, __int16_t_int16_t _0, int16_t zeta) -{ +static inline __int16_t_int16_t ntt_multiply_binomials(__int16_t_int16_t _, + __int16_t_int16_t _0, + int16_t zeta) { int16_t a0 = _.fst; int16_t a1 = _.snd; int16_t b0 = _0.fst; int16_t b1 = _0.snd; int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t - uu____1 = - montgomery_reduce_element(uu____0 - + (int32_t)montgomery_reduce_element((int32_t)a1 * (int32_t)b1) * (int32_t)zeta); - return - ( - (__int16_t_int16_t){ - .fst = uu____1, - .snd = montgomery_reduce_element((int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0) - } - ); -} - -static inline libcrux_ml_kem_vector_PortableVector -ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ + int16_t uu____1 = montgomery_reduce_element( + uu____0 + (int32_t)montgomery_reduce_element((int32_t)a1 * (int32_t)b1) * + (int32_t)zeta); + return ((__int16_t_int16_t){ + .fst = uu____1, + .snd = montgomery_reduce_element((int32_t)a0 * (int32_t)b1 + + (int32_t)a1 * (int32_t)b0)}); +} + +static inline libcrux_ml_kem_vector_PortableVector ntt_multiply( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { libcrux_ml_kem_vector_PortableVector out = zero(); __int16_t_int16_t lit0; lit0.fst = lhs->elements[0U]; @@ -1002,790 +1188,772 @@ ntt_multiply( return out; } -static libcrux_ml_kem_vector_PortableVector -ntt_multiply0( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ +static libcrux_ml_kem_vector_PortableVector ntt_multiply0( + libcrux_ml_kem_vector_PortableVector *lhs, + libcrux_ml_kem_vector_PortableVector *rhs, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); } -static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) -{ - uint8_t result[2U] = { 0U }; - KRML_MAYBE_FOR8(i, - (size_t)0U, - (size_t)8U, - (size_t)1U, - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); - KRML_MAYBE_FOR8(i, - (size_t)8U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -) -{ +static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + KRML_MAYBE_FOR8( + i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); + KRML_MAYBE_FOR8(i, (size_t)8U, (size_t)16U, (size_t)1U, size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = (uint32_t)result[uu____1] | + (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U);); + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[2U]) { uint8_t ret0[2U]; serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_vector_PortableVector deserialize_1(Eurydice_slice v) -{ +static inline libcrux_ml_kem_vector_PortableVector deserialize_1( + Eurydice_slice v) { libcrux_ml_kem_vector_PortableVector result = zero(); - KRML_MAYBE_FOR8(i, - (size_t)0U, - (size_t)8U, - (size_t)1U, - size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); - for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { + KRML_MAYBE_FOR8(i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = + (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + uint8_t *uu____1 = + &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = + (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); } return result; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -) -{ + Eurydice_slice a) { return deserialize_1(a); } -static inline void serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) -{ - uint8_t result[8U] = { 0U }; - result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; - result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; - result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; - result[4U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[5U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; - result[6U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; - result[7U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -) -{ +static inline void serialize_4(libcrux_ml_kem_vector_PortableVector v, + uint8_t ret[8U]) { + uint8_t result[8U] = {0U}; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | + (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | + (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | + (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | + (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[8U]) { uint8_t ret0[8U]; serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_vector_PortableVector deserialize_4(Eurydice_slice bytes) -{ +static inline libcrux_ml_kem_vector_PortableVector deserialize_4( + Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____0 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____2 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____4 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____5 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____7 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____9 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____11 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____12 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____14 = + &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); return v; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -) -{ + Eurydice_slice a) { return deserialize_4(a); } -static inline void serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) -{ - uint8_t result[10U] = { 0U }; +static inline void serialize_5(libcrux_ml_kem_vector_PortableVector v, + uint8_t ret[10U]) { + uint8_t result[10U] = {0U}; result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); result[1U] = - (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); - result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | + v.elements[1U] >> 3U); + result[2U] = + (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); result[3U] = - (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | + v.elements[4U] >> 4U); result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); result[5U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) - << 5U - | v.elements[(size_t)8U + (size_t)0U]); + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) << 5U | + v.elements[(size_t)8U + (size_t)0U]); result[6U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) - << 7U - | v.elements[(size_t)8U + (size_t)2U] << 2U) - | v.elements[(size_t)8U + (size_t)1U] >> 3U); + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) << 7U | + v.elements[(size_t)8U + (size_t)2U] << 2U) | + v.elements[(size_t)8U + (size_t)1U] >> 3U); result[7U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | v.elements[(size_t)8U + (size_t)3U] >> 1U); + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) << 4U | + v.elements[(size_t)8U + (size_t)3U] >> 1U); result[8U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) - << 6U - | v.elements[(size_t)8U + (size_t)5U] << 1U) - | v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)7U] - << 3U - | v.elements[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -) -{ + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) << 6U | + v.elements[(size_t)8U + (size_t)5U] << 1U) | + v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] << 3U | + v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[10U]) { uint8_t ret0[10U]; serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_vector_PortableVector deserialize_5(Eurydice_slice bytes) -{ +static inline libcrux_ml_kem_vector_PortableVector deserialize_5( + Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____0 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t - uu____1 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) - << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + 3U) + << 3U; + uint8_t *uu____2 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t - uu____4 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) - << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + 15U) + << 1U; + uint8_t *uu____5 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t - uu____6 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) - << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + 1U) + << 4U; + uint8_t *uu____7 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t - uu____9 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) - << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + 7U) + << 2U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____11 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t - *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t - uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & 3U) - << 3U; - uint8_t - *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + 3U) + << 3U; + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t - *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t - uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & 15U) - << 1U; - uint8_t - *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t - uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - & 1U) - << 4U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t - *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + 15U) + << 1U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + v.elements[11U] = + (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + 1U) + << 4U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + v.elements[12U] = + (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, + uint8_t, uint8_t *, uint8_t); v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t - uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & 7U) - << 2U; - uint8_t - *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t - *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + 7U) + << 2U; + uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, + uint8_t, uint8_t *, uint8_t); + v.elements[14U] = + (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); return v; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -) -{ + Eurydice_slice a) { return deserialize_5(a); } -static inline void serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) -{ - uint8_t result[20U] = { 0U }; +static inline void serialize_10(libcrux_ml_kem_vector_PortableVector v, + uint8_t ret[20U]) { + uint8_t result[20U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); - result[3U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); - result[7U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); - result[8U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); result[11U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & + (int16_t)3); result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & + (int16_t)15); result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & + (int16_t)63); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & + (int16_t)3); result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & + (int16_t)15); result[18U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); - result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -) -{ + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & + (int16_t)63); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[20U]) { uint8_t ret0[20U]; serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_vector_PortableVector deserialize_10(Eurydice_slice bytes) -{ +static inline libcrux_ml_kem_vector_PortableVector deserialize_10( + Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector result = zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____5 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____7 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t - uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____8 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____9 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t - uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____10 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____11 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t - uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t uu____12 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t - uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 8U; - uint8_t - *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 6U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 4U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t - uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, + uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t - uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 8U; - uint8_t - *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t - uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 6U; - uint8_t - *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t - uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 4U; - uint8_t - *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, + uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t - uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; return result; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -) -{ + Eurydice_slice a) { return deserialize_10(a); } -static inline void serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) -{ - uint8_t result[22U] = { 0U }; +static inline void serialize_11(libcrux_ml_kem_vector_PortableVector v, + uint8_t ret[22U]) { + uint8_t result[22U] = {0U}; result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[1U] >> 5U); result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | + (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | + (uint32_t)(uint8_t)(v.elements[4U] >> 4U); result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | + (uint32_t)(uint8_t)(v.elements[6U] >> 6U); result[10U] = (uint8_t)(v.elements[7U] >> 3U); result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -) -{ +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[22U]) { uint8_t ret0[22U]; serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_vector_PortableVector deserialize_11(Eurydice_slice bytes) -{ +static inline libcrux_ml_kem_vector_PortableVector deserialize_11( + Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector result = zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = - uu____4 - | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____5 = + uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = - uu____11 - | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____12 = + uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t - uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____17 = + &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)7) - << 8U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 5U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____23 = + uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 7U; - uint8_t - *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)127) - << 4U; - uint8_t - *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____30 = + uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, + uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - & (int16_t)31) - << 6U; - uint8_t - *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) - << 3U; - uint8_t - *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, + uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; return result; } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -) -{ + Eurydice_slice a) { return deserialize_11(a); } -static inline void serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) -{ - uint8_t result[24U] = { 0U }; +static inline void serialize_12(libcrux_ml_kem_vector_PortableVector v, + uint8_t ret[24U]) { + uint8_t result[24U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[1U] = + (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); - result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[4U] = + (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[7U] = + (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); - result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[10U] = + (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); result[13U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)0U] - >> 8U - | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + (uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U | + (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); result[16U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)2U] - >> 8U - | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 8U | + (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); result[19U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)4U] - >> 8U - | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + (uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U | + (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); result[22U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)6U] - >> 8U - | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -) -{ + (uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 8U | + (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + libcrux_ml_kem_vector_PortableVector a, uint8_t ret[24U]) { uint8_t ret0[24U]; serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice bytes) -{ +static inline libcrux_ml_kem_vector_PortableVector deserialize_12( + Eurydice_slice bytes) { libcrux_ml_kem_vector_PortableVector re = zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - int16_t - byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t); - int16_t - byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t *, uint8_t); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t); + int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t); + int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, + uint8_t *, uint8_t); re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); @@ -1794,30 +1962,30 @@ static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t - byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t *, uint8_t); - int16_t - byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t *, uint8_t); - int16_t - byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t *, uint8_t); - int16_t - byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t *, uint8_t); - int16_t - byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t *, uint8_t); - int16_t - byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t *, uint8_t); - int16_t - byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t *, uint8_t); - int16_t - byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t *, uint8_t); - int16_t - byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t *, uint8_t); - int16_t - byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t *, uint8_t); - int16_t - byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t *, uint8_t); - int16_t - byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t *, uint8_t); + int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, + uint8_t *, uint8_t); + int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, + uint8_t *, uint8_t); + int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, + uint8_t *, uint8_t); + int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, + uint8_t *, uint8_t); + int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, + uint8_t *, uint8_t); + int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, + uint8_t *, uint8_t); + int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, + uint8_t *, uint8_t); + int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, + uint8_t *, uint8_t); + int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, + uint8_t *, uint8_t); + int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, + uint8_t *, uint8_t); + int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, + uint8_t *, uint8_t); + int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, + uint8_t *, uint8_t); re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); @@ -1831,70 +1999,55 @@ static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -) -{ + Eurydice_slice a) { return deserialize_12(a); } -static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) -{ +static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option__Eurydice_slice_uint8_t uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( + &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) { break; - } - else - { + } else { Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { uu____1 = sampled < (size_t)16U; - } - else - { + } else { uu____1 = false; } - if (uu____1) - { + if (uu____1) { int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____2; sampled++; } bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { uu____3 = sampled < (size_t)16U; - } - else - { + } else { uu____3 = false; } - if (uu____3) - { + if (uu____3) { int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____4; sampled++; } } @@ -1904,107 +2057,83 @@ static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) size_t libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ + Eurydice_slice a, Eurydice_slice out) { return rej_sample(a, out); } -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, size_t); + i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, size_t); + i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static libcrux_ml_kem_vector_PortableVector to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - montgomery_multiply_by_constant0(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_vector_PortableVector v) { + return montgomery_multiply_by_constant0( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); + libcrux_ml_kem_vector_PortableVector coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_PortableVector( + self->coefficients[j]); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } -static inline libcrux_ml_kem_vector_PortableVector -compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector compress___5int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); + int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)5, + (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; @@ -2012,20 +2141,17 @@ compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return compress___5int32_t(v); } -static inline libcrux_ml_kem_vector_PortableVector -compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector compress___4int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); + int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)4, + (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; @@ -2033,20 +2159,17 @@ compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return compress___4int32_t(v); } -static inline libcrux_ml_kem_vector_PortableVector -compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector compress___11int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); + int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)11, + (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; @@ -2054,20 +2177,17 @@ compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return compress___11int32_t(v); } -static inline libcrux_ml_kem_vector_PortableVector -compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector compress___10int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); + int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)10, + (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; @@ -2075,37 +2195,33 @@ compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return compress___10int32_t(v); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - montgomery_multiply_by_constant0(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); + libcrux_ml_kem_vector_PortableVector coefficient_normal_form = + montgomery_multiply_by_constant0(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_PortableVector tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + self->coefficients[i0], &message->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + tmp0); result.coefficients[i0] = uu____0; } return result; @@ -2113,42 +2229,36 @@ libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vec libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - bitwise_and_with_constant0(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(ZERO(), - &v), + libcrux_ml_kem_vector_PortableVector v) { + return bitwise_and_with_constant0( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + ZERO(), &v), (int16_t)1665); } -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - montgomery_multiply_by_constant0(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); + libcrux_ml_kem_vector_PortableVector coefficient_normal_form = + montgomery_multiply_by_constant0(self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; + void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + lit; lit.coefficients[0U] = ZERO(); lit.coefficients[1U] = ZERO(); lit.coefficients[2U] = ZERO(); @@ -2170,149 +2280,128 @@ libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vec libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -) -{ + Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - from_i16_array0(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector uu____0 = + from_i16_array0(Eurydice_slice_subslice( + a, + ((core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); result.coefficients[i0] = uu____0; } return result; } -static inline libcrux_ml_kem_vector_PortableVector -shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_PortableVector shift_right___15int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; } return v; } -static libcrux_ml_kem_vector_PortableVector -shift_right___15int32_t0(libcrux_ml_kem_vector_PortableVector v) -{ +static libcrux_ml_kem_vector_PortableVector shift_right___15int32_t0( + libcrux_ml_kem_vector_PortableVector v) { return shift_right___15int32_t(v); } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -) -{ + libcrux_ml_kem_vector_PortableVector a) { libcrux_ml_kem_vector_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_PortableVector - fm = bitwise_and_with_constant0(t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &fm); + libcrux_ml_kem_vector_PortableVector fm = + bitwise_and_with_constant0(t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + a, &fm); } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = montgomery_multiply_by_constant0(b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], - &coefficient_normal_form)); + libcrux_ml_kem_vector_PortableVector coefficient_normal_form = + montgomery_multiply_by_constant0(b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + self->coefficients[i0], &coefficient_normal_form)); b.coefficients[i0] = uu____0; } return b; } -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_PortableVector, size_t); + i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + out = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - ntt_multiply0(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); + libcrux_ml_kem_vector_PortableVector uu____0 = ntt_multiply0( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); out.coefficients[i0] = uu____0; } return out; } static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -2322,20 +2411,18 @@ decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_PortableVecto libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return decompress_ciphertext_coefficient___5int32_t(v); } static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -2345,44 +2432,37 @@ decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_PortableVecto libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return decompress_ciphertext_coefficient___4int32_t(v); } -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + self->coefficients[i0]); self->coefficients[i0] = uu____0; } } libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -) -{ + libcrux_ml_kem_vector_PortableVector v, int16_t fer) { return montgomery_multiply_by_constant0(v, fer); } static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -2392,20 +2472,18 @@ decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_PortableVect libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return decompress_ciphertext_coefficient___11int32_t(v); } static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -2415,9 +2493,6 @@ decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_PortableVect libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ + libcrux_ml_kem_vector_PortableVector v) { return decompress_ciphertext_coefficient___10int32_t(v); } - diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index bfde0dcce..be62b11ce 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_polynomial_H @@ -12,16 +12,17 @@ extern "C" { #endif -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" -typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_PortableVector; +typedef struct libcrux_ml_kem_vector_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_PortableVector; typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s -{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s { + libcrux_ml_kem_vector_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c index 1d6b807b2..6ceaa6a42 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ b/libcrux-ml-kem/c/libcrux_sha3.c @@ -1,105 +1,98 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "libcrux_sha3.h" #include "internal/libcrux_sha3_internal.h" -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); } -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); } -void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +void libcrux_sha3_portable_shake256(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); } -inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); } -inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); } -inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) -{ - uint8_t out[28U] = { 0U }; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) -{ - uint8_t out[32U] = { 0U }; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) -{ - uint8_t out[48U] = { 0U }; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); } - diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 0952f0695..99a3970f3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_sha3_H @@ -12,8 +12,8 @@ extern "C" { #endif -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 9f70b1575..1cff9ea91 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,192 +1,150 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "internal/libcrux_sha3_avx2.h" -#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_sha3_internal.h" -static inline core_core_arch_x86___m256i zero(void) -{ +static inline core_core_arch_x86___m256i zero(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } -static inline core_core_arch_x86___m256i -_veor5q_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ +static inline core_core_arch_x86___m256i _veor5q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } -static inline core_core_arch_x86___m256i -xor5( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ +static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { return _veor5q_u64(a, b, c, d, e); } -static inline core_core_arch_x86___m256i -rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)1, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)63, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vrax1q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left___1int32_t_63int32_t(b)); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, rotate_left___1int32_t_63int32_t(b)); } -static inline core_core_arch_x86___m256i -rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i rotate_left1_and_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vrax1q_u64(a, b); } -static inline core_core_arch_x86___m256i -_vbcaxq_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ +static inline core_core_arch_x86___m256i _vbcaxq_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { core_core_arch_x86___m256i uu____0 = a; - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i -and_not_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i and_not_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { return _vbcaxq_u64(a, b, c); } -static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) -{ - core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); +static inline core_core_arch_x86___m256i _veorq_n_u64( + core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } -static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) -{ +static inline core_core_arch_x86___m256i xor_constant( + core_core_arch_x86___m256i a, uint64_t c) { return _veorq_n_u64(a, c); } -static inline core_core_arch_x86___m256i -xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } -static inline void -slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) -{ - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(a[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(a[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); +static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + a[1U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + a[2U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); ret[0U] = uu____0; ret[1U] = uu____1; ret[2U] = uu____2; - ret[3U] = - Eurydice_slice_subslice(a[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + ret[3U] = Eurydice_slice_subslice( + a[3U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); } -static inline void -slice_n(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) -{ +static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) -{ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out0 = out[0U]; Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out0, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at_mut(out1, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at_mut(out2, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at_mut(out3, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; @@ -202,15 +160,14 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) } static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) -{ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -new__core_core_arch_x86___m256i_4size_t(void) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; +new__core_core_arch_x86___m256i_4size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + lit; lit.st[0U][0U] = zero(); lit.st[0U][1U] = zero(); lit.st[0U][2U] = zero(); @@ -239,1008 +196,809 @@ new__core_core_arch_x86___m256i_4size_t(void) return lit; } -static inline void -load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { +static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); s[i][j] = uu____13; } } -static inline void -load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; +static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); load_block___136size_t(uu____0, uu____1); } -static inline core_core_arch_x86___m256i -rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___36int32_t_28int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___36int32_t_28int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___36int32_t_28int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___3int32_t_61int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___3int32_t_61int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)41, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)23, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___41int32_t_23int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___41int32_t_23int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___41int32_t_23int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)18, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)46, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___18int32_t_46int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___18int32_t_46int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___18int32_t_46int32_t(a, b); } -static inline core_core_arch_x86___m256i -_vxarq_u64___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___1int32_t_63int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___1int32_t_63int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___44int32_t_20int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___44int32_t_20int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___44int32_t_20int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)10, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)54, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___10int32_t_54int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___10int32_t_54int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___10int32_t_54int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)45, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)19, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___45int32_t_19int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___45int32_t_19int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___45int32_t_19int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___2int32_t_62int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___2int32_t_62int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___62int32_t_2int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___62int32_t_2int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)6, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)58, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___6int32_t_58int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___6int32_t_58int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___43int32_t_21int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___43int32_t_21int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___43int32_t_21int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)15, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)49, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___15int32_t_49int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___15int32_t_49int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___15int32_t_49int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___61int32_t_3int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___61int32_t_3int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___28int32_t_36int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___28int32_t_36int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___28int32_t_36int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)55, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)9, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___55int32_t_9int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___55int32_t_9int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___25int32_t_39int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___25int32_t_39int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___25int32_t_39int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___21int32_t_43int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___21int32_t_43int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___21int32_t_43int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___56int32_t_8int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___56int32_t_8int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)27, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)37, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___27int32_t_37int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___27int32_t_37int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___27int32_t_37int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___20int32_t_44int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___20int32_t_44int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___20int32_t_44int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___39int32_t_25int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___39int32_t_25int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___39int32_t_25int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___8int32_t_56int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___8int32_t_56int32_t(a, b); } -static inline core_core_arch_x86___m256i -rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); +static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)14, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)50, x, core_core_arch_x86___m256i)); } -static inline core_core_arch_x86___m256i -_vxarq_u64___14int32_t_50int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ +static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left___14int32_t_50int32_t(ab); } -static inline core_core_arch_x86___m256i -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ +static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64___14int32_t_50int32_t(a, b); } -static inline void -theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i - uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); - core_core_arch_x86___m256i - uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); - core_core_arch_x86___m256i - uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); - core_core_arch_x86___m256i - uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); - core_core_arch_x86___m256i - c[5U] = - { +static inline void theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_x86___m256i uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_x86___m256i uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_x86___m256i uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_x86___m256i c[5U] = { uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - core_core_arch_x86___m256i - uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - t[5U] = - { + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { uu____4, uu____5, uu____6, uu____7, rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i - uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + core_core_arch_x86___m256i uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i - uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + core_core_arch_x86___m256i uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i - uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + core_core_arch_x86___m256i uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i - uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + core_core_arch_x86___m256i uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i - uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + core_core_arch_x86___m256i uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i - uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + core_core_arch_x86___m256i uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i - uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + core_core_arch_x86___m256i uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i - uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + core_core_arch_x86___m256i uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i - uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + core_core_arch_x86___m256i uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i - uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + core_core_arch_x86___m256i uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i - uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + core_core_arch_x86___m256i uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i - uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + core_core_arch_x86___m256i uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i - uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + core_core_arch_x86___m256i uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i - uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + core_core_arch_x86___m256i uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i - uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + core_core_arch_x86___m256i uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i - uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + core_core_arch_x86___m256i uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i - uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + core_core_arch_x86___m256i uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i - uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + core_core_arch_x86___m256i uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i - uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + core_core_arch_x86___m256i uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i - uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + core_core_arch_x86___m256i uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i - uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + core_core_arch_x86___m256i uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i - uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + core_core_arch_x86___m256i uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i - uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + core_core_arch_x86___m256i uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i - uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + core_core_arch_x86___m256i uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____32; } -static inline void -pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ +static inline void pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - core_core_arch_x86___m256i [5U], - void *); + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1267,49 +1025,33 @@ pi__core_core_arch_x86___m256i_4size_t( s->st[4U][4U] = old[4U][1U]; } -static inline void -chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ +static inline void chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - core_core_arch_x86___m256i - uu____0 = - and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void -iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -) -{ - core_core_arch_x86___m256i - uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_x86___m256i uu____0 = and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + size_t i) { + core_core_arch_x86___m256i uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); s->st[0U][0U] = uu____0; } -static inline void -keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { +static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; theta_rho__core_core_arch_x86___m256i_4size_t(s); pi__core_core_arch_x86___m256i_4size_t(s); @@ -1318,1190 +1060,970 @@ keccakf1600__core_core_arch_x86___m256i_4size_t( } } -static inline void -absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s->st; +static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); load_block___136size_t0(uu____0, uu____1); keccakf1600__core_core_arch_x86___m256i_4size_t(s); } -static inline void -load_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; +static inline void load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; load_block___136size_t(uu____0, buf); } -static inline void -load_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; +static inline void load_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); load_block_full___136size_t(uu____0, uu____1); } static inline void absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full___136size_t0(uu____1, uu____2); keccakf1600__core_core_arch_x86___m256i_4size_t(s); } -static inline void -store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { +static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; + uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -store_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - uint8_t out2[200U] = { 0U }; - uint8_t out3[200U] = { 0U }; - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - out3, - uint8_t, - Eurydice_slice) - }; +static inline void store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = { + uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; store_block___136size_t(uu____0, buf); uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); } -static inline void -store_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) -{ +static inline void store_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { uint8_t ret0[4U][200U]; store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); } static inline void squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { uint8_t b[4U][200U]; store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) -{ + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block___136size_t(a, b); } static inline void squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { store_block___136size_t0(s->st, out); } static inline void squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { keccakf1600__core_core_arch_x86___m256i_4size_t(s); store_block___136size_t0(s->st, out); } -static inline void -squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -) -{ +static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s, + Eurydice_slice out[4U]) { keccakf1600__core_core_arch_x86___m256i_4size_t(&s); uint8_t b[4U][200U]; store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); } static inline void keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -) -{ + Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = new__core_core_arch_x86___m256i_4size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { + s = new__core_core_arch_x86___m256i_4size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &s; Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = &s; Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, ret); + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, out); - } - else - { + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } else { K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); + uu____4 = split_at_mut_n(out, (size_t)136U); Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { + } else { K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); + uu____5 = split_at_mut_n(o1, (size_t)136U); Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { + if (last < outlen) { squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); } } } -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); } libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void) -{ +libcrux_sha3_avx2_x4_incremental_shake128_init(void) { return new__core_core_arch_x86___m256i_4size_t(); } -static inline void -load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { +static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); s[i][j] = uu____13; } } -static inline void -load_block_full___168size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; +static inline void load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; load_block___168size_t(uu____0, buf); } -static inline void -load_block_full___168size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; +static inline void load_block_full___168size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); load_block_full___168size_t(uu____0, uu____1); } inline void libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full___168size_t0(uu____1, uu____2); keccakf1600__core_core_arch_x86___m256i_4size_t(s); } -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -) -{ - Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, - buf); +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3) { + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + s, buf); } -static inline void -store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { +static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; + uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) -{ +static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block___168size_t(a, b); } static inline void squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { keccakf1600__core_core_arch_x86___m256i_4size_t(s); store_block___168size_t0(s->st, out); } -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); } static inline void squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { store_block___168size_t0(s->st, out); } inline void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____0 = split_at_mut_n(out, (size_t)168U); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____1 = split_at_mut_n(o10, (size_t)168U); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); } -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + s, buf); } - diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 26342807e..f70e059e8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_sha3_avx2_H @@ -12,56 +12,40 @@ extern "C" { #endif +#include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" - #include "libcrux_core.h" -#include "eurydice_glue.h" -typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s -{ core_core_arch_x86___m256i st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3); + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 9b8eca3cc..a2cac02e9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_sha3_internal_H @@ -12,12 +12,12 @@ extern "C" { #endif -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" -typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s -{ uint64_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { + uint64_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a00b2700b..f326bf1d9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,177 +1,187 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } -inline void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } inline libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } -inline void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } -inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } -inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); core_fmt_rt_Argument ret[0U]; core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); KRML_HOST_EXIT(255U); } - diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 2e3dd1398..f7f84de88 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 5666a5de + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 5666a5de */ #ifndef __libcrux_sha3_neon_H @@ -12,51 +12,36 @@ extern "C" { #endif +#include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" - -#include "libcrux_sha3_internal.h" #include "libcrux_core.h" -#include "eurydice_glue.h" +#include "libcrux_sha3_internal.h" void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -); +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } -libcrux_sha3_neon_x2_incremental_KeccakState2; +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState2; libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void); -void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -); +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1); -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 382e2a5c9..d6227f283 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -295,8 +295,5 @@ TEST(MlKem768Test, NISTKnownAnswerTest) memcmp(ctxt.snd, sharedSecret2, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - // FIXME: REMOVE AGAIN - break; } } diff --git a/libcrux-sha3/benches/sha3.rs b/libcrux-sha3/benches/sha3.rs index 93e427551..2188a35ef 100644 --- a/libcrux-sha3/benches/sha3.rs +++ b/libcrux-sha3/benches/sha3.rs @@ -68,7 +68,43 @@ impl_comp!(Sha3_256, Algorithm::Sha256, sha256); impl_comp!(Sha3_384, Algorithm::Sha384, sha384); impl_comp!(Sha3_512, Algorithm::Sha512, sha512); +#[cfg(all(feature = "simd256", target_arch = "x86_64"))] +fn shake256(c: &mut Criterion) { + let mut group = c.benchmark_group("shake256"); + group.bench_function("avx2", |b| { + b.iter_batched( + || { + ( + randombytes(33), + randombytes(33), + randombytes(33), + randombytes(33), + ) + }, + |(payload0, payload1, payload2, payload3)| { + let mut digest0 = [0u8; 128]; + let mut digest1 = [0u8; 128]; + let mut digest2 = [0u8; 128]; + let mut digest3 = [0u8; 128]; + avx2::x4::shake256( + &payload0, + &payload1, + &payload2, + &payload3, + &mut digest0, + &mut digest1, + &mut digest2, + &mut digest3, + ); + }, + BatchSize::SmallInput, + ) + }); +} + fn benchmarks(c: &mut Criterion) { + #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + shake256(c); Sha3_224(c); Sha3_256(c); Sha3_384(c); From 67d7b0f0e74f180b4b4a40674f1606e3680a0035 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 31 May 2024 10:23:22 +0200 Subject: [PATCH 86/94] update boringssl benchmarks --- benchmarks/benches/boringssl/CMakeLists.txt | 2 +- benchmarks/benches/boringssl/kyber768.cxx | 6 +++--- benchmarks/benches/boringssl/shake.cxx | 14 +++++++++----- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/benchmarks/benches/boringssl/CMakeLists.txt b/benchmarks/benches/boringssl/CMakeLists.txt index 69f98dbef..77ac73b88 100644 --- a/benchmarks/benches/boringssl/CMakeLists.txt +++ b/benchmarks/benches/boringssl/CMakeLists.txt @@ -20,7 +20,7 @@ FetchContent_MakeAvailable(benchmark) FetchContent_Declare( boringssl GIT_REPOSITORY https://boringssl.googlesource.com/boringssl - GIT_TAG 1e3da32f3754b1b9136247ee26308cfd959cbeba + GIT_TAG 1eda2363f9e79aaa5febe91d31b6756ae4f24f30 ) FetchContent_MakeAvailable(boringssl) diff --git a/benchmarks/benches/boringssl/kyber768.cxx b/benchmarks/benches/boringssl/kyber768.cxx index c80c3ab9f..d5adb4a09 100644 --- a/benchmarks/benches/boringssl/kyber768.cxx +++ b/benchmarks/benches/boringssl/kyber768.cxx @@ -2,7 +2,7 @@ #include #include -#include +#include #include @@ -48,7 +48,7 @@ static void BM_Encapsulation(benchmark::State &state) { state.SkipWithError("Error: KYBER_parse_public_key"); } - KYBER_encap(ciphertext, shared_secret, sizeof(shared_secret), &pub); + KYBER_encap(ciphertext, shared_secret, &pub); } } @@ -87,7 +87,7 @@ static void BM_Decapsulation(benchmark::State &state) { state.SkipWithError("Error: KYBER_parse_private_key()"); } - KYBER_decap(shared_secret, sizeof(shared_secret), ciphertext, &priv); + KYBER_decap(shared_secret, ciphertext, &priv); } } diff --git a/benchmarks/benches/boringssl/shake.cxx b/benchmarks/benches/boringssl/shake.cxx index 4021431dc..25168a516 100644 --- a/benchmarks/benches/boringssl/shake.cxx +++ b/benchmarks/benches/boringssl/shake.cxx @@ -1,7 +1,7 @@ #include #include -#include "crypto/kyber/internal.h" +#include "crypto/keccak/internal.h" #include @@ -16,8 +16,10 @@ static void BM_SHAKE128(benchmark::State &state) { uint8_t output[SHAKE128_BYTES_TO_OUTPUT]; for (auto _ : state) { - BORINGSSL_keccak(output, SHAKE128_BYTES_TO_OUTPUT, input, sizeof(input), - boringssl_shake128); + struct BORINGSSL_keccak_st keccak_ctx; + BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128); + BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input)); + BORINGSSL_keccak_squeeze(&keccak_ctx, output, sizeof(output)); } } @@ -32,8 +34,10 @@ static void BM_SHAKE256(benchmark::State &state) { uint8_t output[SHAKE256_BYTES_TO_OUTPUT]; for (auto _ : state) { - BORINGSSL_keccak(output, SHAKE256_BYTES_TO_OUTPUT, input, sizeof(input), - boringssl_shake256); + struct BORINGSSL_keccak_st keccak_ctx; + BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); + BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input)); + BORINGSSL_keccak_squeeze(&keccak_ctx, output, sizeof(output)); } } From a62ee49ad6f23dc51102e162b2cf56926d302f12 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 31 May 2024 10:57:13 +0200 Subject: [PATCH 87/94] readme for C code --- libcrux-ml-kem/c/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 libcrux-ml-kem/c/README.md diff --git a/libcrux-ml-kem/c/README.md b/libcrux-ml-kem/c/README.md new file mode 100644 index 000000000..1bbe404d9 --- /dev/null +++ b/libcrux-ml-kem/c/README.md @@ -0,0 +1,11 @@ +# ML-KEM + +This folder contains the extracted ML-KEM C code. + +## Benchmarks + +```bash +cmake -B build -G "Ninja Multi-Config" +cmake --build build --config Release +./build/Release/ml_kem_bench +``` From 95c3ab5e3aa4af2a3b7db9ca2e385d79bbc6a467 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 3 Jun 2024 08:44:04 +0200 Subject: [PATCH 88/94] inline sha3 --- libcrux-ml-kem/c.yaml | 1 + libcrux-ml-kem/c/CMakeLists.txt | 1 - libcrux-ml-kem/c/internal/libcrux_core.h | 45 +- libcrux-ml-kem/c/internal/libcrux_mlkem768.h | 6 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_polynomial.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 7 +- .../c/internal/libcrux_sha3_internal.h | 2326 +---------------- libcrux-ml-kem/c/libcrux_core.c | 6 +- libcrux-ml-kem/c/libcrux_core.h | 45 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_platform.h | 6 +- libcrux-ml-kem/c/libcrux_polynomial.c | 6 +- libcrux-ml-kem/c/libcrux_polynomial.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.c | 98 - libcrux-ml-kem/c/libcrux_sha3.h | 97 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 7 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 7 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2325 +++++++++++++++- libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- 28 files changed, 2512 insertions(+), 2549 deletions(-) delete mode 100644 libcrux-ml-kem/c/libcrux_sha3.c diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 350c390c1..1c8e4cff8 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -69,6 +69,7 @@ files: # Public API header for SHA3 - name: libcrux_sha3 + inline_static: true api: exact: - [libcrux_sha3, hash] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 5310489cd..1db8cb438 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -38,7 +38,6 @@ file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3.c ) # file(GLOB VEC128_SOURCES # libcrux_sha3_neon.c diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 66b65563c..0ca3a224a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __internal_libcrux_core_H @@ -21,17 +21,8 @@ extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( Eurydice_slice x0, Eurydice_slice x1); -typedef struct core_option_Option__size_t_s { - core_option_Option__size_t_tags tag; - size_t f0; -} core_option_Option__size_t; - #define CORE_NUM__U32_8__BITS (32U) -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -197,12 +188,6 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; - typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; @@ -266,30 +251,6 @@ typedef struct Eurydice_slice snd[4U]; } K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; -typedef struct - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U]); - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -typedef struct - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h index a08af7da2..23d48e22f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __internal_libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 720396567..6894d3c1f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index a7f4030b3..57393f611 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __internal_libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 5d535614b..cf31957cc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -15,7 +15,6 @@ extern "C" { #include "../libcrux_sha3_avx2.h" #include "eurydice_glue.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_sha3_internal.h" #include "intrinsics/libcrux_intrinsics_avx2.h" typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index eb20079a3..c74eb7f77 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __internal_libcrux_sha3_internal_H @@ -14,907 +14,15 @@ extern "C" { #include "../libcrux_sha3_internal.h" #include "eurydice_glue.h" -#include "internal/libcrux_core.h" - -static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { - 1ULL, - 32898ULL, - 9223372036854808714ULL, - 9223372039002292224ULL, - 32907ULL, - 2147483649ULL, - 9223372039002292353ULL, - 9223372036854808585ULL, - 138ULL, - 136ULL, - 2147516425ULL, - 2147483658ULL, - 2147516555ULL, - 9223372036854775947ULL, - 9223372036854808713ULL, - 9223372036854808579ULL, - 9223372036854808578ULL, - 9223372036854775936ULL, - 32778ULL, - 9223372039002259466ULL, - 9223372039002292353ULL, - 9223372036854808704ULL, - 2147483649ULL, - 9223372039002292232ULL}; - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( - void) { - return 0ULL; -} - -static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; -} - -static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, - uint64_t b) { - uint64_t uu____0 = a; - return uu____0 ^ - libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, - uint64_t b, - uint64_t c) { - return a ^ (b & ~c); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, uint64_t b, uint64_t c) { - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); -} - -static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, - uint64_t c) { - return a ^ c; -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, uint64_t c) { - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, uint64_t b) { - return a ^ b; -} - -static inline void libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice( - a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], - size_t mid) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out[0U], mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], size_t mid) { - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable_KeccakState1; -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; - lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - return lit; -} - static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); } -static inline void libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - uint64_t uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - uint64_t uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - uint64_t uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - uint64_t c[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - uint64_t uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t t[5U] = { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - uint64_t uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - uint64_t uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - uint64_t uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - uint64_t uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - uint64_t uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - uint64_t uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - uint64_t uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - uint64_t uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - uint64_t uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - uint64_t uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - uint64_t uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - uint64_t uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - uint64_t uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - uint64_t uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - uint64_t uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - uint64_t uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - uint64_t uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - uint64_t uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - uint64_t uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - uint64_t uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - uint64_t uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - uint64_t uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - uint64_t uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - uint64_t uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - uint64_t uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, uint64_t[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( - i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { - uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - static inline void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice data0) { @@ -923,39 +31,6 @@ static inline void libcrux_sha3_portable_incremental_shake128_absorb_final( s, buf); } -static inline void libcrux_sha3_portable_keccak_store_block___168size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - s->st, out); -} - static inline void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, @@ -965,14 +40,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( s, buf); } -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - s->st, out); -} - static inline void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, @@ -1123,1393 +190,6 @@ libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from( return uu____0; } -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)104U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___104size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)144U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___144size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___136size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - uu____0, out); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)72U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___72size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, - ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - uu____0, out); -} - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 775e119a6..087bc8187 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index dca41c145..7e5b4a58b 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_core_H @@ -28,6 +28,15 @@ extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); typedef uint8_t core_option_Option__size_t_tags; +typedef struct core_option_Option__size_t_s { + core_option_Option__size_t_tags tag; + size_t f0; +} core_option_Option__size_t; + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } libcrux_ml_kem_types_MlKemPublicKey____800size_t; @@ -115,6 +124,36 @@ typedef struct uint8_t snd[32U]; } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + +typedef struct + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U]); + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +typedef struct + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s { + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 5d3cae109..42254373d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "libcrux_mlkem1024.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index caa4855fa..a8cd738ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 7cd2b7f54..a0170dede 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "libcrux_mlkem512.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 514674b40..8dc3973a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index aa8db57a1..545e481f7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "internal/libcrux_mlkem768.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index fb0703c75..87e876a6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 105ae90aa..b5c800a4a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 3558b9157..e02130610 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 17e047fa9..067b38338 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index b043bdaf0..205c79c9d 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "internal/libcrux_polynomial.h" diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index be62b11ce..b2778ad46 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.c b/libcrux-ml-kem/c/libcrux_sha3.c deleted file mode 100644 index 6ceaa6a42..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de - */ - -#include "libcrux_sha3.h" - -#include "internal/libcrux_sha3_internal.h" - -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); -} - -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); -} - -void libcrux_sha3_portable_shake256(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); -} - -inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); -} - -inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); -} - -inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); -} - -inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); -} - -inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); -} - -inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); -} - -inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); -} diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 99a3970f3..7b01575cc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_sha3_H @@ -14,34 +14,97 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_sha3_internal.h" -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); +} -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); +} -void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} -void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); +} -void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); +} -void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); +static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} -void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); +static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); +} -void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); +static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); +} -void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); +static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} -void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); +static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); +} -void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); +static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +} -void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); +static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); +} -void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); +static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +} -void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); +static inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); +} #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 1cff9ea91..aa58cae66 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,14 +1,13 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_sha3_internal.h" static inline core_core_arch_x86___m256i zero(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index f70e059e8..8b2942720 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_sha3_avx2_H @@ -15,6 +15,7 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" +#include "libcrux_sha3_internal.h" typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index a2cac02e9..9e2be9949 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_sha3_internal_H @@ -15,10 +15,2329 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { + 1ULL, + 32898ULL, + 9223372036854808714ULL, + 9223372039002292224ULL, + 32907ULL, + 2147483649ULL, + 9223372039002292353ULL, + 9223372036854808585ULL, + 138ULL, + 136ULL, + 2147516425ULL, + 2147483658ULL, + 2147516555ULL, + 9223372036854775947ULL, + 9223372036854808713ULL, + 9223372036854808579ULL, + 9223372036854808578ULL, + 9223372036854775936ULL, + 32778ULL, + 9223372039002259466ULL, + 9223372039002292353ULL, + 9223372036854808704ULL, + 2147483649ULL, + 9223372039002292232ULL}; + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( + void) { + return 0ULL; +} + +static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, + uint64_t b) { + uint64_t uu____0 = a; + return uu____0 ^ + libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, + uint64_t b, + uint64_t c) { + return a ^ (b & ~c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, uint64_t b, uint64_t c) { + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, + uint64_t c) { + return a ^ c; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, uint64_t c) { + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, uint64_t b) { + return a ^ b; +} + +static inline void libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { + ret[0U] = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], + size_t mid) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out[0U], mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], size_t mid) { + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +static inline void libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) { + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, + uint64_t b) { + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + uint64_t uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + uint64_t uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + uint64_t uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + uint64_t c[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + uint64_t uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t t[5U] = { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + uint64_t uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + uint64_t uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + uint64_t uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + uint64_t uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + uint64_t uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + uint64_t uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + uint64_t uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + uint64_t uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + uint64_t uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + uint64_t uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + uint64_t uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + uint64_t uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + uint64_t uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + uint64_t uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + uint64_t uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + uint64_t uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + uint64_t uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + uint64_t uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + uint64_t uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + uint64_t uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + uint64_t uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + uint64_t uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + uint64_t uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + uint64_t uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + uint64_t uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, uint64_t[5U], void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t(*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_store_block___168size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + s->st, out); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + s->st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + s.st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, + o1); + } + } +} + +static inline void libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + uu____0, out); +} + +static inline void libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t(*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_store_block___104size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + s->st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + s.st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)104U, (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, + o1); + } + } +} + +static inline void libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + uu____0, out); +} + +static inline void libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t(*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_store_block___144size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + s->st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + s.st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)144U, (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, + o1); + } + } +} + +static inline void libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + uu____0, out); +} + +static inline void libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t(*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_store_block___136size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + s->st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + s.st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, + o1); + } + } +} + +static inline void libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + uu____0, out); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t(*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, + o1); + } + } +} + +static inline void libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + uu____0, out); +} + +static inline void libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t(*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uu____1, uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void libcrux_sha3_portable_keccak_store_block___72size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + s->st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + s->st, out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + s.st, b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)72U, (size_t)72U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, + ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, + o1); + } + } +} + +static inline void libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + uu____0, out); +} + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index f326bf1d9..bbc97948d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f7f84de88..7a7e2c455 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 5666a5de + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 96d12198 */ #ifndef __libcrux_sha3_neon_H From be73700cf93836187778f604dcb1e7ff5a1f43c6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 3 Jun 2024 09:08:40 +0200 Subject: [PATCH 89/94] rustfmt --- libcrux-ml-kem/src/hash_functions.rs | 150 +- libcrux-ml-kem/src/vector/rej_sample_table.rs | 1465 +++++++++-------- 2 files changed, 819 insertions(+), 796 deletions(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index f45a9f108..5b0a163b2 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -36,7 +36,6 @@ pub(crate) trait Hash { /// Squeeze 1 block out of the SHAKE128 state. fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K]; - } /// A portable implementation of [`Hash`] @@ -228,25 +227,25 @@ pub(crate) mod avx2 { debug_assert!(K == 2 || K == 3 || K == 4); let mut state = x4::incremental::shake128_init(); - match K { - 2 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[0], &input[0], - ); - } - 3 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[2], &input[0], - ); - } - 4 => { - x4::incremental::shake128_absorb_final( - &mut state, &input[0], &input[1], &input[2], &input[3], - ); - } - _ => unreachable!("This function must only be called with N = 2, 3, 4"), + match K { + 2 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[0], &input[0], + ); + } + 3 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[0], + ); } - + 4 => { + x4::incremental::shake128_absorb_final( + &mut state, &input[0], &input[1], &input[2], &input[3], + ); + } + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + Self { shake128_state: state, } @@ -256,46 +255,46 @@ pub(crate) mod avx2 { fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { - 2 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let mut dummy_out1 = [0u8; THREE_BLOCKS]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); - } - 3 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); - } - 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); - } - _ => unreachable!("This function must only be called with N = 2, 3, 4"), + match K { + 2 => { + let mut dummy_out0 = [0u8; THREE_BLOCKS]; + let mut dummy_out1 = [0u8; THREE_BLOCKS]; + let (out0, out1) = out.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut dummy_out0, + &mut dummy_out1, + ); + } + 3 => { + let mut dummy_out0 = [0u8; THREE_BLOCKS]; + let (out0, out12) = out.split_at_mut(1); + let (out1, out2) = out12.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut dummy_out0, + ); + } + 4 => { + let (out0, out123) = out.split_at_mut(1); + let (out1, out23) = out123.split_at_mut(1); + let (out2, out3) = out23.split_at_mut(1); + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0[0], + &mut out1[0], + &mut out2[0], + &mut out3[0], + ); } - out + _ => unreachable!("This function must only be called with N = 2, 3, 4"), + } + out } #[inline(always)] @@ -413,7 +412,10 @@ pub(crate) mod neon { #[inline(always)] fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { debug_assert!(K == 2 || K == 3 || K == 4); - let mut state = [x2::incremental::shake128_init(), x2::incremental::shake128_init()]; + let mut state = [ + x2::incremental::shake128_init(), + x2::incremental::shake128_init(), + ]; match K { 2 => { x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); @@ -492,7 +494,11 @@ pub(crate) mod neon { 2 => { let mut out0 = [0u8; BLOCK_SIZE]; let mut out1 = [0u8; BLOCK_SIZE]; - x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[0], &mut out0, &mut out1); + x2::incremental::shake128_squeeze_next_block( + &mut self.shake128_state[0], + &mut out0, + &mut out1, + ); out[0] = out0; out[1] = out1; } @@ -501,8 +507,16 @@ pub(crate) mod neon { let mut out1 = [0u8; BLOCK_SIZE]; let mut out2 = [0u8; BLOCK_SIZE]; let mut out3 = [0u8; BLOCK_SIZE]; - x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[0], &mut out0, &mut out1); - x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[1], &mut out2, &mut out3); + x2::incremental::shake128_squeeze_next_block( + &mut self.shake128_state[0], + &mut out0, + &mut out1, + ); + x2::incremental::shake128_squeeze_next_block( + &mut self.shake128_state[1], + &mut out2, + &mut out3, + ); out[0] = out0; out[1] = out1; out[2] = out2; @@ -512,8 +526,16 @@ pub(crate) mod neon { let mut out1 = [0u8; BLOCK_SIZE]; let mut out2 = [0u8; BLOCK_SIZE]; let mut out3 = [0u8; BLOCK_SIZE]; - x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[0], &mut out0, &mut out1); - x2::incremental::shake128_squeeze_next_block(&mut self.shake128_state[1], &mut out2, &mut out3); + x2::incremental::shake128_squeeze_next_block( + &mut self.shake128_state[0], + &mut out0, + &mut out1, + ); + x2::incremental::shake128_squeeze_next_block( + &mut self.shake128_state[1], + &mut out2, + &mut out3, + ); out[0] = out0; out[1] = out1; out[2] = out2; diff --git a/libcrux-ml-kem/src/vector/rej_sample_table.rs b/libcrux-ml-kem/src/vector/rej_sample_table.rs index 1678df0d4..58cc91632 100644 --- a/libcrux-ml-kem/src/vector/rej_sample_table.rs +++ b/libcrux-ml-kem/src/vector/rej_sample_table.rs @@ -16,747 +16,748 @@ // End of index table lookup calculation pub(super) const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ -[ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], + [ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, + ], + [ + 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], -[ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], + [ + 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], -[ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, -], + [ + 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], -[ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], + [ + 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], -[ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, -], + [ + 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], -[ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], + [ + 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], -[ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], + [ + 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], -[ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], + [ + 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], -[ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -], -[ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], -[ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], + [ + 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + ], + [ + 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], + [ + 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], -[ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, -], + [ + 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, + ], [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], From a5394b95f5c7ad3dc74fd2ce6f32ca9b1cae44a1 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 3 Jun 2024 09:40:14 +0200 Subject: [PATCH 90/94] fixup ml-dsa again --- libcrux-sha3/src/generic_keccak.rs | 19 +++++++++++++++++++ libcrux-sha3/src/lib.rs | 10 +++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 1d18b654f..0737e2581 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -223,6 +223,25 @@ pub(crate) fn squeeze_first_three_blocks, const squeeze_next_block::(s, o2); } +#[inline(always)] +pub(crate) fn squeeze_first_five_blocks, const RATE: usize>( + s: &mut KeccakState, + out: [&mut [u8]; N], +) { + let (o0, o1) = T::split_at_mut_n(out, RATE); + squeeze_first_block::(s, o0); + let (o1, o2) = T::split_at_mut_n(o1, RATE); + + squeeze_next_block::(s, o1); + let (o2, o3) = T::split_at_mut_n(o2, RATE); + + squeeze_next_block::(s, o2); + let (o3, o4) = T::split_at_mut_n(o3, RATE); + + squeeze_next_block::(s, o3); + squeeze_next_block::(s, o4); +} + #[inline(always)] pub(crate) fn squeeze_last, const RATE: usize>( mut s: KeccakState, diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 3ec57b3c3..42379f871 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -226,7 +226,9 @@ pub mod portable { /// An incremental API for SHAKE pub mod incremental { - use generic_keccak::{absorb_final, squeeze_first_three_blocks, squeeze_next_block}; + use generic_keccak::{ + absorb_final, squeeze_first_five_blocks, squeeze_first_three_blocks, squeeze_next_block, + }; use super::*; @@ -250,6 +252,12 @@ pub mod portable { squeeze_first_three_blocks::<1, u64, 168>(&mut s.state, [out0]) } + /// Squeeze five blocks + #[inline(always)] + pub fn shake128_squeeze_first_five_blocks(s: &mut KeccakState1, out0: &mut [u8]) { + squeeze_first_five_blocks::<1, u64, 168>(&mut s.state, [out0]) + } + /// Squeeze another block #[inline(always)] pub fn shake128_squeeze_next_block(s: &mut KeccakState1, out0: &mut [u8]) { From cd246f52669d7d51681ec0ad41730283a3d8c258 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 3 Jun 2024 15:09:30 +0200 Subject: [PATCH 91/94] Add more instructions to c README.md --- libcrux-ml-kem/c/README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/libcrux-ml-kem/c/README.md b/libcrux-ml-kem/c/README.md index 1bbe404d9..9652f89c6 100644 --- a/libcrux-ml-kem/c/README.md +++ b/libcrux-ml-kem/c/README.md @@ -2,6 +2,27 @@ This folder contains the extracted ML-KEM C code. +## Generating C code + +The C code is generated from Rust using [Charon], [Eurydice] and [Karamel]. +The [c.sh](../c.sh) bash script drives the extraction, using the [c.yaml](../c.yaml) +configuration file. +While running the commands separately is possible, it is not recommended because +the script sets all necessary configuration flags. + +## Build + +```bash +cmake -B build -G "Ninja Multi-Config" +cmake --build build +``` + +### Test + +```bash +./build/Debug/ml_kem_test +``` + ## Benchmarks ```bash @@ -9,3 +30,7 @@ cmake -B build -G "Ninja Multi-Config" cmake --build build --config Release ./build/Release/ml_kem_bench ``` + +[Charon]: https://github.com/AeneasVerif/charon/ +[Eurydice]: https://github.com/AeneasVerif/eurydice +[Karamel]: https://github.com/FStarLang/karamel From 295f500622e41690aae3883cd89923803636a741 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 4 Jun 2024 17:25:54 +0200 Subject: [PATCH 92/94] drop c experiments --- .../c-sha3-speedup/#libcrux_sha3_avx2.h# | 181 - .../c-sha3-speedup/.#libcrux_sha3_avx2.h | 1 - libcrux-ml-kem/c-sha3-speedup/.gitignore | 1 - libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt | 154 - .../c-sha3-speedup/CMakeLists.txt.bench | 185 - .../c-sha3-speedup/CMakeLists.txt.bench~ | 185 - libcrux-ml-kem/c-sha3-speedup/avx2 | 489 - .../c-sha3-speedup/benches/mlkem768.cc | 72 - .../c-sha3-speedup/benches/mlkem768_encaps.cc | 36 - .../c-sha3-speedup/benches/mlkem768_keygen.cc | 32 - libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc | 127 - libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h | 246 - .../c-sha3-speedup/internal/libcrux_core.h | 354 - .../internal/libcrux_mlkem768.h | 171 - .../internal/libcrux_mlkem_avx2.h | 97 - .../internal/libcrux_mlkem_neon.h | 97 - .../internal/libcrux_polynomial.h | 333 - .../intrinsics/libcrux_intrinsics_arm64.h | 552 - .../intrinsics/libcrux_intrinsics_avx2.h | 489 - .../karamel/include/krml/c_endianness.h | 13 - .../karamel/include/krml/fstar_int.h | 81 - .../karamel/include/krml/internal/builtin.h | 18 - .../karamel/include/krml/internal/callconv.h | 27 - .../karamel/include/krml/internal/compat.h | 32 - .../karamel/include/krml/internal/debug.h | 57 - .../karamel/include/krml/internal/target.h | 384 - .../karamel/include/krml/internal/types.h | 105 - .../include/krml/internal/wasmsupport.h | 5 - .../karamel/include/krml/lowstar_endianness.h | 231 - .../c-sha3-speedup/karamel/include/krmllib.h | 28 - .../krmllib/dist/minimal/FStar_UInt128.h | 78 - .../dist/minimal/FStar_UInt128_Verified.h | 346 - .../dist/minimal/FStar_UInt_8_16_32_64.h | 213 - .../krmllib/dist/minimal/LowStar_Endianness.h | 27 - .../krmllib/dist/minimal/Makefile.basic | 56 - .../krmllib/dist/minimal/Makefile.include | 5 - .../dist/minimal/fstar_uint128_gcc64.h | 165 - .../krmllib/dist/minimal/fstar_uint128_msvc.h | 510 - .../minimal/fstar_uint128_struct_endianness.h | 68 - .../krmllib/dist/minimal/libkrmllib.def | 11 - libcrux-ml-kem/c-sha3-speedup/libcrux_core.c | 524 - libcrux-ml-kem/c-sha3-speedup/libcrux_core.h | 135 - .../c-sha3-speedup/libcrux_mlkem1024.c | 2181 ---- .../c-sha3-speedup/libcrux_mlkem1024.h | 132 - .../c-sha3-speedup/libcrux_mlkem512.c | 2057 ---- .../c-sha3-speedup/libcrux_mlkem512.h | 138 - .../c-sha3-speedup/libcrux_mlkem768.c | 3030 ----- .../c-sha3-speedup/libcrux_mlkem768.h | 132 - .../c-sha3-speedup/libcrux_mlkem_avx2.c | 10225 ---------------- .../c-sha3-speedup/libcrux_mlkem_avx2.h | 671 - .../c-sha3-speedup/libcrux_mlkem_neon.c | 9734 --------------- .../c-sha3-speedup/libcrux_mlkem_neon.h | 27 - .../c-sha3-speedup/libcrux_mlkem_sha3.h | 26 - .../c-sha3-speedup/libcrux_platform.c | 8 - .../c-sha3-speedup/libcrux_platform.h | 26 - .../c-sha3-speedup/libcrux_polynomial.c | 2423 ---- .../c-sha3-speedup/libcrux_polynomial.h | 31 - libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c | 3246 ----- libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h | 966 -- .../c-sha3-speedup/libcrux_sha3_avx2.c | 2520 ---- .../c-sha3-speedup/libcrux_sha3_avx2.h | 181 - .../c-sha3-speedup/libcrux_sha3_neon.c | 177 - .../c-sha3-speedup/libcrux_sha3_neon.h | 70 - .../c-sha3-speedup/tests/mlkem768.cc | 302 - .../tests/mlkem768_nistkats.json | 802 -- libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc | 84 - 66 files changed, 46110 deletions(-) delete mode 100644 libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# delete mode 120000 libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/.gitignore delete mode 100644 libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt delete mode 100644 libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench delete mode 100644 libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ delete mode 100644 libcrux-ml-kem/c-sha3-speedup/avx2 delete mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc delete mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc delete mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc delete mode 100644 libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc delete mode 100644 libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_core.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_core.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c delete mode 100644 libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h delete mode 100644 libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc delete mode 100644 libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json delete mode 100644 libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc diff --git a/libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# b/libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# deleted file mode 100644 index 0952f20d6..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/#libcrux_sha3_avx2.h# +++ /dev/null @@ -1,181 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_avx2_H -#define __libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "intrinsics/libcrux_intrinsics_avx2.h" - -#include "libcrux_sha3.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s -{ core_core_arch_x86___m256i st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; - -/* -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -); - -void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -); -*/ - -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void); - - /* -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - */ - -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -); - - /* -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - */ - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - - /* - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - */ - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h b/libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h deleted file mode 120000 index 9e19a1449..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/.#libcrux_sha3_avx2.h +++ /dev/null @@ -1 +0,0 @@ -karthik@Ubuntu-2204-jammy-amd64-base.2133727:1714396024 \ No newline at end of file diff --git a/libcrux-ml-kem/c-sha3-speedup/.gitignore b/libcrux-ml-kem/c-sha3-speedup/.gitignore deleted file mode 100644 index 378eac25d..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/.gitignore +++ /dev/null @@ -1 +0,0 @@ -build diff --git a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt deleted file mode 100644 index d9162f6e2..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt +++ /dev/null @@ -1,154 +0,0 @@ -# cmake -B build -G "Ninja Multi-Config" -# cmake --build build - -cmake_minimum_required(VERSION 3.10) - -project(libcrux-ml-kem - VERSION 0.1.0 - LANGUAGES C CXX -) - -set(CMAKE_C_FLAGS " -Wall ") -set(CMAKE_COLOR_DIAGNOSTICS "ON") -include_directories( - ${PROJECT_SOURCE_DIR} - ${PROJECT_SOURCE_DIR}/internal - ${PROJECT_SOURCE_DIR}/karamel/include -) -file(GLOB SOURCES - ${PROJECT_SOURCE_DIR}/libcrux_core.c - ${PROJECT_SOURCE_DIR}/libcrux_platform.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c - ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3.c -) -# file(GLOB VEC128_SOURCES -# libcrux_sha3_neon.c -# ) -file(GLOB SOURCES_vec256 - ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c -) - -set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE) - -if(${CMAKE_SYSTEM_NAME} MATCHES Linux) - add_compile_options( - -fPIC - ) -endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) - -add_library(ml_kem SHARED ${SOURCES}) -add_library(ml_kem_static STATIC ${SOURCES}) - -# if(LIBCRUX_VEC256) -add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) -target_compile_options(ml_kem_vec256 PRIVATE - -mavx - -mavx2 -) -# endif() - -# --- Tests - -# Get gtests -include(FetchContent) -FetchContent_Declare(googletest -DOWNLOAD_EXTRACT_TIMESTAMP TRUE - URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip -) - -# For Windows: Prevent overriding the parent project's compiler/linker settings -set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) -FetchContent_MakeAvailable(googletest) - -# Get nlohmann json -FetchContent_Declare(json -DOWNLOAD_EXTRACT_TIMESTAMP TRUE - URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip -) -FetchContent_MakeAvailable(json) - -add_executable(ml_kem_test - ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc -) -target_link_libraries(ml_kem_test PRIVATE - ml_kem_static - gtest_main - nlohmann_json::nlohmann_json -) - -add_executable(sha3_test - ${PROJECT_SOURCE_DIR}/tests/sha3.cc -) -target_link_libraries(sha3_test PRIVATE - ml_kem_static - gtest_main - nlohmann_json::nlohmann_json -) - -# --- Benchmarks - -FetchContent_Populate(benchmark - GIT_REPOSITORY https://github.com/google/benchmark.git - # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 - # But also: need the fix for https://github.com/google/benchmark/pull/1669 - GIT_TAG bc946b919cac6f25a199a526da571638cfde109f -) -add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) - -add_executable(ml_kem_bench - ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc -) -target_link_libraries(ml_kem_bench PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_bench PRIVATE - -mavx - -mavx2 -) - -add_executable(ml_kem_keygen - ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc -) -target_link_libraries(ml_kem_keygen PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_keygen PRIVATE - -mavx - -mavx2 -) - -add_executable(ml_kem_encaps - ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc -) -target_link_libraries(ml_kem_encaps PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_encaps PRIVATE - -mavx - -mavx2 -) - -add_executable(sha3_bench - ${PROJECT_SOURCE_DIR}/benches/sha3.cc -) -target_link_libraries(sha3_bench PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_bench PRIVATE - -mavx - -mavx2 -) diff --git a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench deleted file mode 100644 index e48282abd..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench +++ /dev/null @@ -1,185 +0,0 @@ -# cmake -B build -G "Ninja Multi-Config" -# cmake --build build -# # For release (benchmarks) -# cmake --build build --config Release - -cmake_minimum_required(VERSION 3.10) - -project(libcrux-ml-kem - VERSION 0.1.0 - LANGUAGES C CXX -) - -set(CMAKE_C_STANDARD 11) -add_compile_options( - -Wall - # -Wextra - # -pedantic - # -Wconversion - # -Wsign-conversion - $<$:-g> - $<$:-Og> - $<$:-g> - $<$:-O3> - -fno-omit-frame-pointer -) -set(CMAKE_COLOR_DIAGNOSTICS "ON") -include_directories( - ${PROJECT_SOURCE_DIR} - ${PROJECT_SOURCE_DIR}/internal - ${PROJECT_SOURCE_DIR}/karamel/include - ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/ -) -file(GLOB SOURCES - ${PROJECT_SOURCE_DIR}/libcrux_core.c - ${PROJECT_SOURCE_DIR}/libcrux_platform.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c - ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c - ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Scalar.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3.c -) -# file(GLOB VEC128_SOURCES -# libcrux_sha3_neon.c -# ) -file(GLOB SOURCES_vec256 - ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c - ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Simd256.c - ${PROJECT_SOURCE_DIR}/sha3_avx2.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c -) - -if(${CMAKE_SYSTEM_NAME} MATCHES Linux) - add_compile_options( - -fPIC - ) -endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) - -add_library(ml_kem SHARED ${SOURCES}) -add_library(ml_kem_static STATIC ${SOURCES}) - -# XXX: This is wrong, but we need avx2 everywhere right now. -target_compile_definitions(ml_kem PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_definitions(ml_kem_static PUBLIC HACL_CAN_COMPILE_VEC256) - -# if(LIBCRUX_VEC256) -add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) -target_compile_options(ml_kem_vec256 PRIVATE - -mavx - -mavx2 -) -target_compile_definitions(ml_kem_vec256 PUBLIC HACL_CAN_COMPILE_VEC256) -# endif() - -# --- Tests - -# Get gtests -include(FetchContent) -FetchContent_Declare(googletest -DOWNLOAD_EXTRACT_TIMESTAMP TRUE - URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip -) - -# For Windows: Prevent overriding the parent project's compiler/linker settings -set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) -FetchContent_MakeAvailable(googletest) - -# Get nlohmann json -FetchContent_Declare(json -DOWNLOAD_EXTRACT_TIMESTAMP TRUE - URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip -) -FetchContent_MakeAvailable(json) - -add_executable(ml_kem_test - ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc -) -target_link_libraries(ml_kem_test PRIVATE - ml_kem_static - gtest_main - nlohmann_json::nlohmann_json -) -target_compile_definitions(ml_kem_test PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_test PRIVATE - -mavx - -mavx2 -) - -add_executable(sha3_test - ${PROJECT_SOURCE_DIR}/tests/sha3.cc -) -target_link_libraries(sha3_test PRIVATE - ml_kem_static - gtest_main - nlohmann_json::nlohmann_json -) -target_compile_definitions(sha3_test PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_test PRIVATE - -mavx - -mavx2 -) - -# --- Benchmarks - -FetchContent_Populate(benchmark - GIT_REPOSITORY https://github.com/google/benchmark.git - # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 - # But also: need the fix for https://github.com/google/benchmark/pull/1669 - GIT_TAG bc946b919cac6f25a199a526da571638cfde109f -) -add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) - -add_executable(ml_kem_bench - ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc -) -target_link_libraries(ml_kem_bench PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_bench PRIVATE - -mavx - -mavx2 -) - -add_executable(ml_kem_keygen - ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc -) -target_link_libraries(ml_kem_keygen PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_keygen PRIVATE - -mavx - -mavx2 -) - -add_executable(ml_kem_encaps - ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc -) -target_link_libraries(ml_kem_encaps PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_encaps PRIVATE - -mavx - -mavx2 -) - -add_executable(sha3_bench - ${PROJECT_SOURCE_DIR}/benches/sha3.cc -) -target_link_libraries(sha3_bench PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_bench PRIVATE - -mavx - -mavx2 -) diff --git a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ b/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ deleted file mode 100644 index e48282abd..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/CMakeLists.txt.bench~ +++ /dev/null @@ -1,185 +0,0 @@ -# cmake -B build -G "Ninja Multi-Config" -# cmake --build build -# # For release (benchmarks) -# cmake --build build --config Release - -cmake_minimum_required(VERSION 3.10) - -project(libcrux-ml-kem - VERSION 0.1.0 - LANGUAGES C CXX -) - -set(CMAKE_C_STANDARD 11) -add_compile_options( - -Wall - # -Wextra - # -pedantic - # -Wconversion - # -Wsign-conversion - $<$:-g> - $<$:-Og> - $<$:-g> - $<$:-O3> - -fno-omit-frame-pointer -) -set(CMAKE_COLOR_DIAGNOSTICS "ON") -include_directories( - ${PROJECT_SOURCE_DIR} - ${PROJECT_SOURCE_DIR}/internal - ${PROJECT_SOURCE_DIR}/karamel/include - ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/ -) -file(GLOB SOURCES - ${PROJECT_SOURCE_DIR}/libcrux_core.c - ${PROJECT_SOURCE_DIR}/libcrux_platform.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c - ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c - ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Scalar.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3.c -) -# file(GLOB VEC128_SOURCES -# libcrux_sha3_neon.c -# ) -file(GLOB SOURCES_vec256 - ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c - ${PROJECT_SOURCE_DIR}/Hacl_Hash_SHA3_Simd256.c - ${PROJECT_SOURCE_DIR}/sha3_avx2.c - ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c -) - -if(${CMAKE_SYSTEM_NAME} MATCHES Linux) - add_compile_options( - -fPIC - ) -endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) - -add_library(ml_kem SHARED ${SOURCES}) -add_library(ml_kem_static STATIC ${SOURCES}) - -# XXX: This is wrong, but we need avx2 everywhere right now. -target_compile_definitions(ml_kem PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_definitions(ml_kem_static PUBLIC HACL_CAN_COMPILE_VEC256) - -# if(LIBCRUX_VEC256) -add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) -target_compile_options(ml_kem_vec256 PRIVATE - -mavx - -mavx2 -) -target_compile_definitions(ml_kem_vec256 PUBLIC HACL_CAN_COMPILE_VEC256) -# endif() - -# --- Tests - -# Get gtests -include(FetchContent) -FetchContent_Declare(googletest -DOWNLOAD_EXTRACT_TIMESTAMP TRUE - URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip -) - -# For Windows: Prevent overriding the parent project's compiler/linker settings -set(gtest_force_shared_crt ON CACHE BOOL "" FORCE) -FetchContent_MakeAvailable(googletest) - -# Get nlohmann json -FetchContent_Declare(json -DOWNLOAD_EXTRACT_TIMESTAMP TRUE - URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip -) -FetchContent_MakeAvailable(json) - -add_executable(ml_kem_test - ${PROJECT_SOURCE_DIR}/tests/mlkem768.cc -) -target_link_libraries(ml_kem_test PRIVATE - ml_kem_static - gtest_main - nlohmann_json::nlohmann_json -) -target_compile_definitions(ml_kem_test PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_test PRIVATE - -mavx - -mavx2 -) - -add_executable(sha3_test - ${PROJECT_SOURCE_DIR}/tests/sha3.cc -) -target_link_libraries(sha3_test PRIVATE - ml_kem_static - gtest_main - nlohmann_json::nlohmann_json -) -target_compile_definitions(sha3_test PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_test PRIVATE - -mavx - -mavx2 -) - -# --- Benchmarks - -FetchContent_Populate(benchmark - GIT_REPOSITORY https://github.com/google/benchmark.git - # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 - # But also: need the fix for https://github.com/google/benchmark/pull/1669 - GIT_TAG bc946b919cac6f25a199a526da571638cfde109f -) -add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) - -add_executable(ml_kem_bench - ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc -) -target_link_libraries(ml_kem_bench PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_bench PRIVATE - -mavx - -mavx2 -) - -add_executable(ml_kem_keygen - ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc -) -target_link_libraries(ml_kem_keygen PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_keygen PRIVATE - -mavx - -mavx2 -) - -add_executable(ml_kem_encaps - ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc -) -target_link_libraries(ml_kem_encaps PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_encaps PRIVATE - -mavx - -mavx2 -) - -add_executable(sha3_bench - ${PROJECT_SOURCE_DIR}/benches/sha3.cc -) -target_link_libraries(sha3_bench PRIVATE - ml_kem_static - benchmark::benchmark -) -target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_bench PRIVATE - -mavx - -mavx2 -) diff --git a/libcrux-ml-kem/c-sha3-speedup/avx2 b/libcrux-ml-kem/c-sha3-speedup/avx2 deleted file mode 100644 index eee258a04..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/avx2 +++ /dev/null @@ -1,489 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_intrinsics_avx2_H -#define __libcrux_intrinsics_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "immintrin.h" - -typedef __m128i core_core_arch_x86___m128i; -typedef __m256i core_core_arch_x86___m256i; - -// Cast and Convert - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a){ - return _mm256_castsi256_si128(a); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a){ - return _mm256_cvtepi16_epi32(a); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a){ - return _mm256_castsi128_si256(a); -} - -// Initialize, Load, Store - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void){ - return _mm256_setzero_si256(); -} - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a){ - return _mm256_set1_epi16(a); -} - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a){ - return _mm256_set1_epi32(a); -} - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a){ - return _mm256_set1_epi64x(a); -} - -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ - return _mm_set1_epi16(a); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16( - int16_t x0, - int16_t x1, - int16_t x2, - int16_t x3, - int16_t x4, - int16_t x5, - int16_t x6, - int16_t x7, - int16_t x8, - int16_t x9, - int16_t x10, - int16_t x11, - int16_t x12, - int16_t x13, - int16_t x14, - int16_t x15 -){ - return _mm256_set_epi16(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi8( - int8_t x0, - int8_t x1, - int8_t x2, - int8_t x3, - int8_t x4, - int8_t x5, - int8_t x6, - int8_t x7, - int8_t x8, - int8_t x9, - int8_t x10, - int8_t x11, - int8_t x12, - int8_t x13, - int8_t x14, - int8_t x15, - int8_t x16, - int8_t x17, - int8_t x18, - int8_t x19, - int8_t x20, - int8_t x21, - int8_t x22, - int8_t x23, - int8_t x24, - int8_t x25, - int8_t x26, - int8_t x27, - int8_t x28, - int8_t x29, - int8_t x30, - int8_t x31 -){ - return _mm256_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15, - x16,x17,x18,x19,x20,x21,x22,x23, - x24,x25,x26,x27,x28,x29,x30,x31); - -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_set_epi8( - uint8_t x0, - uint8_t x1, - uint8_t x2, - uint8_t x3, - uint8_t x4, - uint8_t x5, - uint8_t x6, - uint8_t x7, - uint8_t x8, - uint8_t x9, - uint8_t x10, - uint8_t x11, - uint8_t x12, - uint8_t x13, - uint8_t x14, - uint8_t x15 -){ - return _mm_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15); -} - - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32( - int32_t x0, - int32_t x1, - int32_t x2, - int32_t x3, - int32_t x4, - int32_t x5, - int32_t x6, - int32_t x7 -){ - return _mm256_set_epi32(x0,x1,x2,x3,x4,x5,x6,x7); -} - - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ - return _mm256_loadu_si256((const __m256i*) a.ptr); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ - return _mm256_loadu_si256((const __m256i*) a.ptr); -} - -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ - return _mm_loadu_si128((const __m128i*) a.ptr); -} - - -static inline void -libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128((__m128i*) a.ptr,b); -} - -static inline void -libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, - core_core_arch_x86___m256i b -){ - return _mm256_storeu_si256((__m256i*) a.ptr,b); -} - -static inline void -libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, - core_core_arch_x86___m256i b -){ - return _mm256_storeu_si256((__m256i*) a.ptr,b); -} - -static inline void -libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128((__m128i*) a.ptr,b); -} - -// Arithmetic: Add, Sub - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b - ){ - return _mm256_add_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_add_epi32(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_add_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_add_epi16(a,b); -} - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_sub_epi16(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_sub_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_sub_epi16(a,b); -} - -// Arithmetic: Mul low and high, Mul-Add combinations - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mullo_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mulhi_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mul_epu32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mullo_epi32(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mullo_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_mullo_epi16(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mulhi_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_mulhi_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_madd_epi16(a,b); -} - -// Comparison - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_cmpgt_epi16(a,b); -} - -// Bitwise operations - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_and_si256(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_andnot_si256(a,b); -} - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_xor_si256(a,b); -} - -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ - return _mm_movemask_epi8(a); -} - -// Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b,a)) - -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b,a)) - - -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b,a)) - -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b,a)) - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_slli_epi64(b,a); -} - -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) - -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b,a)) - -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b,a)) - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_sllv_epi32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srli_epi64(b,a); -} - -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_srli_epi64_(a,b)) - -// Shuffle and Vector Interleaving - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpacklo_epi32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpacklo_epi64(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpackhi_epi32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpackhi_epi64(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_packs_epi32(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_packs_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_packs_epi16(a,b); -} - - -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b,a)) - -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b,a)) - -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b,a)) - -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) - -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ - a,\ - b,\ - c,\ - _\ -) (_mm256_inserti128_si256(b,c,a)) - -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b,c,_) \ - (_mm256_blend_epi16(b,c,a)) - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_shuffle_epi8(a,b); -} - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_permutevar8x32_epi32(a,b); -} - - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_shuffle_epi8(a,b); -} - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc deleted file mode 100644 index 680f648e7..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768.cc +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2022 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include - -#include "libcrux_sha3.h" -#include "libcrux_mlkem768.h" -#include "internal/libcrux_core.h" - -void generate_random(uint8_t *output, uint32_t output_len) -{ - for (int i = 0; i < output_len; i++) - output[i] = 13; -} - -static void -kyber768_key_generation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - - for (auto _ : state) - { - key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - } -} - -static void -kyber768_encapsulation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - - for (auto _ : state) - { - ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - } -} - -static void -kyber768_decapsulation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - - for (auto _ : state) - { - libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - } -} - -BENCHMARK(kyber768_key_generation); -BENCHMARK(kyber768_encapsulation); -BENCHMARK(kyber768_decapsulation); - -BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc deleted file mode 100644 index 53ae6af1d..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_encaps.cc +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2022 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include - -#include "libcrux_sha3.h" -#include "libcrux_mlkem768.h" -#include "internal/libcrux_core.h" - -void generate_random(uint8_t *output, uint32_t output_len) -{ - for (int i = 0; i < output_len; i++) - output[i] = 13; -} - -int main(int argc, char const *argv[]) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - - for (size_t i = 0; i < 100000; i++) - { - ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - } - - return 0; -} diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc deleted file mode 100644 index 37eb855d2..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/benches/mlkem768_keygen.cc +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2022 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include - -#include "libcrux_sha3.h" -#include "libcrux_mlkem768.h" -#include "internal/libcrux_core.h" - -void generate_random(uint8_t *output, uint32_t output_len) -{ - for (int i = 0; i < output_len; i++) - output[i] = 13; -} - -int main(int argc, char const *argv[]) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - - for (size_t i = 0; i < 100000; i++) - { - key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - } - return 0; -} diff --git a/libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc b/libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc deleted file mode 100644 index cd12395a1..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/benches/sha3.cc +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright 2022 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include - -#include "libcrux_sha3_avx2.h" -#include "libcrux_mlkem768.h" -#include "internal/libcrux_core.h" - - -void generate_random(uint8_t *output, uint32_t output_len) -{ - for (int i = 0; i < output_len; i++) - output[i] = 13; -} - -static void -sha3_256_1184(benchmark::State &state) -{ - uint8_t digest[32]; - uint8_t input[1184]; - generate_random(input, 1184); - - libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); - - for (auto _ : state) - { - libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); - } -} - -static void -sha3_512_64(benchmark::State &state) -{ - uint8_t digest[64]; - uint8_t input[64]; - generate_random(input, 64); - - libcrux_sha3_portable_sha512(EURYDICE_SLICE(input, 0, 64), EURYDICE_SLICE(digest, 0, 64)); - - for (auto _ : state) - { - libcrux_sha3_portable_sha512(EURYDICE_SLICE(input, 0, 64), EURYDICE_SLICE(digest, 0, 64)); - } -} - -static void -shake128_34_504(benchmark::State &state) -{ - uint8_t digest0[504]; - uint8_t digest1[504]; - uint8_t digest2[504]; - uint8_t digest3[504]; - uint8_t input[34]; - generate_random(input, 34); - - libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(&st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest1,0,504),EURYDICE_SLICE(digest2,0,504),EURYDICE_SLICE(digest3,0,504)); - - - for (auto _ : state) - { - libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(&st,EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(&st,EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest1,0,504),EURYDICE_SLICE(digest2,0,504),EURYDICE_SLICE(digest3,0,504)); - } -} - -static void -shake256_1120_32(benchmark::State &state) -{ - uint8_t input[1120]; - generate_random(input, 1120); - - uint8_t digest0[32]; - uint8_t digest1[32]; - uint8_t digest2[32]; - uint8_t digest3[32]; - Eurydice_slice out0 = EURYDICE_SLICE(digest0, 0, 32); - Eurydice_slice out1 = EURYDICE_SLICE(digest1, 0, 32); - Eurydice_slice out2 = EURYDICE_SLICE(digest2, 0, 32); - Eurydice_slice out3 = EURYDICE_SLICE(digest3, 0, 32); - - libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), out0, out1, out2, out3); - - for (auto _ : state) - { - libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), EURYDICE_SLICE(input, 0, 1120), out0, out1, out2, out3); - } -} - -static void -shake256_33_128(benchmark::State &state) -{ - uint8_t input[33]; - generate_random(input, 33); - - uint8_t digest0[128]; - uint8_t digest1[128]; - uint8_t digest2[128]; - uint8_t digest3[128]; - Eurydice_slice out0 = EURYDICE_SLICE(digest0, 0, 128); - Eurydice_slice out1 = EURYDICE_SLICE(digest1, 0, 128); - Eurydice_slice out2 = EURYDICE_SLICE(digest2, 0, 128); - Eurydice_slice out3 = EURYDICE_SLICE(digest3, 0, 128); - - libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), out0, out1, out2, out3); - - for (auto _ : state) - { - libcrux_sha3_avx2_x4_shake256(EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), EURYDICE_SLICE(input, 0, 128), out0, out1, out2, out3); - } -} - -BENCHMARK(sha3_256_1184); -BENCHMARK(sha3_512_64); -BENCHMARK(shake128_34_504); -BENCHMARK(shake256_1120_32); -BENCHMARK(shake256_33_128); - -BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h b/libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h deleted file mode 100644 index dd4888af3..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/eurydice_glue.h +++ /dev/null @@ -1,246 +0,0 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) - -// SLICES, ARRAYS, ETC. - -// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. -// the number of elements in the slice (this is NOT the number of bytes). This design choice has two -// important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it -// by sizeof t, where t is the type of the elements. -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end -// index in x (excluded). The argument x must be suitably cast to something that can decay (see -// remark above about how pointer arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) -#define EURYDICE_SLICE_LEN(s, _) s.len -// This macro is a pain because in case the dereferenced element type is an -// array, you cannot simply write `t x` as it would yield `int[4] x` instead, -// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that -// adds an extra argument to this macro at the last minute so that we have the -// correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t) s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) - -#define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ - (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = { .ptr = slice.ptr, .len = mid }, \ - .snd = { .ptr = slice.ptr + mid * sizeof(element_type), .len = slice.len - mid }}) - - -// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. -typedef struct -{ - uint8_t tag; - uint8_t case_Ok[]; -} -result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { - uint32_t x = htobe32(src); - memcpy(dst, &x, 4); -} - -static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { - store64_le(buf,v); -} -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - return load64_le(buf); -} - -static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { - return x; -} - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { return __builtin_popcount(x0); } - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } - -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { - *x0 = *x0 + *x1; -} - -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } - -// ITERATORS - -#define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ - ((iter_ptr)->start == (iter_ptr)->end) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ - ) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter - -typedef struct { - Eurydice_slice slice; - size_t chunk_size; -} Eurydice_chunks; - - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static -// inline function cannot receive a type as an argument. Instead, we receive the element size and -// use it to peform manual offset computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); - chunks->slice = ((Eurydice_slice) { - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size - }); - return curr_chunk; -} - -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ - .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ - .chunk_size = sz_ }) -#define core_slice_iter_Chunks Eurydice_chunks -#define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t)) })) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ - core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) - -typedef struct { - Eurydice_slice s; - size_t index; -} Eurydice_slice_iterator; - -#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) -#define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ - (((iter)->index == (iter)->s.len) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) - -// STRINGS - -typedef const char *Prims_string; - -// MISC (UNTESTED) - -typedef void *core_fmt_Formatter; -typedef void *core_fmt_Arguments; -typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, x4) NULL - -// VECTORS (ANCIENT, POSSIBLY UNTESTED) - -/* For now these are passed by value -- three words. We could conceivably change - * the representation to heap-allocate this struct and only pass around the - * pointer (one word). */ -typedef struct { - void *ptr; - size_t len; /* the number of elements */ - size_t alloc_size; /* the size of the allocation, in number of BYTES */ -} Eurydice_vec_s, *Eurydice_vec; - -/* Here, we set everything to zero rather than use a non-standard GCC - * statement-expression -- this suitably initializes ptr to NULL and len and - * size to 0. */ -#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size/sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX/2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t*)v->ptr)[v->len] = x; \ - v->len++; \ - } while (0) - -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ - } while (0) - -#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] -#define EURYDICE_VEC_LEN(v, t) (v)->len - -/* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) - -#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) - -#if defined(__cplusplus) -} -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h deleted file mode 100644 index 9aa756e5f..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_core.h +++ /dev/null @@ -1,354 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_core_H -#define __internal_libcrux_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_core.h" -#include "eurydice_glue.h" - -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); - -extern core_fmt_Arguments -core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); - -typedef struct core_option_Option__size_t_s -{ - core_option_Option__size_t_tags tag; - size_t f0; -} -core_option_Option__size_t; - -#define CORE_NUM__U32_8__BITS (32U) - -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - -#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -); - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) - -libcrux_ml_kem_types_MlKemPublicKey____800size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -); - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -); - -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s -{ - uint8_t fst[768U]; - uint8_t snd[800U]; -} -K___uint8_t_768size_t__uint8_t_800size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____768size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U] -); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); - -libcrux_ml_kem_types_MlKemPublicKey____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -); - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -); - -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s -{ - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} -K___uint8_t_1536size_t__uint8_t_1568size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U] -); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); - -libcrux_ml_kem_types_MlKemPublicKey____1184size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -); - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -); - -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s -{ - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____1088size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U] -); - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); - -typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); - -typedef struct K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; - -typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); - -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; - -typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s -{ - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U] -); - -typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s -{ - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U] -); - -typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s -{ - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U] -); - -typedef struct core_option_Option__Eurydice_slice_uint8_t_s -{ - core_option_Option__size_t_tags tag; - Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; - -typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s -{ - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -); - -typedef struct K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s -{ - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} -K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; - -typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -); - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h deleted file mode 100644 index a602ad3b3..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem768.h +++ /dev/null @@ -1,171 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_mlkem768_H -#define __internal_libcrux_mlkem768_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_core.h" -#include "../libcrux_mlkem768.h" -#include "eurydice_glue.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -); - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -); - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -); - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -); - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -); - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem768_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h deleted file mode 100644 index 963e10927..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_avx2.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_mlkem_avx2_H -#define __internal_libcrux_mlkem_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" -#include "../libcrux_mlkem_avx2.h" -#include "eurydice_glue.h" - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h deleted file mode 100644 index 557f90c7a..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_mlkem_neon.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_mlkem_neon_H -#define __internal_libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" -#include "../libcrux_mlkem_neon.h" -#include "eurydice_glue.h" - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h b/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h deleted file mode 100644 index b30f7d486..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/internal/libcrux_polynomial.h +++ /dev/null @@ -1,333 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_polynomial_H -#define __internal_libcrux_polynomial_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_core.h" -#include "../libcrux_polynomial.h" -#include "eurydice_glue.h" - -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) - -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) - -extern const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U]; - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -); - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[2U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[4U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -); - -typedef struct -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector fst[3U]; - uint8_t snd; -} -K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_polynomial_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h deleted file mode 100644 index b14f283be..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_arm64.h +++ /dev/null @@ -1,552 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c2.yml ../../libcrux_ml_kem.llbc F* version: a32b316e KaRaMeL version: - 020de30f - */ - -#ifndef __libcrux_intrinsics_arm64_H -#define __libcrux_intrinsics_arm64_H - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#include "eurydice_glue.h" -#include - - // NEON Vector Types - typedef int16x4_t core_core_arch_arm_shared_neon_int16x4_t; - typedef uint16x4_t core_core_arch_arm_shared_neon_uint16x4_t; - typedef int8x16_t core_core_arch_arm_shared_neon_int8x16_t; - typedef uint8x16_t core_core_arch_arm_shared_neon_uint8x16_t; - typedef int16x8_t core_core_arch_arm_shared_neon_int16x8_t; - typedef uint16x8_t core_core_arch_arm_shared_neon_uint16x8_t; - typedef int32x4_t core_core_arch_arm_shared_neon_int32x4_t; - typedef uint32x4_t core_core_arch_arm_shared_neon_uint32x4_t; - typedef int64x2_t core_core_arch_arm_shared_neon_int64x2_t; - typedef uint64x2_t core_core_arch_arm_shared_neon_uint64x2_t; - - // Casting Between Vector Types - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vreinterpretq_s16_u16(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_u16_s16(a); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vreinterpretq_u32_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_u32_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vreinterpretq_s32_u32( - core_core_arch_arm_shared_neon_uint32x4_t a) - { - return vreinterpretq_s32_u32(a); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - core_core_arch_arm_shared_neon_int32x4_t a) - { - return vreinterpretq_u32_s32(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_u32( - core_core_arch_arm_shared_neon_uint32x4_t a) - { - return vreinterpretq_s16_u32(a); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_s32_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - core_core_arch_arm_shared_neon_int32x4_t a) - { - return vreinterpretq_s16_s32(a); - } - - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vreinterpretq_s64_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_s64_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - core_core_arch_arm_shared_neon_int64x2_t a) - { - return vreinterpretq_s16_s64(a); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vreinterpretq_u8_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vreinterpretq_u8_s16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - core_core_arch_arm_shared_neon_uint8x16_t a) - { - return vreinterpretq_s16_u8(a); - } - - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - core_core_arch_arm_shared_neon_int32x4_t a) - { - return vreinterpretq_s64_s32(a); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vreinterpretq_u8_s64( - core_core_arch_arm_shared_neon_int64x2_t a) - { - return vreinterpretq_u8_s64(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - core_core_arch_arm_shared_neon_uint8x16_t a) - { - return vreinterpretq_u16_u8(a); - } - - // Initialize, Load, Store - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vdupq_n_s16(int16_t c) - { - return vdupq_n_s16(c); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t a) - { - return vdupq_n_u32(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value); - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice slice) - { - return vld1q_s16((int16_t*)slice.ptr); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_slice slice) - { - return vld1q_u8((uint8_t*)slice.ptr); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vld1q_u16(Eurydice_slice slice) - { - return vld1q_u16((uint16_t*)slice.ptr); - } - - static inline void libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_slice out, - core_core_arch_arm_shared_neon_int16x8_t a) - { - vst1q_s16((int16_t*)out.ptr, a); - } - - static inline void libcrux_intrinsics_arm64__vst1q_u8( - Eurydice_slice out, - core_core_arch_arm_shared_neon_uint8x16_t a) - { - vst1q_u8((uint8_t*)out.ptr, a); - } - - // Arithmetic: Add, Sub - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vaddq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vaddq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vaddq_u32( - core_core_arch_arm_shared_neon_uint32x4_t a, - core_core_arch_arm_shared_neon_uint32x4_t b) - { - return vaddq_u32(a, b); - } - - static inline int16_t libcrux_intrinsics_arm64__vaddvq_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vaddvq_s16(a); - } - - static inline uint16_t libcrux_intrinsics_arm64__vaddv_u16( - core_core_arch_arm_shared_neon_uint16x4_t a) - { - return vaddv_s16(a); - } - - static inline uint16_t libcrux_intrinsics_arm64__vaddvq_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vaddvq_u16(a); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vsubq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vsubq_s16(a, b); - } - - // Arithmetic: Mul, Mul-High, Mul-Add - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vmulq_n_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - int16_t c) - { - return vmulq_n_s16(a, c); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - int16_t c) - { - return vqdmulhq_n_s16(a, c); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vmulq_n_u16( - core_core_arch_arm_shared_neon_uint16x8_t a, - uint16_t c) - { - return vmulq_n_s16(a, c); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - core_core_arch_arm_shared_neon_int32x4_t a, - int32_t c) - { - return vqdmulhq_n_s32(a, c); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vmulq_n_u32( - core_core_arch_arm_shared_neon_uint32x4_t a, - uint32_t c) - { - return vmulq_n_u32(a, c); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vmulq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vmulq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vqdmulhq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vqdmulhq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmull_s16( - core_core_arch_arm_shared_neon_int16x4_t a, - core_core_arch_arm_shared_neon_int16x4_t b); - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmull_high_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vmull_high_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmlal_s16( - core_core_arch_arm_shared_neon_int32x4_t a, - core_core_arch_arm_shared_neon_int16x4_t b, - core_core_arch_arm_shared_neon_int16x4_t c) - { - return vmlal_s16(a, b, c); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vmlal_high_s16( - core_core_arch_arm_shared_neon_int32x4_t a, - core_core_arch_arm_shared_neon_int16x8_t b, - core_core_arch_arm_shared_neon_int16x8_t c) - { - return vmlal_high_s16(a, b, c); - } - - // Comparisons - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vcgeq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vcgeq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vcleq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vcleq_s16(a, b); - } - - // Bitwise Operations - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vandq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vandq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__veorq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return veorq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_uint32x4_t - libcrux_intrinsics_arm64__vandq_u32( - core_core_arch_arm_shared_neon_uint32x4_t a, - core_core_arch_arm_shared_neon_uint32x4_t b) - { - return vandq_u32(a, b); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vandq_u16( - core_core_arch_arm_shared_neon_uint16x8_t a, - core_core_arch_arm_shared_neon_uint16x8_t b) - { - return vandq_u16(a, b); - } - - // Shift Operations - -#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a) \ - (vshrq_n_s16(a, SHIFT_BY)) - -#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a) \ - (vshrq_n_u16(a, SHIFT_BY)) - -#define libcrux_intrinsics_arm64__vshrq_n_u32(N, a) (vshrq_n_u32(a, N)) - -#define libcrux_intrinsics_arm64__vshlq_n_u32(N, a) (vshlq_n_u32(a, N)) - -#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a) \ - (vshlq_n_s16(a, SHIFT_BY)) - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vshlq_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vshlq_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_uint16x8_t - libcrux_intrinsics_arm64__vshlq_u16( - core_core_arch_arm_shared_neon_uint16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vshlq_u16(a, b); - } - -#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b) (vsliq_n_s16(a, b, N)) - -#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b) (vsliq_n_s64(a, b, N)) - - // Transpose and Vector Manipulations - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vtrn1q_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vtrn1q_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int16x8_t - libcrux_intrinsics_arm64__vtrn2q_s16( - core_core_arch_arm_shared_neon_int16x8_t a, - core_core_arch_arm_shared_neon_int16x8_t b) - { - return vtrn2q_s16(a, b); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vtrn1q_s32( - core_core_arch_arm_shared_neon_int32x4_t a, - core_core_arch_arm_shared_neon_int32x4_t b) - { - return vtrn1q_s32(a, b); - } - - static inline core_core_arch_arm_shared_neon_int32x4_t - libcrux_intrinsics_arm64__vtrn2q_s32( - core_core_arch_arm_shared_neon_int32x4_t a, - core_core_arch_arm_shared_neon_int32x4_t b) - { - return vtrn2q_s32(a, b); - } - - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vtrn1q_s64( - core_core_arch_arm_shared_neon_int64x2_t a, - core_core_arch_arm_shared_neon_int64x2_t b) - { - return vtrn1q_s64(a, b); - } - - static inline core_core_arch_arm_shared_neon_int64x2_t - libcrux_intrinsics_arm64__vtrn2q_s64( - core_core_arch_arm_shared_neon_int64x2_t a, - core_core_arch_arm_shared_neon_int64x2_t b) - { - return vtrn2q_s64(a, b); - } - - static inline core_core_arch_arm_shared_neon_int16x4_t - libcrux_intrinsics_arm64__vget_low_s16( - core_core_arch_arm_shared_neon_int16x8_t a) - { - return vget_low_s16(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x4_t - libcrux_intrinsics_arm64__vget_low_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vget_low_u16(a); - } - - static inline core_core_arch_arm_shared_neon_uint16x4_t - libcrux_intrinsics_arm64__vget_high_u16( - core_core_arch_arm_shared_neon_uint16x8_t a) - { - return vget_high_u16(a); - } - - static inline core_core_arch_arm_shared_neon_uint8x16_t - libcrux_intrinsics_arm64__vqtbl1q_u8( - core_core_arch_arm_shared_neon_uint8x16_t a, - core_core_arch_arm_shared_neon_uint8x16_t b) - { - return vqtbl1q_u8(a, b); - } - -#define libcrux_intrinsics_arm64__vshlq_n_u64(SHIFT_BY, x, _ret_t) \ - (vshlq_n_u64(x, SHIFT_BY)) - -#define libcrux_intrinsics_arm64__vshrq_n_u64(SHIFT_BY, x, _ret_t) \ - (vshrq_n_u64(x, SHIFT_BY)) - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__veorq_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return veorq_u64(x0, x1); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vbicq_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return vbicq_u64(x0, x1); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vdupq_n_u64(uint64_t x0) - { - return vdupq_n_u64(x0); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice x0) - { - return vld1q_u64((uint64_t*)x0.ptr); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vtrn1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return vtrn1q_u64(x0, x1); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vtrn2q_u64( - core_core_arch_arm_shared_neon_uint64x2_t x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - return vtrn2q_u64(x0, x1); - } - - static inline core_core_arch_arm_shared_neon_uint64x2_t - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_slice x0) - { - return vld1q_u64((uint64_t*)x0.ptr); - } - - static inline void libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice x0, - core_core_arch_arm_shared_neon_uint64x2_t x1) - { - vst1q_u64((uint64_t*)x0.ptr, x1); - } - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_arm64_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h deleted file mode 100644 index eee258a04..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/intrinsics/libcrux_intrinsics_avx2.h +++ /dev/null @@ -1,489 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc - F* version: - KaRaMeL version: - */ - -#ifndef __libcrux_intrinsics_avx2_H -#define __libcrux_intrinsics_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "immintrin.h" - -typedef __m128i core_core_arch_x86___m128i; -typedef __m256i core_core_arch_x86___m256i; - -// Cast and Convert - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a){ - return _mm256_castsi256_si128(a); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a){ - return _mm256_cvtepi16_epi32(a); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a){ - return _mm256_castsi128_si256(a); -} - -// Initialize, Load, Store - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256(void){ - return _mm256_setzero_si256(); -} - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a){ - return _mm256_set1_epi16(a); -} - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a){ - return _mm256_set1_epi32(a); -} - -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a){ - return _mm256_set1_epi64x(a); -} - -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16(int16_t a){ - return _mm_set1_epi16(a); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16( - int16_t x0, - int16_t x1, - int16_t x2, - int16_t x3, - int16_t x4, - int16_t x5, - int16_t x6, - int16_t x7, - int16_t x8, - int16_t x9, - int16_t x10, - int16_t x11, - int16_t x12, - int16_t x13, - int16_t x14, - int16_t x15 -){ - return _mm256_set_epi16(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi8( - int8_t x0, - int8_t x1, - int8_t x2, - int8_t x3, - int8_t x4, - int8_t x5, - int8_t x6, - int8_t x7, - int8_t x8, - int8_t x9, - int8_t x10, - int8_t x11, - int8_t x12, - int8_t x13, - int8_t x14, - int8_t x15, - int8_t x16, - int8_t x17, - int8_t x18, - int8_t x19, - int8_t x20, - int8_t x21, - int8_t x22, - int8_t x23, - int8_t x24, - int8_t x25, - int8_t x26, - int8_t x27, - int8_t x28, - int8_t x29, - int8_t x30, - int8_t x31 -){ - return _mm256_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15, - x16,x17,x18,x19,x20,x21,x22,x23, - x24,x25,x26,x27,x28,x29,x30,x31); - -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_set_epi8( - uint8_t x0, - uint8_t x1, - uint8_t x2, - uint8_t x3, - uint8_t x4, - uint8_t x5, - uint8_t x6, - uint8_t x7, - uint8_t x8, - uint8_t x9, - uint8_t x10, - uint8_t x11, - uint8_t x12, - uint8_t x13, - uint8_t x14, - uint8_t x15 -){ - return _mm_set_epi8(x0,x1,x2,x3,x4,x5,x6,x7, - x8,x9,x10,x11,x12,x13,x14,x15); -} - - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32( - int32_t x0, - int32_t x1, - int32_t x2, - int32_t x3, - int32_t x4, - int32_t x5, - int32_t x6, - int32_t x7 -){ - return _mm256_set_epi32(x0,x1,x2,x3,x4,x5,x6,x7); -} - - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a){ - return _mm256_loadu_si256((const __m256i*) a.ptr); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a){ - return _mm256_loadu_si256((const __m256i*) a.ptr); -} - -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice a){ - return _mm_loadu_si128((const __m128i*) a.ptr); -} - - -static inline void -libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128((__m128i*) a.ptr,b); -} - -static inline void -libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, - core_core_arch_x86___m256i b -){ - return _mm256_storeu_si256((__m256i*) a.ptr,b); -} - -static inline void -libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, - core_core_arch_x86___m256i b -){ - return _mm256_storeu_si256((__m256i*) a.ptr,b); -} - -static inline void -libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice a, core_core_arch_x86___m128i b){ - return _mm_storeu_si128((__m128i*) a.ptr,b); -} - -// Arithmetic: Add, Sub - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b - ){ - return _mm256_add_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_add_epi32(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_add_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_add_epi16(a,b); -} - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_sub_epi16(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_sub_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_sub_epi16(a,b); -} - -// Arithmetic: Mul low and high, Mul-Add combinations - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mullo_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mulhi_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mul_epu32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_mullo_epi32(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mullo_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_mullo_epi16(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_mulhi_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_mulhi_epi16(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_madd_epi16(a,b); -} - -// Comparison - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_cmpgt_epi16(a,b); -} - -// Bitwise operations - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_and_si256(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_andnot_si256(a,b); -} - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_xor_si256(a,b); -} - -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8(core_core_arch_x86___m128i a){ - return _mm_movemask_epi8(a); -} - -// Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b,a)) - -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b,a)) - - -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b,a)) - -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b,a)) - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_slli_epi64(b,a); -} - -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_slli_epi64_(a,b)) - -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b,a)) - -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b,a)) - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_sllv_epi32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b){ - return _mm256_srli_epi64(b,a); -} - -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a,b,c) (libcrux_intrinsics_avx2_mm256_srli_epi64_(a,b)) - -// Shuffle and Vector Interleaving - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpacklo_epi32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpacklo_epi64(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpackhi_epi32(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_unpackhi_epi64(a,b); -} - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_packs_epi32(a,b); -} - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_packs_epi16( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_packs_epi16(a,b); -} - - -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b,a)) - -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b,a)) - -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b,a)) - -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a,b,c,d) (_mm256_permute2x128_si256(b,c,a)) - -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(\ - a,\ - b,\ - c,\ - _\ -) (_mm256_inserti128_si256(b,c,a)) - -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a,b,c,_) \ - (_mm256_blend_epi16(b,c,a)) - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_shuffle_epi8(a,b); -} - - -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -){ - return _mm256_permutevar8x32_epi32(a,b); -} - - -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8( - core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b -){ - return _mm_shuffle_epi8(a,b); -} - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_intrinsics_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h deleted file mode 100644 index 21d7e1b4f..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/c_endianness.h +++ /dev/null @@ -1,13 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef __KRML_ENDIAN_H -#define __KRML_ENDIAN_H - -#ifdef __GNUC__ -#warning "c_endianness.h is deprecated, include lowstar_endianness.h instead" -#endif - -#include "lowstar_endianness.h" - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h deleted file mode 100644 index 174ae59e3..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/fstar_int.h +++ /dev/null @@ -1,81 +0,0 @@ -#ifndef __FSTAR_INT_H -#define __FSTAR_INT_H - -#include "internal/types.h" - -/* - * Arithmetic Shift Right operator - * - * In all C standards, a >> b is implementation-defined when a has a signed - * type and a negative value. See e.g. 6.5.7 in - * http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2310.pdf - * - * GCC, MSVC, and Clang implement a >> b as an arithmetic shift. - * - * GCC: https://gcc.gnu.org/onlinedocs/gcc-9.1.0/gcc/Integers-implementation.html#Integers-implementation - * MSVC: https://docs.microsoft.com/en-us/cpp/cpp/left-shift-and-right-shift-operators-input-and-output?view=vs-2019#right-shifts - * Clang: tested that Clang 7, 8 and 9 compile this to an arithmetic shift - * - * We implement arithmetic shift right simply as >> in these compilers - * and bail out in others. - */ - -#if !(defined(_MSC_VER) || defined(__GNUC__) || (defined(__clang__) && (__clang_major__ >= 7))) - -static inline -int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { - do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); - KRML_HOST_EXIT(255); - } while (0); -} - -static inline -int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { - do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); - KRML_HOST_EXIT(255); - } while (0); -} - -static inline -int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { - do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); - KRML_HOST_EXIT(255); - } while (0); -} - -static inline -int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { - do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); - KRML_HOST_EXIT(255); - } while (0); -} - -#else - -static inline -int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { - return (a >> b); -} - -static inline -int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { - return (a >> b); -} - -static inline -int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { - return (a >> b); -} - -static inline -int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { - return (a >> b); -} - -#endif /* !(defined(_MSC_VER) ... ) */ - -#endif /* __FSTAR_INT_H */ diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h deleted file mode 100644 index 6098f30be..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/builtin.h +++ /dev/null @@ -1,18 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef __KRML_BUILTIN_H -#define __KRML_BUILTIN_H - -/* For alloca, when using KaRaMeL's -falloca */ -#if (defined(_WIN32) || defined(_WIN64)) -# include -#elif (defined(sun)) -# include -#endif - -/* If some globals need to be initialized before the main, then karamel will - * generate and try to link last a function with this type: */ -void krmlinit_globals(void); - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h deleted file mode 100644 index aeca0ba71..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/callconv.h +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef __KRML_CALLCONV_H -#define __KRML_CALLCONV_H - -/******************************************************************************/ -/* Some macros to ease compatibility (TODO: move to miTLS) */ -/******************************************************************************/ - -/* We want to generate __cdecl safely without worrying about it being undefined. - * When using MSVC, these are always defined. When using MinGW, these are - * defined too. They have no meaning for other platforms, so we define them to - * be empty macros in other situations. */ -#ifndef _MSC_VER -#ifndef __cdecl -#define __cdecl -#endif -#ifndef __stdcall -#define __stdcall -#endif -#ifndef __fastcall -#define __fastcall -#endif -#endif - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h deleted file mode 100644 index b557bbc1b..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/compat.h +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef KRML_COMPAT_H -#define KRML_COMPAT_H - -#include - -/* A series of macros that define C implementations of types that are not Low*, - * to facilitate porting programs to Low*. */ - -typedef struct { - uint32_t length; - const char *data; -} FStar_Bytes_bytes; - -typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int, - krml_checked_int_t; - -#define RETURN_OR(x) \ - do { \ - int64_t __ret = x; \ - if (__ret < INT32_MIN || INT32_MAX < __ret) { \ - KRML_HOST_PRINTF( \ - "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \ - __LINE__); \ - KRML_HOST_EXIT(252); \ - } \ - return (int32_t)__ret; \ - } while (0) - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h deleted file mode 100644 index 786db147e..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/debug.h +++ /dev/null @@ -1,57 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef __KRML_DEBUG_H -#define __KRML_DEBUG_H - -#include - -#include "krml/internal/target.h" - -/******************************************************************************/ -/* Debugging helpers - intended only for KaRaMeL developers */ -/******************************************************************************/ - -/* In support of "-wasm -d force-c": we might need this function to be - * forward-declared, because the dependency on WasmSupport appears very late, - * after SimplifyWasm, and sadly, after the topological order has been done. */ -void WasmSupport_check_buffer_size(uint32_t s); - -/* A series of GCC atrocities to trace function calls (karamel's [-d c-calls] - * option). Useful when trying to debug, say, Wasm, to compare traces. */ -/* clang-format off */ -#ifdef __GNUC__ -#define KRML_FORMAT(X) _Generic((X), \ - uint8_t : "0x%08" PRIx8, \ - uint16_t: "0x%08" PRIx16, \ - uint32_t: "0x%08" PRIx32, \ - uint64_t: "0x%08" PRIx64, \ - int8_t : "0x%08" PRIx8, \ - int16_t : "0x%08" PRIx16, \ - int32_t : "0x%08" PRIx32, \ - int64_t : "0x%08" PRIx64, \ - default : "%s") - -#define KRML_FORMAT_ARG(X) _Generic((X), \ - uint8_t : X, \ - uint16_t: X, \ - uint32_t: X, \ - uint64_t: X, \ - int8_t : X, \ - int16_t : X, \ - int32_t : X, \ - int64_t : X, \ - default : "unknown") -/* clang-format on */ - -# define KRML_DEBUG_RETURN(X) \ - ({ \ - __auto_type _ret = (X); \ - KRML_HOST_PRINTF("returning: "); \ - KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \ - KRML_HOST_PRINTF(" \n"); \ - _ret; \ - }) -#endif - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h deleted file mode 100644 index d4252a108..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/target.h +++ /dev/null @@ -1,384 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef __KRML_TARGET_H -#define __KRML_TARGET_H - -#include -#include -#include -#include -#include -#include -#include - -/* Since KaRaMeL emits the inline keyword unconditionally, we follow the - * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this - * __inline__ to ensure the code compiles with -std=c90 and earlier. */ -#ifdef __GNUC__ -# define inline __inline__ -#endif - -/******************************************************************************/ -/* Macros that KaRaMeL will generate. */ -/******************************************************************************/ - -/* For "bare" targets that do not have a C stdlib, the user might want to use - * [-add-early-include '"mydefinitions.h"'] and override these. */ -#ifndef KRML_HOST_PRINTF -# define KRML_HOST_PRINTF printf -#endif - -#if ( \ - (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - (!(defined KRML_HOST_EPRINTF))) -# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) -#elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER) -# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) -#endif - -#ifndef KRML_HOST_EXIT -# define KRML_HOST_EXIT exit -#endif - -#ifndef KRML_HOST_MALLOC -# define KRML_HOST_MALLOC malloc -#endif - -#ifndef KRML_HOST_CALLOC -# define KRML_HOST_CALLOC calloc -#endif - -#ifndef KRML_HOST_FREE -# define KRML_HOST_FREE free -#endif - -#ifndef KRML_HOST_IGNORE -# define KRML_HOST_IGNORE(x) (void)(x) -#endif - -#ifndef KRML_MAYBE_UNUSED_VAR -# define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x) -#endif - -#ifndef KRML_MAYBE_UNUSED -# if defined(__GNUC__) -# define KRML_MAYBE_UNUSED __attribute__((unused)) -# else -# define KRML_MAYBE_UNUSED -# endif -#endif - -#ifndef KRML_NOINLINE -# if defined(_MSC_VER) -# define KRML_NOINLINE __declspec(noinline) -# elif defined (__GNUC__) -# define KRML_NOINLINE __attribute__((noinline,unused)) -# else -# define KRML_NOINLINE -# warning "The KRML_NOINLINE macro is not defined for this toolchain!" -# warning "The compiler may defeat side-channel resistance with optimizations." -# warning "Please locate target.h and try to fill it out with a suitable definition for this compiler." -# endif -#endif - -#ifndef KRML_PRE_ALIGN -# ifdef _MSC_VER -# define KRML_PRE_ALIGN(X) __declspec(align(X)) -# else -# define KRML_PRE_ALIGN(X) -# endif -#endif - -#ifndef KRML_POST_ALIGN -# ifdef _MSC_VER -# define KRML_POST_ALIGN(X) -# else -# define KRML_POST_ALIGN(X) __attribute__((aligned(X))) -# endif -#endif - -/* MinGW-W64 does not support C11 aligned_alloc, but it supports - * MSVC's _aligned_malloc. - */ -#ifndef KRML_ALIGNED_MALLOC -# ifdef __MINGW32__ -# include <_mingw.h> -# endif -# if ( \ - defined(_MSC_VER) || \ - (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) -# define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X) -# else -# define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y) -# endif -#endif - -/* Since aligned allocations with MinGW-W64 are done with - * _aligned_malloc (see above), such pointers must be freed with - * _aligned_free. - */ -#ifndef KRML_ALIGNED_FREE -# ifdef __MINGW32__ -# include <_mingw.h> -# endif -# if ( \ - defined(_MSC_VER) || \ - (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) -# define KRML_ALIGNED_FREE(X) _aligned_free(X) -# else -# define KRML_ALIGNED_FREE(X) free(X) -# endif -#endif - -#ifndef KRML_HOST_TIME - -# include - -/* Prims_nat not yet in scope */ -inline static int32_t krml_time(void) { - return (int32_t)time(NULL); -} - -# define KRML_HOST_TIME krml_time -#endif - -/* In statement position, exiting is easy. */ -#define KRML_EXIT \ - do { \ - KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \ - KRML_HOST_EXIT(254); \ - } while (0) - -/* In expression position, use the comma-operator and a malloc to return an - * expression of the right size. KaRaMeL passes t as the parameter to the macro. - */ -#define KRML_EABORT(t, msg) \ - (KRML_HOST_PRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \ - KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t)))) - -/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of - * *elements*. Do an ugly, run-time check (some of which KaRaMeL can eliminate). - */ -#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) -# define _KRML_CHECK_SIZE_PRAGMA \ - _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") -#else -# define _KRML_CHECK_SIZE_PRAGMA -#endif - -#define KRML_CHECK_SIZE(size_elt, sz) \ - do { \ - _KRML_CHECK_SIZE_PRAGMA \ - if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ - KRML_HOST_PRINTF( \ - "Maximum allocatable size exceeded, aborting before overflow at " \ - "%s:%d\n", \ - __FILE__, __LINE__); \ - KRML_HOST_EXIT(253); \ - } \ - } while (0) - -#if defined(_MSC_VER) && _MSC_VER < 1900 -# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) \ - _snprintf_s(buf, sz, _TRUNCATE, fmt, arg) -#else -# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg) -#endif - -#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) -# define KRML_DEPRECATED(x) __attribute__((deprecated(x))) -#elif defined(__GNUC__) -/* deprecated attribute is not defined in GCC < 4.5. */ -# define KRML_DEPRECATED(x) -#elif defined(_MSC_VER) -# define KRML_DEPRECATED(x) __declspec(deprecated(x)) -#endif - -/* Macros for prettier unrolling of loops */ -#define KRML_LOOP1(i, n, x) { \ - x \ - i += n; \ - (void) i; \ -} - -#define KRML_LOOP2(i, n, x) \ - KRML_LOOP1(i, n, x) \ - KRML_LOOP1(i, n, x) - -#define KRML_LOOP3(i, n, x) \ - KRML_LOOP2(i, n, x) \ - KRML_LOOP1(i, n, x) - -#define KRML_LOOP4(i, n, x) \ - KRML_LOOP2(i, n, x) \ - KRML_LOOP2(i, n, x) - -#define KRML_LOOP5(i, n, x) \ - KRML_LOOP4(i, n, x) \ - KRML_LOOP1(i, n, x) - -#define KRML_LOOP6(i, n, x) \ - KRML_LOOP4(i, n, x) \ - KRML_LOOP2(i, n, x) - -#define KRML_LOOP7(i, n, x) \ - KRML_LOOP4(i, n, x) \ - KRML_LOOP3(i, n, x) - -#define KRML_LOOP8(i, n, x) \ - KRML_LOOP4(i, n, x) \ - KRML_LOOP4(i, n, x) - -#define KRML_LOOP9(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP1(i, n, x) - -#define KRML_LOOP10(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP2(i, n, x) - -#define KRML_LOOP11(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP3(i, n, x) - -#define KRML_LOOP12(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP4(i, n, x) - -#define KRML_LOOP13(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP5(i, n, x) - -#define KRML_LOOP14(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP6(i, n, x) - -#define KRML_LOOP15(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP7(i, n, x) - -#define KRML_LOOP16(i, n, x) \ - KRML_LOOP8(i, n, x) \ - KRML_LOOP8(i, n, x) - -#define KRML_UNROLL_FOR(i, z, n, k, x) \ - do { \ - uint32_t i = z; \ - KRML_LOOP##n(i, k, x) \ - } while (0) - -#define KRML_ACTUAL_FOR(i, z, n, k, x) \ - do { \ - for (uint32_t i = z; i < n; i += k) { \ - x \ - } \ - } while (0) - -#ifndef KRML_UNROLL_MAX -# define KRML_UNROLL_MAX 16 -#endif - -/* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */ -#if 0 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR0(i, z, n, k, x) -#else -# define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 1 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x) -#else -# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 2 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x) -#else -# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 3 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x) -#else -# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 4 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x) -#else -# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 5 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x) -#else -# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 6 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x) -#else -# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 7 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x) -#else -# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 8 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x) -#else -# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 9 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x) -#else -# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 10 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x) -#else -# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 11 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x) -#else -# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 12 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x) -#else -# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 13 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x) -#else -# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 14 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x) -#else -# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 15 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x) -#else -# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif - -#if 16 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x) -#else -# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) -#endif -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h deleted file mode 100644 index e41b39be9..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/types.h +++ /dev/null @@ -1,105 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef KRML_TYPES_H -#define KRML_TYPES_H - -#include -#include -#include -#include - -/* Types which are either abstract, meaning that have to be implemented in C, or - * which are models, meaning that they are swapped out at compile-time for - * hand-written C types (in which case they're marked as noextract). */ - -typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_; -typedef int64_t FStar_Int64_t, FStar_Int64_t_; -typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_; -typedef int32_t FStar_Int32_t, FStar_Int32_t_; -typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_; -typedef int16_t FStar_Int16_t, FStar_Int16_t_; -typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_; -typedef int8_t FStar_Int8_t, FStar_Int8_t_; - -/* Only useful when building krmllib, because it's in the dependency graph of - * FStar.Int.Cast. */ -typedef uint64_t FStar_UInt63_t, FStar_UInt63_t_; -typedef int64_t FStar_Int63_t, FStar_Int63_t_; - -typedef double FStar_Float_float; -typedef uint32_t FStar_Char_char; -typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write; - -typedef void *FStar_Dyn_dyn; - -typedef const char *C_String_t, *C_String_t_, *C_Compat_String_t, *C_Compat_String_t_; - -typedef int exit_code; -typedef FILE *channel; - -typedef unsigned long long TestLib_cycles; - -typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan; - -/* Now Prims.string is no longer illegal with the new model in LowStar.Printf; - * it's operations that produce Prims_string which are illegal. Bring the - * definition into scope by default. */ -typedef const char *Prims_string; - -#if (defined(_MSC_VER) && defined(_M_X64) && !defined(__clang__)) -#define IS_MSVC64 1 -#endif - -/* This code makes a number of assumptions and should be refined. In particular, - * it assumes that: any non-MSVC amd64 compiler supports int128. Maybe it would - * be easier to just test for defined(__SIZEOF_INT128__) only? */ -#if (defined(__x86_64__) || \ - defined(__x86_64) || \ - defined(__aarch64__) || \ - (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \ - defined(__s390x__) || \ - (defined(_MSC_VER) && defined(_M_X64) && defined(__clang__)) || \ - (defined(__mips__) && defined(__LP64__)) || \ - (defined(__riscv) && __riscv_xlen == 64) || \ - defined(__SIZEOF_INT128__)) -#define HAS_INT128 1 -#endif - -/* The uint128 type is a special case since we offer several implementations of - * it, depending on the compiler and whether the user wants the verified - * implementation or not. */ -#if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) -# include -typedef __m128i FStar_UInt128_uint128; -#elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) -typedef unsigned __int128 FStar_UInt128_uint128; -#else -typedef struct FStar_UInt128_uint128_s { - uint64_t low; - uint64_t high; -} FStar_UInt128_uint128; -#endif - -/* The former is defined once, here (otherwise, conflicts for test-c89. The - * latter is for internal use. */ -typedef FStar_UInt128_uint128 FStar_UInt128_t, uint128_t; - -#include "krml/lowstar_endianness.h" - -#endif - -/* Avoid a circular loop: if this header is included via FStar_UInt8_16_32_64, - * then don't bring the uint128 definitions into scope. */ -#ifndef __FStar_UInt_8_16_32_64_H - -#if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) -#include "fstar_uint128_msvc.h" -#elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) -#include "fstar_uint128_gcc64.h" -#else -#include "FStar_UInt128_Verified.h" -#include "fstar_uint128_struct_endianness.h" -#endif - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h deleted file mode 100644 index b44fa3f75..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/internal/wasmsupport.h +++ /dev/null @@ -1,5 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -/* This file is automatically included when compiling with -wasm -d force-c */ -#define WasmSupport_check_buffer_size(X) diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h deleted file mode 100644 index 1aa2ccd64..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krml/lowstar_endianness.h +++ /dev/null @@ -1,231 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef __LOWSTAR_ENDIANNESS_H -#define __LOWSTAR_ENDIANNESS_H - -#include -#include - -/******************************************************************************/ -/* Implementing C.fst (part 2: endian-ness macros) */ -/******************************************************************************/ - -/* ... for Linux */ -#if defined(__linux__) || defined(__CYGWIN__) || defined (__USE_SYSTEM_ENDIAN_H__) || defined(__GLIBC__) -# include - -/* ... for OSX */ -#elif defined(__APPLE__) -# include -# define htole64(x) OSSwapHostToLittleInt64(x) -# define le64toh(x) OSSwapLittleToHostInt64(x) -# define htobe64(x) OSSwapHostToBigInt64(x) -# define be64toh(x) OSSwapBigToHostInt64(x) - -# define htole16(x) OSSwapHostToLittleInt16(x) -# define le16toh(x) OSSwapLittleToHostInt16(x) -# define htobe16(x) OSSwapHostToBigInt16(x) -# define be16toh(x) OSSwapBigToHostInt16(x) - -# define htole32(x) OSSwapHostToLittleInt32(x) -# define le32toh(x) OSSwapLittleToHostInt32(x) -# define htobe32(x) OSSwapHostToBigInt32(x) -# define be32toh(x) OSSwapBigToHostInt32(x) - -/* ... for Solaris */ -#elif defined(__sun__) -# include -# define htole64(x) LE_64(x) -# define le64toh(x) LE_64(x) -# define htobe64(x) BE_64(x) -# define be64toh(x) BE_64(x) - -# define htole16(x) LE_16(x) -# define le16toh(x) LE_16(x) -# define htobe16(x) BE_16(x) -# define be16toh(x) BE_16(x) - -# define htole32(x) LE_32(x) -# define le32toh(x) LE_32(x) -# define htobe32(x) BE_32(x) -# define be32toh(x) BE_32(x) - -/* ... for the BSDs */ -#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) -# include -#elif defined(__OpenBSD__) -# include - -/* ... for Windows (MSVC)... not targeting XBOX 360! */ -#elif defined(_MSC_VER) - -# include -# define htobe16(x) _byteswap_ushort(x) -# define htole16(x) (x) -# define be16toh(x) _byteswap_ushort(x) -# define le16toh(x) (x) - -# define htobe32(x) _byteswap_ulong(x) -# define htole32(x) (x) -# define be32toh(x) _byteswap_ulong(x) -# define le32toh(x) (x) - -# define htobe64(x) _byteswap_uint64(x) -# define htole64(x) (x) -# define be64toh(x) _byteswap_uint64(x) -# define le64toh(x) (x) - -/* ... for Windows (GCC-like, e.g. mingw or clang) */ -#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) && \ - (defined(__GNUC__) || defined(__clang__)) - -# define htobe16(x) __builtin_bswap16(x) -# define htole16(x) (x) -# define be16toh(x) __builtin_bswap16(x) -# define le16toh(x) (x) - -# define htobe32(x) __builtin_bswap32(x) -# define htole32(x) (x) -# define be32toh(x) __builtin_bswap32(x) -# define le32toh(x) (x) - -# define htobe64(x) __builtin_bswap64(x) -# define htole64(x) (x) -# define be64toh(x) __builtin_bswap64(x) -# define le64toh(x) (x) - -/* ... generic big-endian fallback code */ -/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always big-endian */ -#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || defined(_AIX) - -/* byte swapping code inspired by: - * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h - * */ - -# define htobe32(x) (x) -# define be32toh(x) (x) -# define htole32(x) \ - (__extension__({ \ - uint32_t _temp = (x); \ - ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ - ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ - })) -# define le32toh(x) (htole32((x))) - -# define htobe64(x) (x) -# define be64toh(x) (x) -# define htole64(x) \ - (__extension__({ \ - uint64_t __temp = (x); \ - uint32_t __low = htobe32((uint32_t)__temp); \ - uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ - (((uint64_t)__low) << 32) | __high; \ - })) -# define le64toh(x) (htole64((x))) - -/* ... generic little-endian fallback code */ -#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ - -# define htole32(x) (x) -# define le32toh(x) (x) -# define htobe32(x) \ - (__extension__({ \ - uint32_t _temp = (x); \ - ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ - ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ - })) -# define be32toh(x) (htobe32((x))) - -# define htole64(x) (x) -# define le64toh(x) (x) -# define htobe64(x) \ - (__extension__({ \ - uint64_t __temp = (x); \ - uint32_t __low = htobe32((uint32_t)__temp); \ - uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ - (((uint64_t)__low) << 32) | __high; \ - })) -# define be64toh(x) (htobe64((x))) - -/* ... couldn't determine endian-ness of the target platform */ -#else -# error "Please define __BYTE_ORDER__!" - -#endif /* defined(__linux__) || ... */ - -/* Loads and stores. These avoid undefined behavior due to unaligned memory - * accesses, via memcpy. */ - -inline static uint16_t load16(uint8_t *b) { - uint16_t x; - memcpy(&x, b, 2); - return x; -} - -inline static uint32_t load32(uint8_t *b) { - uint32_t x; - memcpy(&x, b, 4); - return x; -} - -inline static uint64_t load64(uint8_t *b) { - uint64_t x; - memcpy(&x, b, 8); - return x; -} - -inline static void store16(uint8_t *b, uint16_t i) { - memcpy(b, &i, 2); -} - -inline static void store32(uint8_t *b, uint32_t i) { - memcpy(b, &i, 4); -} - -inline static void store64(uint8_t *b, uint64_t i) { - memcpy(b, &i, 8); -} - -/* Legacy accessors so that this header can serve as an implementation of - * C.Endianness */ -#define load16_le(b) (le16toh(load16(b))) -#define store16_le(b, i) (store16(b, htole16(i))) -#define load16_be(b) (be16toh(load16(b))) -#define store16_be(b, i) (store16(b, htobe16(i))) - -#define load32_le(b) (le32toh(load32(b))) -#define store32_le(b, i) (store32(b, htole32(i))) -#define load32_be(b) (be32toh(load32(b))) -#define store32_be(b, i) (store32(b, htobe32(i))) - -#define load64_le(b) (le64toh(load64(b))) -#define store64_le(b, i) (store64(b, htole64(i))) -#define load64_be(b) (be64toh(load64(b))) -#define store64_be(b, i) (store64(b, htobe64(i))) - -/* Co-existence of LowStar.Endianness and FStar.Endianness generates name - * conflicts, because of course both insist on having no prefixes. Until a - * prefix is added, or until we truly retire FStar.Endianness, solve this issue - * in an elegant way. */ -#define load16_le0 load16_le -#define store16_le0 store16_le -#define load16_be0 load16_be -#define store16_be0 store16_be - -#define load32_le0 load32_le -#define store32_le0 store32_le -#define load32_be0 load32_be -#define store32_be0 store32_be - -#define load64_le0 load64_le -#define store64_le0 store64_le -#define load64_be0 load64_be -#define store64_be0 store64_be - -#define load128_le0 load128_le -#define store128_le0 store128_le -#define load128_be0 load128_be -#define store128_be0 store128_be - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h b/libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h deleted file mode 100644 index ae11e4a8d..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/include/krmllib.h +++ /dev/null @@ -1,28 +0,0 @@ -#ifndef __KRMLLIB_H -#define __KRMLLIB_H - -/******************************************************************************/ -/* The all-in-one krmllib.h header */ -/******************************************************************************/ - -/* This is a meta-header that is included by default in KaRaMeL generated - * programs. If you wish to have a more lightweight set of headers, or are - * targeting an environment where controlling these macros yourself is - * important, consider using: - * - * krml -minimal - * - * to disable the inclusion of this file (note: this also disables the default - * argument "-bundle FStar.*"). You can then include the headers of your choice - * one by one, using -add-early-include. */ - -#include "krml/internal/target.h" -#include "krml/internal/callconv.h" -#include "krml/internal/builtin.h" -#include "krml/internal/debug.h" -#include "krml/internal/types.h" - -#include "krml/lowstar_endianness.h" -#include "krml/fstar_int.h" - -#endif /* __KRMLLIB_H */ diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h deleted file mode 100644 index ecc90213c..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. -*/ - - -#ifndef __FStar_UInt128_H -#define __FStar_UInt128_H - -#include -#include -#include "krml/internal/compat.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/types.h" -#include "krml/internal/target.h" - -static inline FStar_UInt128_uint128 -FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a); - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s); - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s); - -static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 -FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); - -static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a); - -static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a); - -static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y); - -static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y); - - -#define __FStar_UInt128_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h deleted file mode 100644 index 9e4e2290b..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h +++ /dev/null @@ -1,346 +0,0 @@ -/* - Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. -*/ - - -#ifndef __FStar_UInt128_Verified_H -#define __FStar_UInt128_Verified_H - -#include "FStar_UInt_8_16_32_64.h" -#include -#include -#include "krml/internal/types.h" -#include "krml/internal/target.h" - -static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) -{ - return (a ^ ((a ^ b) | ((a - b) ^ b))) >> 63U; -} - -static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) -{ - return FStar_UInt128_constant_time_carry(a, b); -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low + b.low; - lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low + b.low; - lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low + b.low; - lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low - b.low; - lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low - b.low; - lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low - b.low; - lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - return FStar_UInt128_sub_mod_impl(a, b); -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low & b.low; - lit.high = a.high & b.high; - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low ^ b.low; - lit.high = a.high ^ b.high; - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = a.low | b.low; - lit.high = a.high | b.high; - return lit; -} - -static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) -{ - FStar_UInt128_uint128 lit; - lit.low = ~a.low; - lit.high = ~a.high; - return lit; -} - -static uint32_t FStar_UInt128_u32_64 = 64U; - -static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) -{ - return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); -} - -static inline uint64_t -FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) -{ - return FStar_UInt128_add_u64_shift_left(hi, lo, s); -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s == 0U) - { - return a; - } - else - { - FStar_UInt128_uint128 lit; - lit.low = a.low << s; - lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); - return lit; - } -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) -{ - FStar_UInt128_uint128 lit; - lit.low = 0ULL; - lit.high = a.low << (s - FStar_UInt128_u32_64); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s < FStar_UInt128_u32_64) - { - return FStar_UInt128_shift_left_small(a, s); - } - else - { - return FStar_UInt128_shift_left_large(a, s); - } -} - -static inline uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) -{ - return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); -} - -static inline uint64_t -FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) -{ - return FStar_UInt128_add_u64_shift_right(hi, lo, s); -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s == 0U) - { - return a; - } - else - { - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); - lit.high = a.high >> s; - return lit; - } -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) -{ - FStar_UInt128_uint128 lit; - lit.low = a.high >> (s - FStar_UInt128_u32_64); - lit.high = 0ULL; - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s < FStar_UInt128_u32_64) - { - return FStar_UInt128_shift_right_small(a, s); - } - else - { - return FStar_UInt128_shift_right_large(a, s); - } -} - -static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - return a.low == b.low && a.high == b.high; -} - -static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - return a.high > b.high || (a.high == b.high && a.low > b.low); -} - -static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - return a.high < b.high || (a.high == b.high && a.low < b.low); -} - -static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - return a.high > b.high || (a.high == b.high && a.low >= b.low); -} - -static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - return a.high < b.high || (a.high == b.high && a.low <= b.low); -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); - lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); - return lit; -} - -static inline FStar_UInt128_uint128 -FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ - FStar_UInt128_uint128 lit; - lit.low = - (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) - | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); - lit.high = - (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) - | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); - return lit; -} - -static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) -{ - FStar_UInt128_uint128 lit; - lit.low = a; - lit.high = 0ULL; - return lit; -} - -static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) -{ - return a.low; -} - -static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a) -{ - return a & 0xffffffffULL; -} - -static uint32_t FStar_UInt128_u32_32 = 32U; - -static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) -{ - return lo + (hi << FStar_UInt128_u32_32); -} - -static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) -{ - FStar_UInt128_uint128 lit; - lit.low = - FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) - * (uint64_t)y - + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), - FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); - lit.high = - ((x >> FStar_UInt128_u32_32) - * (uint64_t)y - + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) - >> FStar_UInt128_u32_32; - return lit; -} - -static inline uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) -{ - return lo + (hi << FStar_UInt128_u32_32); -} - -static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) -{ - FStar_UInt128_uint128 lit; - lit.low = - FStar_UInt128_u32_combine_(FStar_UInt128_u64_mod_32(x) - * (y >> FStar_UInt128_u32_32) - + - FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) - * FStar_UInt128_u64_mod_32(y) - + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)), - FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y))); - lit.high = - (x >> FStar_UInt128_u32_32) - * (y >> FStar_UInt128_u32_32) - + - (((x >> FStar_UInt128_u32_32) - * FStar_UInt128_u64_mod_32(y) - + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)) - >> FStar_UInt128_u32_32) - + - ((FStar_UInt128_u64_mod_32(x) - * (y >> FStar_UInt128_u32_32) - + - FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) - * FStar_UInt128_u64_mod_32(y) - + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32))) - >> FStar_UInt128_u32_32); - return lit; -} - - -#define __FStar_UInt128_Verified_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h deleted file mode 100644 index 56a2454fc..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h +++ /dev/null @@ -1,213 +0,0 @@ -/* - Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. -*/ - - -#ifndef __FStar_UInt_8_16_32_64_H -#define __FStar_UInt_8_16_32_64_H - -#include -#include -#include "krml/internal/compat.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/types.h" -#include "krml/internal/target.h" - -extern krml_checked_int_t FStar_UInt64_n; - -extern bool FStar_UInt64_uu___is_Mk(uint64_t projectee); - -extern krml_checked_int_t FStar_UInt64___proj__Mk__item__v(uint64_t projectee); - -extern krml_checked_int_t FStar_UInt64_v(uint64_t x); - -extern uint64_t FStar_UInt64_uint_to_t(krml_checked_int_t x); - -extern uint64_t FStar_UInt64_zero; - -extern uint64_t FStar_UInt64_one; - -extern uint64_t FStar_UInt64_minus(uint64_t a); - -extern uint32_t FStar_UInt64_n_minus_one; - -static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) -{ - uint64_t x = a ^ b; - uint64_t minus_x = ~x + 1ULL; - uint64_t x_or_minus_x = x | minus_x; - uint64_t xnx = x_or_minus_x >> 63U; - return xnx - 1ULL; -} - -static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) -{ - uint64_t x = a; - uint64_t y = b; - uint64_t x_xor_y = x ^ y; - uint64_t x_sub_y = x - y; - uint64_t x_sub_y_xor_y = x_sub_y ^ y; - uint64_t q = x_xor_y | x_sub_y_xor_y; - uint64_t x_xor_q = x ^ q; - uint64_t x_xor_q_ = x_xor_q >> 63U; - return x_xor_q_ - 1ULL; -} - -extern Prims_string FStar_UInt64_to_string(uint64_t uu___); - -extern Prims_string FStar_UInt64_to_string_hex(uint64_t uu___); - -extern Prims_string FStar_UInt64_to_string_hex_pad(uint64_t uu___); - -extern uint64_t FStar_UInt64_of_string(Prims_string uu___); - -extern krml_checked_int_t FStar_UInt32_n; - -extern bool FStar_UInt32_uu___is_Mk(uint32_t projectee); - -extern krml_checked_int_t FStar_UInt32___proj__Mk__item__v(uint32_t projectee); - -extern krml_checked_int_t FStar_UInt32_v(uint32_t x); - -extern uint32_t FStar_UInt32_uint_to_t(krml_checked_int_t x); - -extern uint32_t FStar_UInt32_zero; - -extern uint32_t FStar_UInt32_one; - -extern uint32_t FStar_UInt32_minus(uint32_t a); - -extern uint32_t FStar_UInt32_n_minus_one; - -static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) -{ - uint32_t x = a ^ b; - uint32_t minus_x = ~x + 1U; - uint32_t x_or_minus_x = x | minus_x; - uint32_t xnx = x_or_minus_x >> 31U; - return xnx - 1U; -} - -static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) -{ - uint32_t x = a; - uint32_t y = b; - uint32_t x_xor_y = x ^ y; - uint32_t x_sub_y = x - y; - uint32_t x_sub_y_xor_y = x_sub_y ^ y; - uint32_t q = x_xor_y | x_sub_y_xor_y; - uint32_t x_xor_q = x ^ q; - uint32_t x_xor_q_ = x_xor_q >> 31U; - return x_xor_q_ - 1U; -} - -extern Prims_string FStar_UInt32_to_string(uint32_t uu___); - -extern Prims_string FStar_UInt32_to_string_hex(uint32_t uu___); - -extern Prims_string FStar_UInt32_to_string_hex_pad(uint32_t uu___); - -extern uint32_t FStar_UInt32_of_string(Prims_string uu___); - -extern krml_checked_int_t FStar_UInt16_n; - -extern bool FStar_UInt16_uu___is_Mk(uint16_t projectee); - -extern krml_checked_int_t FStar_UInt16___proj__Mk__item__v(uint16_t projectee); - -extern krml_checked_int_t FStar_UInt16_v(uint16_t x); - -extern uint16_t FStar_UInt16_uint_to_t(krml_checked_int_t x); - -extern uint16_t FStar_UInt16_zero; - -extern uint16_t FStar_UInt16_one; - -extern uint16_t FStar_UInt16_minus(uint16_t a); - -extern uint32_t FStar_UInt16_n_minus_one; - -static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) -{ - uint16_t x = (uint32_t)a ^ (uint32_t)b; - uint16_t minus_x = (uint32_t)~x + 1U; - uint16_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; - uint16_t xnx = (uint32_t)x_or_minus_x >> 15U; - return (uint32_t)xnx - 1U; -} - -static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) -{ - uint16_t x = a; - uint16_t y = b; - uint16_t x_xor_y = (uint32_t)x ^ (uint32_t)y; - uint16_t x_sub_y = (uint32_t)x - (uint32_t)y; - uint16_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y; - uint16_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y; - uint16_t x_xor_q = (uint32_t)x ^ (uint32_t)q; - uint16_t x_xor_q_ = (uint32_t)x_xor_q >> 15U; - return (uint32_t)x_xor_q_ - 1U; -} - -extern Prims_string FStar_UInt16_to_string(uint16_t uu___); - -extern Prims_string FStar_UInt16_to_string_hex(uint16_t uu___); - -extern Prims_string FStar_UInt16_to_string_hex_pad(uint16_t uu___); - -extern uint16_t FStar_UInt16_of_string(Prims_string uu___); - -extern krml_checked_int_t FStar_UInt8_n; - -extern bool FStar_UInt8_uu___is_Mk(uint8_t projectee); - -extern krml_checked_int_t FStar_UInt8___proj__Mk__item__v(uint8_t projectee); - -extern krml_checked_int_t FStar_UInt8_v(uint8_t x); - -extern uint8_t FStar_UInt8_uint_to_t(krml_checked_int_t x); - -extern uint8_t FStar_UInt8_zero; - -extern uint8_t FStar_UInt8_one; - -extern uint8_t FStar_UInt8_minus(uint8_t a); - -extern uint32_t FStar_UInt8_n_minus_one; - -static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) -{ - uint8_t x = (uint32_t)a ^ (uint32_t)b; - uint8_t minus_x = (uint32_t)~x + 1U; - uint8_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; - uint8_t xnx = (uint32_t)x_or_minus_x >> 7U; - return (uint32_t)xnx - 1U; -} - -static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) -{ - uint8_t x = a; - uint8_t y = b; - uint8_t x_xor_y = (uint32_t)x ^ (uint32_t)y; - uint8_t x_sub_y = (uint32_t)x - (uint32_t)y; - uint8_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y; - uint8_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y; - uint8_t x_xor_q = (uint32_t)x ^ (uint32_t)q; - uint8_t x_xor_q_ = (uint32_t)x_xor_q >> 7U; - return (uint32_t)x_xor_q_ - 1U; -} - -extern Prims_string FStar_UInt8_to_string(uint8_t uu___); - -extern Prims_string FStar_UInt8_to_string_hex(uint8_t uu___); - -extern Prims_string FStar_UInt8_to_string_hex_pad(uint8_t uu___); - -extern uint8_t FStar_UInt8_of_string(Prims_string uu___); - -typedef uint8_t FStar_UInt8_byte; - - -#define __FStar_UInt_8_16_32_64_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h deleted file mode 100644 index e851c15c9..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/LowStar_Endianness.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. -*/ - - -#ifndef __LowStar_Endianness_H -#define __LowStar_Endianness_H - -#include -#include -#include "krml/internal/compat.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/types.h" -#include "krml/internal/target.h" - -static inline void store128_le(uint8_t *x0, FStar_UInt128_uint128 x1); - -static inline FStar_UInt128_uint128 load128_le(uint8_t *x0); - -static inline void store128_be(uint8_t *x0, FStar_UInt128_uint128 x1); - -static inline FStar_UInt128_uint128 load128_be(uint8_t *x0); - - -#define __LowStar_Endianness_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic deleted file mode 100644 index 8e39de6d0..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.basic +++ /dev/null @@ -1,56 +0,0 @@ -# A basic Makefile that KaRaMeL copies in the output directory; this is not -# guaranteed to work and will only work well for very simple projects. This -# Makefile uses: -# - the custom C files passed to your krml invocation -# - the custom C flags passed to your krml invocation -# - the -o option passed to your krml invocation - -include Makefile.include - -ifeq (,$(KRML_HOME)) - $(error please define KRML_HOME to point to the root of your KaRaMeL git checkout) -endif - -CFLAGS += -I. -I $(KRML_HOME)/include -I $(KRML_HOME)/krmllib/dist/minimal -CFLAGS += -Wall -Wextra -Werror -std=c11 \ - -Wno-unknown-warning-option \ - -Wno-infinite-recursion \ - -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE -ifeq ($(OS),Windows_NT) -CFLAGS += -D__USE_MINGW_ANSI_STDIO -else -CFLAGS += -fPIC -endif -CFLAGS += $(USER_CFLAGS) - -SOURCES += $(ALL_C_FILES) $(USER_C_FILES) -ifneq (,$(BLACKLIST)) - SOURCES := $(filter-out $(BLACKLIST),$(SOURCES)) -endif -OBJS += $(patsubst %.c,%.o,$(SOURCES)) - -all: $(USER_TARGET) - -$(USER_TARGET): $(OBJS) - -AR ?= ar - -%.a: - $(AR) cr $@ $^ - -%.exe: - $(CC) $(CFLAGS) -o $@ $^ $(KRML_HOME)/krmllib/dist/generic/libkrmllib.a - -%.so: - $(CC) $(CFLAGS) -shared -o $@ $^ - -%.d: %.c - @set -e; rm -f $@; \ - $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \ - sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \ - rm -f $@.$$$$ - -include $(patsubst %.c,%.d,$(SOURCES)) - -clean: - rm -rf *.o *.d $(USER_TARGET) diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include deleted file mode 100644 index ad5321718..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/Makefile.include +++ /dev/null @@ -1,5 +0,0 @@ -USER_TARGET=libkrmllib.a -USER_CFLAGS= -USER_C_FILES=fstar_uint128.c -ALL_C_FILES= -ALL_H_FILES=FStar_UInt128.h FStar_UInt_8_16_32_64.h LowStar_Endianness.h diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h deleted file mode 100644 index ae109004f..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h +++ /dev/null @@ -1,165 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -/******************************************************************************/ -/* Machine integers (128-bit arithmetic) */ -/******************************************************************************/ - -/* This header contains two things. - * - * First, an implementation of 128-bit arithmetic suitable for 64-bit GCC and - * Clang, i.e. all the operations from FStar.UInt128. - * - * Second, 128-bit operations from C.Endianness (or LowStar.Endianness), - * suitable for any compiler and platform (via a series of ifdefs). This second - * part is unfortunate, and should be fixed by moving {load,store}128_{be,le} to - * FStar.UInt128 to avoid a maze of preprocessor guards and hand-written code. - * */ - -/* This file is used for both the minimal and generic krmllib distributions. As - * such, it assumes that the machine integers have been bundled the exact same - * way in both cases. */ - -#ifndef FSTAR_UINT128_GCC64 -#define FSTAR_UINT128_GCC64 - -#include "FStar_UInt128.h" -#include "FStar_UInt_8_16_32_64.h" -#include "LowStar_Endianness.h" - -/* GCC + using native unsigned __int128 support */ - -inline static uint128_t load128_le(uint8_t *b) { - uint128_t l = (uint128_t)load64_le(b); - uint128_t h = (uint128_t)load64_le(b + 8); - return (h << 64 | l); -} - -inline static void store128_le(uint8_t *b, uint128_t n) { - store64_le(b, (uint64_t)n); - store64_le(b + 8, (uint64_t)(n >> 64)); -} - -inline static uint128_t load128_be(uint8_t *b) { - uint128_t h = (uint128_t)load64_be(b); - uint128_t l = (uint128_t)load64_be(b + 8); - return (h << 64 | l); -} - -inline static void store128_be(uint8_t *b, uint128_t n) { - store64_be(b, (uint64_t)(n >> 64)); - store64_be(b + 8, (uint64_t)n); -} - -inline static uint128_t FStar_UInt128_add(uint128_t x, uint128_t y) { - return x + y; -} - -inline static uint128_t FStar_UInt128_mul(uint128_t x, uint128_t y) { - return x * y; -} - -inline static uint128_t FStar_UInt128_add_mod(uint128_t x, uint128_t y) { - return x + y; -} - -inline static uint128_t FStar_UInt128_sub(uint128_t x, uint128_t y) { - return x - y; -} - -inline static uint128_t FStar_UInt128_sub_mod(uint128_t x, uint128_t y) { - return x - y; -} - -inline static uint128_t FStar_UInt128_logand(uint128_t x, uint128_t y) { - return x & y; -} - -inline static uint128_t FStar_UInt128_logor(uint128_t x, uint128_t y) { - return x | y; -} - -inline static uint128_t FStar_UInt128_logxor(uint128_t x, uint128_t y) { - return x ^ y; -} - -inline static uint128_t FStar_UInt128_lognot(uint128_t x) { - return ~x; -} - -inline static uint128_t FStar_UInt128_shift_left(uint128_t x, uint32_t y) { - return x << y; -} - -inline static uint128_t FStar_UInt128_shift_right(uint128_t x, uint32_t y) { - return x >> y; -} - -inline static uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x) { - return (uint128_t)x; -} - -inline static uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x) { - return (uint64_t)x; -} - -inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { - return ((uint128_t) x) * y; -} - -inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { - uint64_t mask = - FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) & - FStar_UInt64_eq_mask((uint64_t)x, (uint64_t)y); - return ((uint128_t)mask) << 64 | mask; -} - -inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { - uint64_t mask = - (FStar_UInt64_gte_mask(x >> 64, y >> 64) & - ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | - (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y)); - return ((uint128_t)mask) << 64 | mask; -} - -inline static uint64_t FStar_UInt128___proj__Mkuint128__item__low(uint128_t x) { - return (uint64_t) x; -} - -inline static uint64_t FStar_UInt128___proj__Mkuint128__item__high(uint128_t x) { - return (uint64_t) (x >> 64); -} - -inline static uint128_t FStar_UInt128_add_underspec(uint128_t x, uint128_t y) { - return x + y; -} - -inline static uint128_t FStar_UInt128_sub_underspec(uint128_t x, uint128_t y) { - return x - y; -} - -inline static bool FStar_UInt128_eq(uint128_t x, uint128_t y) { - return x == y; -} - -inline static bool FStar_UInt128_gt(uint128_t x, uint128_t y) { - return x > y; -} - -inline static bool FStar_UInt128_lt(uint128_t x, uint128_t y) { - return x < y; -} - -inline static bool FStar_UInt128_gte(uint128_t x, uint128_t y) { - return x >= y; -} - -inline static bool FStar_UInt128_lte(uint128_t x, uint128_t y) { - return x <= y; -} - -inline static uint128_t FStar_UInt128_mul32(uint64_t x, uint32_t y) { - return (uint128_t) x * (uint128_t) y; -} - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h deleted file mode 100644 index 6ff658f54..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h +++ /dev/null @@ -1,510 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -/* This file was generated by KaRaMeL - * then hand-edited to use MSVC intrinsics KaRaMeL invocation: - * C:\users\barrybo\mitls2c\karamel\_build\src\Karamel.native -minimal -fnouint128 C:/users/barrybo/mitls2c/FStar/ulib/FStar.UInt128.fst -tmpdir ../secure_api/out/runtime_switch/uint128 -skip-compilation -add-include "krmllib0.h" -drop FStar.Int.Cast.Full -bundle FStar.UInt128=FStar.*,Prims - * F* version: 15104ff8 - * KaRaMeL version: 318b7fa8 - */ - -#ifndef FSTAR_UINT128_MSVC -#define FSTAR_UINT128_MSVC - -#include "krml/internal/types.h" -#include "FStar_UInt128.h" -#include "FStar_UInt_8_16_32_64.h" - -#ifndef _MSC_VER -# error This file only works with the MSVC compiler -#endif - -/* JP: need to rip out HAS_OPTIMIZED since the header guards in types.h are now - * done properly and only include this file when we know for sure we are on - * 64-bit MSVC. */ - -#if defined(_M_X64) && !defined(KRML_VERIFIED_UINT128) -#define HAS_OPTIMIZED 1 -#else -#define HAS_OPTIMIZED 0 -#endif - -// Define .low and .high in terms of the __m128i fields, to reduce -// the amount of churn in this file. -#if HAS_OPTIMIZED -#include -#include -#define low m128i_u64[0] -#define high m128i_u64[1] -#endif - -inline static FStar_UInt128_uint128 load128_le(uint8_t *b) { -#if HAS_OPTIMIZED - return _mm_loadu_si128((__m128i *)b); -#else - FStar_UInt128_uint128 lit; - lit.low = load64_le(b); - lit.high = load64_le(b + 8); - return lit; -#endif -} - -inline static void store128_le(uint8_t *b, FStar_UInt128_uint128 n) { - store64_le(b, n.low); - store64_le(b + 8, n.high); -} - -inline static FStar_UInt128_uint128 load128_be(uint8_t *b) { - uint64_t l = load64_be(b + 8); - uint64_t h = load64_be(b); -#if HAS_OPTIMIZED - return _mm_set_epi64x(h, l); -#else - FStar_UInt128_uint128 lit; - lit.low = l; - lit.high = h; - return lit; -#endif -} - -inline static void store128_be(uint8_t *b, uint128_t n) { - store64_be(b, n.high); - store64_be(b + 8, n.low); -} - -inline static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) { - return (a ^ (a ^ b | a - b ^ b)) >> (uint32_t)63U; -} - -inline static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) { - return FStar_UInt128_constant_time_carry(a, b); -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - uint64_t l, h; - - unsigned char carry = - _addcarry_u64(0, a.low, b.low, &l); // low/CF = a.low+b.low+0 - _addcarry_u64(carry, a.high, b.high, &h); // high = a.high+b.high+CF - return _mm_set_epi64x(h, l); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low + b.low; - lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return FStar_UInt128_add(a, b); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low + b.low; - lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low; - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return FStar_UInt128_add(a, b); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low + b.low; - lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - uint64_t l, h; - - unsigned char borrow = _subborrow_u64(0, a.low, b.low, &l); - _subborrow_u64(borrow, a.high, b.high, &h); - return _mm_set_epi64x(h, l); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low - b.low; - lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return FStar_UInt128_sub(a, b); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low - b.low; - lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - FStar_UInt128_uint128 lit; - lit.low = a.low - b.low; - lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); - return lit; -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return FStar_UInt128_sub(a, b); -#else - return FStar_UInt128_sub_mod_impl(a, b); -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return _mm_and_si128(a, b); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low & b.low; - lit.high = a.high & b.high; - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return _mm_xor_si128(a, b); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low ^ b.low; - lit.high = a.high ^ b.high; - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - return _mm_or_si128(a, b); -#else - FStar_UInt128_uint128 lit; - lit.low = a.low | b.low; - lit.high = a.high | b.high; - return lit; -#endif -} - -inline static FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) { -#if HAS_OPTIMIZED - return _mm_andnot_si128(a, a); -#else - FStar_UInt128_uint128 lit; - lit.low = ~a.low; - lit.high = ~a.high; - return lit; -#endif -} - -static const uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; - -inline static uint64_t -FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) { - return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); -} - -inline static uint64_t -FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) { - return FStar_UInt128_add_u64_shift_left(hi, lo, s); -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) { - if (s == (uint32_t)0U) - return a; - else { - FStar_UInt128_uint128 lit; - lit.low = a.low << s; - lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); - return lit; - } -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) { - FStar_UInt128_uint128 lit; - lit.low = (uint64_t)0U; - lit.high = a.low << (s - FStar_UInt128_u32_64); - return lit; -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) { -#if HAS_OPTIMIZED - if (s == 0) { - return a; - } else if (s < FStar_UInt128_u32_64) { - uint64_t l = a.low << s; - uint64_t h = __shiftleft128(a.low, a.high, (unsigned char)s); - return _mm_set_epi64x(h, l); - } else { - return _mm_set_epi64x(a.low << (s - FStar_UInt128_u32_64), 0); - } -#else - if (s < FStar_UInt128_u32_64) - return FStar_UInt128_shift_left_small(a, s); - else - return FStar_UInt128_shift_left_large(a, s); -#endif -} - -inline static uint64_t -FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) { - return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); -} - -inline static uint64_t -FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) { - return FStar_UInt128_add_u64_shift_right(hi, lo, s); -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) { - if (s == (uint32_t)0U) - return a; - else { - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); - lit.high = a.high >> s; - return lit; - } -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) { - FStar_UInt128_uint128 lit; - lit.low = a.high >> (s - FStar_UInt128_u32_64); - lit.high = (uint64_t)0U; - return lit; -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) { -#if HAS_OPTIMIZED - if (s == 0) { - return a; - } else if (s < FStar_UInt128_u32_64) { - uint64_t l = __shiftright128(a.low, a.high, (unsigned char)s); - uint64_t h = a.high >> s; - return _mm_set_epi64x(h, l); - } else { - return _mm_set_epi64x(0, a.high >> (s - FStar_UInt128_u32_64)); - } -#else - if (s < FStar_UInt128_u32_64) - return FStar_UInt128_shift_right_small(a, s); - else - return FStar_UInt128_shift_right_large(a, s); -#endif -} - -inline static bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return a.low == b.low && a.high == b.high; -} - -inline static bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return a.high > b.high || a.high == b.high && a.low > b.low; -} - -inline static bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return a.high < b.high || a.high == b.high && a.low < b.low; -} - -inline static bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return a.high > b.high || a.high == b.high && a.low >= b.low; -} - -inline static bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return a.high < b.high || a.high == b.high && a.low <= b.low; -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED - // PCMPW to produce 4 32-bit values, all either 0x0 or 0xffffffff - __m128i r32 = _mm_cmpeq_epi32(a, b); - // Shuffle 3,2,1,0 into 2,3,0,1 (swapping dwords inside each half) - __m128i s32 = _mm_shuffle_epi32(r32, _MM_SHUFFLE(2, 3, 0, 1)); - // Bitwise and to compute (3&2),(2&3),(1&0),(0&1) - __m128i ret64 = _mm_and_si128(r32, s32); - // Swap the two 64-bit values to form s64 - __m128i s64 = - _mm_shuffle_epi32(ret64, _MM_SHUFFLE(1, 0, 3, 2)); // 3,2,1,0 -> 1,0,3,2 - // And them together - return _mm_and_si128(ret64, s64); -#else - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); - lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); - return lit; -#endif -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { -#if HAS_OPTIMIZED && 0 - // ge - compare 3,2,1,0 for >= and generating 0 or 0xffffffff for each - // eq - compare 3,2,1,0 for == and generating 0 or 0xffffffff for each - // slot 0 = ge0 | (eq0 & ge1) | (eq0 & eq1 & ge2) | (eq0 & eq1 & eq2 & ge3) - // then splat slot 0 to 3,2,1,0 - __m128i gt = _mm_cmpgt_epi32(a, b); - __m128i eq = _mm_cmpeq_epi32(a, b); - __m128i ge = _mm_or_si128(gt, eq); - __m128i ge0 = ge; - __m128i eq0 = eq; - __m128i ge1 = _mm_srli_si128(ge, 4); // shift ge from 3,2,1,0 to 0x0,3,2,1 - __m128i t1 = _mm_and_si128(eq0, ge1); - __m128i ret = _mm_or_si128(ge, t1); // ge0 | (eq0 & ge1) is now in 0 - __m128i eq1 = _mm_srli_si128(eq, 4); // shift eq from 3,2,1,0 to 0x0,3,2,1 - __m128i ge2 = - _mm_srli_si128(ge1, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,3,2 - __m128i t2 = - _mm_and_si128(eq0, _mm_and_si128(eq1, ge2)); // t2 = (eq0 & eq1 & ge2) - ret = _mm_or_si128(ret, t2); - __m128i eq2 = _mm_srli_si128(eq1, 4); // shift eq from 3,2,1,0 to 0x0,00,00,3 - __m128i ge3 = - _mm_srli_si128(ge2, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,0x0,3 - __m128i t3 = _mm_and_si128( - eq0, _mm_and_si128( - eq1, _mm_and_si128(eq2, ge3))); // t3 = (eq0 & eq1 & eq2 & ge3) - ret = _mm_or_si128(ret, t3); - return _mm_shuffle_epi32( - ret, - _MM_SHUFFLE(0, 0, 0, 0)); // the result is in 0. Shuffle into all dwords. -#else - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt64_gte_mask(a.high, b.high) & - ~FStar_UInt64_eq_mask(a.high, b.high) | - FStar_UInt64_eq_mask(a.high, b.high) & - FStar_UInt64_gte_mask(a.low, b.low); - lit.high = FStar_UInt64_gte_mask(a.high, b.high) & - ~FStar_UInt64_eq_mask(a.high, b.high) | - FStar_UInt64_eq_mask(a.high, b.high) & - FStar_UInt64_gte_mask(a.low, b.low); - return lit; -#endif -} - -inline static FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) { -#if HAS_OPTIMIZED - return _mm_set_epi64x(0, a); -#else - FStar_UInt128_uint128 lit; - lit.low = a; - lit.high = (uint64_t)0U; - return lit; -#endif -} - -inline static uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) { - return a.low; -} - -inline static uint64_t FStar_UInt128_u64_mod_32(uint64_t a) { - return a & (uint64_t)0xffffffffU; -} - -static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U; - -inline static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) { - return lo + (hi << FStar_UInt128_u32_32); -} - -inline static FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) { -#if HAS_OPTIMIZED - uint64_t l, h; - l = _umul128(x, (uint64_t)y, &h); - return _mm_set_epi64x(h, l); -#else - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt128_u32_combine( - (x >> FStar_UInt128_u32_32) * (uint64_t)y + - (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> - FStar_UInt128_u32_32), - FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); - lit.high = (x >> FStar_UInt128_u32_32) * (uint64_t)y + - (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> - FStar_UInt128_u32_32) >> - FStar_UInt128_u32_32; - return lit; -#endif -} - -/* Note: static headers bring scope collision issues when they define types! - * Because now client (karamel-generated) code will include this header and - * there might be type collisions if the client code uses quadruples of uint64s. - * So, we cannot use the karamel-generated name. */ -typedef struct K_quad_s { - uint64_t fst; - uint64_t snd; - uint64_t thd; - uint64_t f3; -} K_quad; - -inline static K_quad -FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) { - K_quad tmp; - tmp.fst = FStar_UInt128_u64_mod_32(x); - tmp.snd = FStar_UInt128_u64_mod_32( - FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)); - tmp.thd = x >> FStar_UInt128_u32_32; - tmp.f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + - (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> - FStar_UInt128_u32_32); - return tmp; -} - -static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) { - return lo + (hi << FStar_UInt128_u32_32); -} - -inline static FStar_UInt128_uint128 -FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y) { - K_quad scrut = - FStar_UInt128_mul_wide_impl_t_(x, y); - uint64_t u1 = scrut.fst; - uint64_t w3 = scrut.snd; - uint64_t x_ = scrut.thd; - uint64_t t_ = scrut.f3; - FStar_UInt128_uint128 lit; - lit.low = FStar_UInt128_u32_combine_( - u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), w3); - lit.high = - x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + - ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> - FStar_UInt128_u32_32); - return lit; -} - -inline static -FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { -#if HAS_OPTIMIZED - uint64_t l, h; - l = _umul128(x, y, &h); - return _mm_set_epi64x(h, l); -#else - return FStar_UInt128_mul_wide_impl(x, y); -#endif -} - -#undef low -#undef high - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h deleted file mode 100644 index e2b6d6285..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -#ifndef FSTAR_UINT128_STRUCT_ENDIANNESS_H -#define FSTAR_UINT128_STRUCT_ENDIANNESS_H - -/* Hand-written implementation of endianness-related uint128 functions - * for the extracted uint128 implementation */ - -/* Access 64-bit fields within the int128. */ -#define HIGH64_OF(x) ((x)->high) -#define LOW64_OF(x) ((x)->low) - -/* A series of definitions written using pointers. */ - -inline static void load128_le_(uint8_t *b, uint128_t *r) { - LOW64_OF(r) = load64_le(b); - HIGH64_OF(r) = load64_le(b + 8); -} - -inline static void store128_le_(uint8_t *b, uint128_t *n) { - store64_le(b, LOW64_OF(n)); - store64_le(b + 8, HIGH64_OF(n)); -} - -inline static void load128_be_(uint8_t *b, uint128_t *r) { - HIGH64_OF(r) = load64_be(b); - LOW64_OF(r) = load64_be(b + 8); -} - -inline static void store128_be_(uint8_t *b, uint128_t *n) { - store64_be(b, HIGH64_OF(n)); - store64_be(b + 8, LOW64_OF(n)); -} - -#ifndef KRML_NOSTRUCT_PASSING - -inline static uint128_t load128_le(uint8_t *b) { - uint128_t r; - load128_le_(b, &r); - return r; -} - -inline static void store128_le(uint8_t *b, uint128_t n) { - store128_le_(b, &n); -} - -inline static uint128_t load128_be(uint8_t *b) { - uint128_t r; - load128_be_(b, &r); - return r; -} - -inline static void store128_be(uint8_t *b, uint128_t n) { - store128_be_(b, &n); -} - -#else /* !defined(KRML_STRUCT_PASSING) */ - -# define print128 print128_ -# define load128_le load128_le_ -# define store128_le store128_le_ -# define load128_be load128_be_ -# define store128_be store128_be_ - -#endif /* KRML_STRUCT_PASSING */ - -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def b/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def deleted file mode 100644 index c4ab8e38e..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/karamel/krmllib/dist/minimal/libkrmllib.def +++ /dev/null @@ -1,11 +0,0 @@ -LIBRARY libkrmllib - -EXPORTS - FStar_UInt64_eq_mask - FStar_UInt64_gte_mask - FStar_UInt32_eq_mask - FStar_UInt32_gte_mask - FStar_UInt16_eq_mask - FStar_UInt16_gte_mask - FStar_UInt8_eq_mask - FStar_UInt8_gte_mask diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_core.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_core.c deleted file mode 100644 index 8081db044..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_core.c +++ /dev/null @@ -1,524 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_core.h" - -typedef size_t RangeTo__size_t; - -typedef size_t RangeFrom__size_t; - -typedef struct Option__int32_t_s -{ - core_option_Option__size_t_tags tag; - int32_t f0; -} -Option__int32_t; - -typedef struct Option__uint32_t_s -{ - core_option_Option__size_t_tags tag; - uint32_t f0; -} -Option__uint32_t; - -static uint8_t is_non_zero(uint8_t value) -{ - uint16_t value0 = (uint16_t)value; - uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; - return (uint8_t)result; -} - -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -) -{ - uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); - uint8_t out[32U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) - { - size_t i0 = i; - uint8_t - uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); - out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); - } - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPublicKey____800size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U] -) -{ - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -) -{ - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____768size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U] -) -{ - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof (uint8_t)); - return lit; -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -) -{ - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -) -{ - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) -{ - uint8_t out[800U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPublicKey____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U] -) -{ - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -) -{ - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U] -) -{ - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -) -{ - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) -{ - uint8_t out[1600U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemPublicKey____1184size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U] -) -{ - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); -} - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -) -{ - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____1088size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U] -) -{ - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof (uint8_t)); - return lit; -} - -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -) -{ - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) - { - size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) -{ - uint8_t out[33U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) -{ - uint8_t out[34U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) -{ - uint8_t out[1120U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void -core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -) -{ - if (self.tag == core_result_Ok) - { - int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_core.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_core.h deleted file mode 100644 index da93dfbea..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_core.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_core_H -#define __libcrux_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef struct core_ops_range_Range__size_t_s -{ - size_t start; - size_t end; -} -core_ops_range_Range__size_t; - -extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); - -extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); - -#define core_option_None 0 -#define core_option_Some 1 - -typedef uint8_t core_option_Option__size_t_tags; - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } -libcrux_ml_kem_types_MlKemPublicKey____800size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } -libcrux_ml_kem_types_MlKemCiphertext____768size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemPublicKey____1568size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemCiphertext____1568size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } -libcrux_ml_kem_types_MlKemPublicKey____1184size_t; - -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s -{ - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s -{ - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } -libcrux_ml_kem_types_MlKemCiphertext____1088size_t; - -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s -{ - libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; - uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; - -typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s -{ - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c deleted file mode 100644 index a215e6880..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.c +++ /dev/null @@ -1,2181 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "libcrux_mlkem1024.h" - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_mlkem768.h" -#include "internal/libcrux_core.h" - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - compute_message__libcrux_ml_kem_vector_PortableVector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; - memcpy(uu____1, - state, - (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]);); - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U] - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t0(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector(re, - out); -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[4U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -static void -decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static void -decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - } - else - { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static bool -validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static bool validate_public_key___4size_t_1536size_t_1568size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(public_key); - } - else - { - uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if (validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h deleted file mode 100644 index c415e78a8..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem1024.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem1024_H -#define __libcrux_mlkem1024_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_polynomial.h" -#include "libcrux_platform.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][504U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____4size_t *self, - uint8_t ret[4U][168U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1024_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c deleted file mode 100644 index c3d3686c9..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.c +++ /dev/null @@ -1,2057 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "libcrux_mlkem512.h" - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_mlkem768.h" -#include "internal/libcrux_core.h" - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - compute_message__libcrux_ml_kem_vector_PortableVector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; - memcpy(uu____1, - state, - (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]);); - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U] - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector(randomness); - return uu____0; -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t0(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[2U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -static void -decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static void -decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - } - else - { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static bool -validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static bool validate_public_key___2size_t_768size_t_800size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(public_key); - } - else - { - uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (validate_public_key___2size_t_768size_t_800size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h deleted file mode 100644 index 47a8fbb68..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem512.h +++ /dev/null @@ -1,138 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem512_H -#define __libcrux_mlkem512_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_polynomial.h" -#include "libcrux_platform.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][504U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____2size_t *self, - uint8_t ret[2U][168U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c deleted file mode 100644 index 5b4641ee3..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.c +++ /dev/null @@ -1,3030 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_mlkem768.h" - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_core.h" - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -typedef struct __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s -{ - libcrux_ml_kem_vector_PortableVector fst; - libcrux_ml_kem_vector_PortableVector snd; -} -__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; - -static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(b, - zeta_r); - b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(a, - &t); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer, - size_t _initial_coefficient_bound -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -void -libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer, - size_t _initial_coefficient_bound -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -void -libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(Eurydice_slice serialized) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t _layer -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_PortableVector - a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(b, - &a); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &b)); - b = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector(a_minus_b, - zeta_r); - return - ( - (__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, - .snd = b - } - ); -} - -void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector(v, - result); - return result; -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *);); - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = - compute_message__libcrux_ml_kem_vector_PortableVector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12(bytes); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -inline libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; - memcpy(uu____1, - state, - (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - int16_t s[272U] -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t - xof_state = - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]);); - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U] - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector uu____0; - uu____0 = sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector(randomness); - return uu____0; -} - -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re -) -{ - ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)3U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)2U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector(&zeta_i, - re, - (size_t)1U, - (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector(re); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void -) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(a_element, - &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector(error_2, - message, - result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficients = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t(libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector re, - Eurydice_slice out -) -{ - compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector u[3U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -static void -decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static void -decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) - { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - } - else - { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); - return; - } - memcpy(ret, uu____2, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____2; - if (uu____1) - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); - return uu____2; - } - return uu____2; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t(&result[i1], - &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - else - { - uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness, - implicit_rejection_value); - } - return uu____2; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) -{ - return - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static bool -validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof (libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static bool validate_public_key___3size_t_1152size_t_1184size_t(uint8_t *public_key) -{ - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) - { - uu____1 = libcrux_platform_platform_simd256_support(); - } - else - { - uu____1 = false; - } - bool uu____2; - if (uu____1) - { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(public_key); - } - else - { - uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t(public_key); - } - return uu____2; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if (validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h deleted file mode 100644 index a69080f07..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem768.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem768_H -#define __libcrux_mlkem768_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "libcrux_polynomial.h" -#include "libcrux_platform.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t; - -libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][504U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_portable_PortableHash____3size_t *self, - uint8_t ret[3U][168U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_portable___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__portable__PortableHash_K____H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c deleted file mode 100644 index 7a1b35b6f..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.c +++ /dev/null @@ -1,10225 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) -{ - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_avx2_zero(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) -{ - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i uu____0 = vector; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i - sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - v_minus_field_modulus, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, - field_modulus); - return - libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector) -{ - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - t = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i uu____1 = t; - core_core_arch_x86___m256i - t0 = - libcrux_intrinsics_avx2_mm256_add_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i - quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, - t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = quotient; - core_core_arch_x86___m256i - quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, quotient_times_field_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - core_core_arch_x86___m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i - value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)2); - core_core_arch_x86___m256i - field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16((LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int16_t)1) - / (int16_t)4); - core_core_arch_x86___m256i - shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i - mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - shifted, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i - shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - shifted_to_positive_in_range, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -) -{ - core_core_arch_x86___m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - lhs, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - prod13 = - libcrux_intrinsics_avx2_mm256_mul_epu32(uu____0, - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, core_core_arch_x86___m256i)); - core_core_arch_x86___m256i - uu____1 = libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); - return - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(uu____1, - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta3, - -zeta3, - zeta3, - zeta3, - -zeta2, - -zeta2, - zeta2, - zeta2, - -zeta1, - -zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - zetas = - libcrux_intrinsics_avx2_mm256_set_epi16(-zeta1, - -zeta1, - -zeta1, - -zeta1, - zeta1, - zeta1, - zeta1, - zeta1, - -zeta0, - -zeta0, - -zeta0, - -zeta0, - zeta0, - zeta0, - zeta0, - zeta0); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(rhs, zetas); - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, - vector, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -) -{ - core_core_arch_x86___m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i uu____0 = value_low; - core_core_arch_x86___m128i - k = - libcrux_intrinsics_avx2_mm_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16((int16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i uu____1 = k; - core_core_arch_x86___m128i - k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i uu____0 = rhs; - core_core_arch_x86___m128i - rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i - upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients, - core_core_arch_x86___m256i); - return combined0; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum0; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta3, - zeta3, - (int16_t)0, - (int16_t)0, - zeta2, - zeta2, - (int16_t)0, - (int16_t)0, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0)); - core_core_arch_x86___m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - core_core_arch_x86___m256i - lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)245, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)160, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i - rhs0 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)-1, - (int16_t)1, - (int16_t)1, - (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum; - core_core_arch_x86___m256i - sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi16(zeta1, - zeta1, - zeta1, - zeta1, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - zeta0, - zeta0, - zeta0, - zeta0, - (int16_t)0, - (int16_t)0, - (int16_t)0, - (int16_t)0)); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, - sum, - sum_times_zetas, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - core_core_arch_x86___m128i - lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i uu____0 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i - combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i - combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - combined, - upper_coefficients0, - core_core_arch_x86___m256i); - return combined0; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v) -{ - core_core_arch_x86___m256i uu____0 = v; - core_core_arch_x86___m256i - k = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i - k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(uu____1, - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i - value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, - v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i - result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - result, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, - result0, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - core_core_arch_x86___m256i - shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0, - (int8_t)15, - (int8_t)14, - (int8_t)11, - (int8_t)10, - (int8_t)7, - (int8_t)6, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)1, - (int8_t)0); - core_core_arch_x86___m256i - lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i - lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - lhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i - lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i - lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i - rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i - rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - rhs_shuffled, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i - rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i - rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - rhs_shuffled0, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i - left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i - right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i - right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i uu____0 = right0; - core_core_arch_x86___m256i - right1 = - libcrux_intrinsics_avx2_mm256_mullo_epi32(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi32(-(int32_t)zeta3, - (int32_t)zeta3, - -(int32_t)zeta2, - (int32_t)zeta2, - -(int32_t)zeta1, - (int32_t)zeta1, - -(int32_t)zeta0, - (int32_t)zeta0)); - core_core_arch_x86___m256i - products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i - products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_left); - core_core_arch_x86___m256i uu____1 = rhs; - core_core_arch_x86___m256i - rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2, - (int8_t)13, - (int8_t)12, - (int8_t)15, - (int8_t)14, - (int8_t)9, - (int8_t)8, - (int8_t)11, - (int8_t)10, - (int8_t)5, - (int8_t)4, - (int8_t)7, - (int8_t)6, - (int8_t)1, - (int8_t)0, - (int8_t)3, - (int8_t)2)); - core_core_arch_x86___m256i - products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i - products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(products_right); - core_core_arch_x86___m256i - products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, - products_right0, - core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, - products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return - libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], - rhs[0U], - zeta0, - zeta1, - zeta2, - zeta3); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - core_core_arch_x86___m256i - lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i - high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - lsb_to_msb, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = { 0U }; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) -{ - int16_t - uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i - shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U, - (int16_t)1 << 8U, - (int16_t)1 << 9U, - (int16_t)1 << 10U, - (int16_t)1 << 11U, - (int16_t)1 << 12U, - (int16_t)1 << 13U, - (int16_t)1 << 14U, - (int16_t)1 << 15U); - core_core_arch_x86___m256i - coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t serialized[16U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)8, - (int8_t)4, - (int8_t)0)); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)4, - (int32_t)0)); - core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_slice((size_t)16U, - serialized, - uint8_t, - Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)16U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - int16_t - uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m256i - coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i - coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients_in_msb, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; - return - libcrux_intrinsics_avx2_mm256_and_si256(uu____15, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22, - (int32_t)0, - (int32_t)22)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)8, - adjacent_4_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i - adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_8_combined0, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined1, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [10U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) -{ - uint8_t uu____0 = Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____1 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____2 = Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____3 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____4 = Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____5 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____6 = Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____7 = Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____8 = Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____9 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____10 = Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____11 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____12 = Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____13 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____14 = Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m128i - coefficients = - libcrux_intrinsics_avx2_mm_set_epi8(uu____0, - uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - uu____10, - uu____11, - uu____12, - uu____13, - uu____14, - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i - coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i - coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients_loaded, - coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_loaded0; - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____15, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)15, - (int8_t)14, - (int8_t)15, - (int8_t)14, - (int8_t)13, - (int8_t)12, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)9, - (int8_t)8, - (int8_t)7, - (int8_t)6, - (int8_t)7, - (int8_t)6, - (int8_t)5, - (int8_t)4, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m256i uu____16 = coefficients0; - core_core_arch_x86___m256i - coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(uu____16, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U, - (int16_t)1 << 0U, - (int16_t)1 << 5U, - (int16_t)1 << 2U, - (int16_t)1 << 7U, - (int16_t)1 << 4U, - (int16_t)1 << 9U, - (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, - coefficients1, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12, - (int32_t)0, - (int32_t)12)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [20U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U, - (int16_t)1 << 0U, - (int16_t)1 << 2U, - (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(9U, - 8U, - 8U, - 7U, - 7U, - 6U, - 6U, - 5U, - 4U, - 3U, - 3U, - 2U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)4U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 13U, - 12U, - 12U, - 11U, - 10U, - 9U, - 9U, - 8U, - 8U, - 7U, - 7U, - 6U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, - coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); - return coefficients3; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]) -{ - int16_t output[16U] = { 0U }; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, - output, - int16_t, - Eurydice_slice), - v); - memcpy(ret, output, (size_t)16U * sizeof (int16_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) -{ - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - memcpy(lit.elements, uu____0, (size_t)16U * sizeof (int16_t)); - return lit; -} - -inline void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ - int16_t array[16U]; - libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof (int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector - input = libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - result = libcrux_ml_kem_vector_avx2_portable_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = - uu____4 - | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = - uu____11 - | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t - uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)7) - << 8U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 5U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 7U; - uint8_t - *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)127) - << 4U; - uint8_t - *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - & (int16_t)31) - << 6U; - uint8_t - *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) - << 3U; - uint8_t - *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -inline void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -) -{ - memcpy(ret, v.elements, (size_t)16U * sizeof (int16_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_avx2_portable_PortableVector - output = libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); - int16_t ret[16U]; - libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); - return - libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_array_to_slice((size_t)16U, - ret, - int16_t, - Eurydice_slice)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -inline void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t serialized[32U] = { 0U }; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i - adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1, - (int16_t)1 << 12U, - (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i - adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(uu____1, - libcrux_intrinsics_avx2_mm256_set_epi32((int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8, - (int32_t)0, - (int32_t)8)); - core_core_arch_x86___m256i - adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, - adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i - adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(uu____2, - libcrux_intrinsics_avx2_mm256_set_epi8((int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)-1, - (int8_t)13, - (int8_t)12, - (int8_t)11, - (int8_t)10, - (int8_t)9, - (int8_t)8, - (int8_t)5, - (int8_t)4, - (int8_t)3, - (int8_t)2, - (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i - lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i - upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - adjacent_8_combined, - core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128(Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_array_to_subslice((size_t)32U, - serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [24U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError(dst, - ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) -{ - core_core_arch_x86___m256i - shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16((int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U, - (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i - lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(11U, - 10U, - 10U, - 9U, - 8U, - 7U, - 7U, - 6U, - 5U, - 4U, - 4U, - 3U, - 2U, - 1U, - 1U, - 0U)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice(bytes, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(uu____1, - libcrux_intrinsics_avx2_mm_set_epi8(15U, - 14U, - 14U, - 13U, - 12U, - 11U, - 11U, - 10U, - 9U, - 8U, - 8U, - 7U, - 6U, - 5U, - 5U, - 4U)); - core_core_arch_x86___m256i - coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i - coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256((int32_t)1, - coefficients, - upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - core_core_arch_x86___m256i - coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, - coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i - coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256(uu____2, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); - return coefficients3; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -) -{ - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -inline size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i - compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[0U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - lower_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i - lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(size_t)good[1U]], - (size_t)16U * sizeof (uint8_t)); - core_core_arch_x86___m128i - upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice((size_t)16U, - upper_shuffles, - uint8_t, - Eurydice_slice)); - core_core_arch_x86___m128i - upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - potential_coefficients, - core_core_arch_x86___m128i); - core_core_arch_x86___m128i - upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(Eurydice_slice_subslice(output, - ((core_ops_range_Range__size_t){ .start = sampled_count, .end = sampled_count + (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -) -{ - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -) -{ - return self[0U]; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -) -{ - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, - vector, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t(vector); -} - -static core_core_arch_x86___m256i -to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a -) -{ - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t(a); - core_core_arch_x86___m256i - fm = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - uint8_t dummy_out0[504U] = { 0U }; - uint8_t dummy_out1[504U] = { 0U }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____1, - uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - uint8_t dummy_out0[168U] = { 0U }; - uint8_t dummy_out1[168U] = { 0U }; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [168U], - Eurydice_slice), - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____1 = self; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____1, - uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0(A_transpose[i]);); - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - uint8_t dummy_out0[192U] = { 0U }; - uint8_t dummy_out1[192U] = { 0U }; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [192U], - Eurydice_slice), - (size_t)1U, - uint8_t [192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); - return uu____0; -} - -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - core_core_arch_x86___m256i - t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct -__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} -__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; - -static core_core_arch_x86___m256i -montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - fer); -} - -static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - t = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, zeta_r); - b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static core_core_arch_x86___m256i -to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector(self->coefficients[j]); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - uint8_t dummy_out0[128U] = { 0U }; - uint8_t dummy_out1[128U] = { 0U }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____1, - uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r -) -{ - core_core_arch_x86___m256i - a_minus_b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(a, - &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_minus_b, zeta_r); - return - ( - (__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static core_core_arch_x86___m256i -decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(core_core_arch_x86___m256i v) -{ - return - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - uu____0 = decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - tmp = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - core_core_arch_x86___m256i - tmp0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(coefficient_normal_form, - &tmp); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t(vector); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t(vector); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t(vector); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - - (int32_t)1) - / (int32_t)2); - core_core_arch_x86___m256i - compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i - coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, field_modulus_halved); - core_core_arch_x86___m256i - compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i - compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, - coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i - compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i - compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, - compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, compressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -) -{ - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t(vector); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficients = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ - compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4(bytes); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - core_core_arch_x86___m256i - field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i - two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i - coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i - coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i - decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, field_modulus); - core_core_arch_x86___m256i - decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i - coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256((int32_t)1, - vector, - core_core_arch_x86___m128i); - core_core_arch_x86___m256i - coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i - decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i - decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, - decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i - decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, - decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, - decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, decompressed_high3); - return - libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -) -{ - return - libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce(libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re.coefficients[i0]); - core_core_arch_x86___m256i - coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *);); - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____3, - uu____4, - uu____5, - uu____6, - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [168U], - Eurydice_slice), - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____3 = self; - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____3, - uu____4, - uu____5, - uu____6, - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0(A_transpose[i]);); - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____7 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____8 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____9 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - uu____9, - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, - Eurydice_slice out -) -{ - compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &state; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(uu____0, - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - uint8_t dummy_out0[504U] = { 0U }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(uu____2, - uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - uint8_t dummy_out0[168U] = { 0U }; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [168U], - Eurydice_slice), - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = self; - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [168U], uint8_t (*)[168U], uint8_t [168U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 - xof_state = - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0(A_transpose[i]);); - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - uint8_t dummy_out0[128U] = { 0U }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____7 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - Eurydice_slice - uu____8 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_avx2_x4_shake256(uu____2, - uu____3, - uu____4, - uu____5, - uu____6, - uu____7, - uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - core_core_arch_x86___m256i, - Eurydice_slice), - core_core_arch_x86___m256i, - size_t); - i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(error_2, - message, - result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = - ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h deleted file mode 100644 index ecf17daec..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_avx2.h +++ /dev/null @@ -1,671 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem_avx2_H -#define __libcrux_mlkem_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3_avx2.h" -#include "libcrux_sha3.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void -); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i *rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, - int16_t c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector -); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER ((int16_t)20159) - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, - int16_t constant -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, - core_core_arch_x86___m256i c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, - core_core_arch_x86___m128i c -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, - int16_t zeta0, - int16_t zeta1 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, - int16_t zeta -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, - uint8_t ret[2U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, - uint8_t ret[8U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, - uint8_t ret[10U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, - uint8_t ret[20U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes -); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, int16_t ret[16U]); - -typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_avx2_portable_PortableVector; - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); - -void -libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); - -void -libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, - int16_t ret[16U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes -); - -void -libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); - -void -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, - uint8_t ret[24U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes -); - -size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, - Eurydice_slice output -); - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, - Eurydice_slice output -); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self -); - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s -{ core_core_arch_x86___m256i coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___shift_right___15int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -); - -libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -); - -void -libcrux_ml_kem_hash_functions_avx2___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__avx2__Simd256Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c deleted file mode 100644 index a39ab8e5d..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.c +++ /dev/null @@ -1,9734 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_core.h" - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) -{ - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0) - } - ); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) -{ - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)) - } - ); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; - core_core_arch_arm_shared_neon_int16x8_t - c0 = - libcrux_intrinsics_arm64__vandq_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; - core_core_arch_arm_shared_neon_int16x8_t - c1 = - libcrux_intrinsics_arm64__vandq_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t - vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, - LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t - vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t - quotient = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, - vec0, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - sub = - libcrux_intrinsics_arm64__vmulq_n_s16(quotient, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); - v.high = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high -) -{ - core_core_arch_arm_shared_neon_int16x8_t - k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vmulq_n_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t - c = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - int16_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t - v_high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - v.low = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.low, - c); - v.high = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.high, - c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t - quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t - shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t - mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - shifted, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - shifted_to_positive = libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t - shifted_positive_in_range = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t - shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - shifted0, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - shifted_to_positive0 = libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t - shifted_positive_in_range0 = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); -} - -inline int16_t -libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits) -{ - int16_t uu____0; - switch (coefficient_bits) - { - case 4: - { - uu____0 = (int16_t)15; - break; - } - case 5: - { - uu____0 = (int16_t)31; - break; - } - case 10: - { - uu____0 = (int16_t)1023; - break; - } - case 11: - { - uu____0 = (int16_t)2047; - break; - } - default: - { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t - v_high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); - core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int32x4_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, zeta3, zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); - core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int64x2_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -) -{ - core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t - a1 = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t - b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); - core_core_arch_arm_shared_neon_int32x4_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return - libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step(a, - zeta1, - zeta2, - zeta3, - zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t - b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); - core_core_arch_arm_shared_neon_int64x2_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -) -{ - core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t - a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t - b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t - b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t - a1b1 = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, b1); - core_core_arch_arm_shared_neon_int16x4_t - uu____0 = libcrux_intrinsics_arm64__vget_low_s16(a1b1); - core_core_arch_arm_shared_neon_int32x4_t - a1b1_low = - libcrux_intrinsics_arm64__vmull_s16(uu____0, - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t - a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____2 = libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int16x8_t - fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____1, - uu____2, - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t - fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, - a0, - b0)); - core_core_arch_arm_shared_neon_int16x4_t uu____3 = libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int32x4_t - a0b1_low = - libcrux_intrinsics_arm64__vmull_s16(uu____3, - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t - a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____5 = libcrux_intrinsics_arm64__vget_low_s16(a1); - core_core_arch_arm_shared_neon_int16x8_t - snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____4, - uu____5, - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t - snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, - a1, - b0)); - core_core_arch_arm_shared_neon_int16x8_t - fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t - fst_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t - snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t - snd_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t - fst = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t - snd = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(low0, - high0)); - core_core_arch_arm_shared_neon_int16x8_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(low0, - high0)); - uint8_t - indexes[16U] = { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U }; - core_core_arch_arm_shared_neon_uint8x16_t - index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - indexes, - uint8_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), - index)); - core_core_arch_arm_shared_neon_int16x8_t - high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), - index)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low2, .high = high2 }); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return - libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply(lhs, - rhs, - zeta1, - zeta2, - zeta3, - zeta4); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[2U] -) -{ - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t - high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) -{ - core_core_arch_arm_shared_neon_int16x8_t - one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t - low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, - (size_t)0U, - uint8_t, - uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t - high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, - (size_t)1U, - uint8_t, - uint8_t)); - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, - (int16_t)-7 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t - high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vandq_s16(low, one); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vandq_s16(high, one) - } - ); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[8U] -) -{ - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, - (int16_t)12 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - lowt = - libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), - shift); - core_core_arch_arm_shared_neon_uint16x8_t - hight = - libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), - shift); - uint64_t - sum0 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t - sum1 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t - sum2 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t - sum3 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) -{ - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t [8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t input = core_num__u64_9__from_le_bytes(ret); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input & 15ULL); - low[1U] = (int16_t)(input >> 4U & 15ULL); - low[2U] = (int16_t)(input >> 8U & 15ULL); - low[3U] = (int16_t)(input >> 12U & 15ULL); - low[4U] = (int16_t)(input >> 16U & 15ULL); - low[5U] = (int16_t)(input >> 20U & 15ULL); - low[6U] = (int16_t)(input >> 24U & 15ULL); - low[7U] = (int16_t)(input >> 28U & 15ULL); - high[0U] = (int16_t)(input >> 32U & 15ULL); - high[1U] = (int16_t)(input >> 36U & 15ULL); - high[2U] = (int16_t)(input >> 40U & 15ULL); - high[3U] = (int16_t)(input >> 44U & 15ULL); - high[4U] = (int16_t)(input >> 48U & 15ULL); - high[5U] = (int16_t)(input >> 52U & 15ULL); - high[6U] = (int16_t)(input >> 56U & 15ULL); - high[7U] = (int16_t)(input >> 60U & 15ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t ret[16U] -) -{ - int16_t out[16U] = { 0U }; - libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, - out, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, - out, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[10U] -) -{ - uint8_t res[10U] = { 0U }; - int16_t out[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); - res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); - res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); - res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); - res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); - res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); - res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | out[(size_t)8U + (size_t)1U] << 5U); - res[6U] = - (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | out[(size_t)8U + (size_t)2U] << 2U) - | out[(size_t)8U + (size_t)3U] << 7U); - res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | out[(size_t)8U + (size_t)4U] << 4U); - res[8U] = - (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | out[(size_t)8U + (size_t)5U] << 1U) - | out[(size_t)8U + (size_t)6U] << 6U); - res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | out[(size_t)8U + (size_t)7U] << 3U); - memcpy(ret, res, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)8U, - input0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____1[8U]; - memcpy(uu____1, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); - uint8_t input1[8U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)8U, - input1, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(low64 & 31ULL); - low[1U] = (int16_t)(low64 >> 5U & 31ULL); - low[2U] = (int16_t)(low64 >> 10U & 31ULL); - low[3U] = (int16_t)(low64 >> 15U & 31ULL); - low[4U] = (int16_t)(low64 >> 20U & 31ULL); - low[5U] = (int16_t)(low64 >> 25U & 31ULL); - low[6U] = (int16_t)(low64 >> 30U & 31ULL); - low[7U] = (int16_t)(low64 >> 35U & 31ULL); - high[0U] = (int16_t)(high64 & 31ULL); - high[1U] = (int16_t)(high64 >> 5U & 31ULL); - high[2U] = (int16_t)(high64 >> 10U & 31ULL); - high[3U] = (int16_t)(high64 >> 15U & 31ULL); - high[4U] = (int16_t)(high64 >> 20U & 31ULL); - high[5U] = (int16_t)(high64 >> 25U & 31ULL); - high[6U] = (int16_t)(high64 >> 30U & 31ULL); - high[7U] = (int16_t)(high64 >> 35U & 31ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[20U] -) -{ - core_core_arch_arm_shared_neon_int32x4_t - low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - mixt = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, - low00, - low10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, - low0, - low1, - core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t - high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, - high00, - high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, - high0, - high1, - core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)13U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)15U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)15U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)29U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - uint8_t input1[8U] = { 0U }; - uint8_t input2[4U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[4U]; - memcpy(uu____5, input2, (size_t)4U * sizeof (uint8_t)); - uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input00 & 1023ULL); - low[1U] = (int16_t)(input00 >> 10U & 1023ULL); - low[2U] = (int16_t)(input00 >> 20U & 1023ULL); - low[3U] = (int16_t)(input00 >> 30U & 1023ULL); - low[4U] = (int16_t)(input00 >> 40U & 1023ULL); - low[5U] = (int16_t)(input00 >> 50U & 1023ULL); - low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); - low[7U] = (int16_t)(input10 >> 6U & 1023ULL); - high[0U] = (int16_t)(input10 >> 16U & 1023ULL); - high[1U] = (int16_t)(input10 >> 26U & 1023ULL); - high[2U] = (int16_t)(input10 >> 36U & 1023ULL); - high[3U] = (int16_t)(input10 >> 46U & 1023ULL); - high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); - high[5U] = (int16_t)(input20 >> 2U & 1023U); - high[6U] = (int16_t)(input20 >> 12U & 1023U); - high[7U] = (int16_t)(input20 >> 22U & 1023U); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[22U] -) -{ - int16_t input[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)input[0U]; - result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); - result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); - result[3U] = (uint8_t)(input[2U] >> 2U); - result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); - result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); - result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); - result[7U] = (uint8_t)(input[5U] >> 1U); - result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); - result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); - result[10U] = (uint8_t)(input[7U] >> 3U); - result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; - result[(size_t)11U + (size_t)1U] = - (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | input[(size_t)8U + (size_t)1U] << 3U); - result[(size_t)11U + (size_t)2U] = - (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | input[(size_t)8U + (size_t)2U] << 6U); - result[(size_t)11U + (size_t)3U] = (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); - result[(size_t)11U + (size_t)4U] = - (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | input[(size_t)8U + (size_t)3U] << 1U); - result[(size_t)11U + (size_t)5U] = - (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | input[(size_t)8U + (size_t)4U] << 4U); - result[(size_t)11U + (size_t)6U] = - (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | input[(size_t)8U + (size_t)5U] << 7U); - result[(size_t)11U + (size_t)7U] = (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); - result[(size_t)11U + (size_t)8U] = - (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | input[(size_t)8U + (size_t)6U] << 2U); - result[(size_t)11U + (size_t)9U] = - (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | input[(size_t)8U + (size_t)7U] << 5U); - result[(size_t)11U + (size_t)10U] = (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - uint8_t input1[8U] = { 0U }; - uint8_t input2[8U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)8U, - input2, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[8U]; - memcpy(uu____5, input2, (size_t)8U * sizeof (uint8_t)); - uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input00 & 2047ULL); - low[1U] = (int16_t)(input00 >> 11U & 2047ULL); - low[2U] = (int16_t)(input00 >> 22U & 2047ULL); - low[3U] = (int16_t)(input00 >> 33U & 2047ULL); - low[4U] = (int16_t)(input00 >> 44U & 2047ULL); - low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); - low[6U] = (int16_t)(input10 >> 2U & 2047ULL); - low[7U] = (int16_t)(input10 >> 13U & 2047ULL); - high[0U] = (int16_t)(input10 >> 24U & 2047ULL); - high[1U] = (int16_t)(input10 >> 35U & 2047ULL); - high[2U] = (int16_t)(input10 >> 46U & 2047ULL); - high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); - high[4U] = (int16_t)(input20 >> 4U & 2047ULL); - high[5U] = (int16_t)(input20 >> 15U & 2047ULL); - high[6U] = (int16_t)(input20 >> 26U & 2047ULL); - high[7U] = (int16_t)(input20 >> 37U & 2047ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[24U] -) -{ - core_core_arch_arm_shared_neon_int32x4_t - low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - mixt = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, - low00, - low10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, - low0, - low1, - core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t - high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, - high00, - high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, - high0, - high1, - core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)6U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)14U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)18U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)18U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)30U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) -{ - uint8_t indexes[16U] = { 0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U }; - core_core_arch_arm_shared_neon_uint8x16_t - index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - indexes, - uint8_t, - Eurydice_slice)); - int16_t - shifts[8U] = - { - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, - (int16_t)-4 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift_vec = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifts, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)16U, - input0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_arm_shared_neon_uint8x16_t - input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - input0, - uint8_t, - Eurydice_slice)); - uint8_t input1[16U] = { 0U }; - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)16U, - input1, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_arm_shared_neon_uint8x16_t - input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - input1, - uint8_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, - index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t - shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted0, - mask12)); - core_core_arch_arm_shared_neon_uint16x8_t - moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, - index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t - shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted1, - mask12)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low, .high = high }); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); -} - -inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self -) -{ - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - v.low = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - v.low, - core_core_arch_arm_shared_neon_int16x8_t); - v.high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - v.high, - core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_shift_right___15int32_t(v); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___shift_right___15int32_t(a); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fm = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t( - uint8_t input[2U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[2U][504U] -) -{ - uint8_t out[2U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = self->shake128_state; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[2U][168U] -) -{ - uint8_t out[2U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____2[168U]; - memcpy(uu____2, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____2, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____3, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_slice a) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash - xof_state = - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___2size_t(&xof_state, - randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___2size_t(&xof_state, - randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1(uu____3[i]); - } - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)2U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[2U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][192U] -) -{ - uint8_t out[2U][192U] = { { 0U } }; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [192U], - Eurydice_slice), - (size_t)1U, - uint8_t [192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[192U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [192U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)192U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[192U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [192U], void *); - libcrux_sha3_neon_x2_shake256(uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)192U, ret1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); - return uu____0; -} - -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct -__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; -} -__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, - fer); -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(b, zeta_r); - b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][192U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_192size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(self->coefficients[j]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [800U], - libcrux_ml_kem_types_MlKemPublicKey____800size_t, - libcrux_ml_kem_types_MlKemPublicKey____800size_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[2U][128U] -) -{ - uint8_t out[2U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[2U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___2size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - a_minus_b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &b)); - b = - montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_minus_b, - zeta_r); - return - ( - (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - tmp = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - tmp0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___10int32_t(v); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___11int32_t(v); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___4int32_t(v); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___4int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_compress_int32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress___5int32_t(v); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficients = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___5int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out -) -{ - compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [768U], - libcrux_ml_kem_types_MlKemCiphertext____768size_t, - libcrux_ml_kem_types_MlKemCiphertext____768size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___10int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___10int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___11int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___11int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___4int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___4int32_t(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -inline core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t( - core_core_arch_arm_shared_neon_uint32x4_t v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - low0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t - low1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t - high0 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t - high1 = libcrux_ml_kem_vector_neon_simd128ops_decompress_uint32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_decompress_ciphertext_coefficient___5int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___decompress_ciphertext_coefficient___5int32_t(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___2size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t( - uint8_t input[4U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[4U][504U] -) -{ - uint8_t out[4U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = self->shake128_state; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____5 = &self->shake128_state[1U]; - uint8_t ret2[504U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); - Eurydice_slice uu____6 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[504U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____5, - uu____6, - Eurydice_array_to_slice((size_t)504U, ret3, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[4U][168U] -) -{ - uint8_t out[4U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - uint8_t out2[168U] = { 0U }; - uint8_t out3[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____7[168U]; - memcpy(uu____7, out3, (size_t)168U * sizeof (uint8_t)); - memcpy(out[3U], uu____7, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash - xof_state = - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___4size_t(&xof_state, - randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___4size_t(&xof_state, - randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1(uu____3[i]); - } - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)4U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[4U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[4U][128U] -) -{ - uint8_t out[4U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - uint8_t ret2[128U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); - Eurydice_slice uu____8 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); - uint8_t ret3[128U]; - Eurydice_slice_index_outparam(out3, (size_t)0U, ret3, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____6, - uu____7, - uu____8, - Eurydice_array_to_slice((size_t)128U, ret3, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemPublicKey____1568size_t, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[4U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___4size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___10int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress___11int32_t(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out -) -{ - compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1568U], - libcrux_ml_kem_types_MlKemCiphertext____1568size_t, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___4size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t( - Eurydice_slice input, - uint8_t ret[64U] -) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -inline libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t( - uint8_t input[3U][34U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - libcrux_ml_kem_hash_functions_neon_Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U] -) -{ - uint8_t out[3U][504U] = { { 0U } }; - uint8_t extra[504U] = { 0U }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = self->shake128_state; - uint8_t ret0[504U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [504U], void *); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)504U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[504U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)504U, ret1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____4 = &self->shake128_state[1U]; - uint8_t ret2[504U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [504U], void *); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)504U, ret2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____4, - uu____5, - Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U] -) -{ - uint8_t out[3U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - uint8_t out2[168U] = { 0U }; - uint8_t out3[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - } - } - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash - xof_state = - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_three_blocks___3size_t(&xof_state, - randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___shake128_squeeze_block___3size_t(&xof_state, - randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1(uu____3[i]); - } - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0(A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) - { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[3U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t( - uint8_t (*input)[33U], - uint8_t ret[3U][128U] -) -{ - uint8_t out[3U][128U] = { { 0U } }; - uint8_t extra[128U] = { 0U }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - uint8_t ret0[128U]; - Eurydice_slice_index_outparam(out0, (size_t)0U, ret0, uint8_t [128U], void *); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)128U, ret0, uint8_t, Eurydice_slice); - uint8_t ret1[128U]; - Eurydice_slice_index_outparam(out1, (size_t)0U, ret1, uint8_t [128U], void *); - libcrux_sha3_neon_x2_shake256(uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)128U, ret1, uint8_t, Eurydice_slice)); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - uint8_t ret2[128U]; - Eurydice_slice_index_outparam(out2, (size_t)0U, ret2, uint8_t [128U], void *); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, ret2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(key_generation_seed, - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(public_key, - ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value -) -{ - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1184U], - libcrux_ml_kem_types_MlKemPublicKey____1184size_t, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRFxN___3size_t_128size_t(prf_inputs, - prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t( - Eurydice_slice input, - uint8_t ret[128U] -) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - core_convert___core__convert__Into_U__for_T__3__into(uu____4, - uint8_t [1088U], - libcrux_ml_kem_types_MlKemCiphertext____1088size_t, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - } - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -inline void -libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t( - Eurydice_slice input, - uint8_t ret[32U] -) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___G___3size_t(Eurydice_array_to_slice((size_t)64U, - to_hash0, - uint8_t, - Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon___libcrux_ml_kem__hash_functions__Hash_K__for_libcrux_ml_kem__hash_functions__neon__Simd128Hash___PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t, - Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h deleted file mode 100644 index b5af37f3c..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_neon.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem_neon_H -#define __libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3_neon.h" -#include "eurydice_glue.h" - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s -{ libcrux_sha3_neon_x2_incremental_KeccakState2 shake128_state[2U]; } -libcrux_ml_kem_hash_functions_neon_Simd128Hash; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h deleted file mode 100644 index f458aac48..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_mlkem_sha3.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_mlkem_sha3_H -#define __libcrux_mlkem_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c deleted file mode 100644 index b1f487d73..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.c +++ /dev/null @@ -1,8 +0,0 @@ -// HAND-WRITTEN FILE - -#include - -bool libcrux_platform_platform_simd256_support(void) { - // TODO: query cpuid and cache the results!! - return true; -} diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h deleted file mode 100644 index 0237027dc..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_platform.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_platform_H -#define __libcrux_platform_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern bool libcrux_platform_platform_simd256_support(void); - -extern bool libcrux_platform_platform_simd128_support(void); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_platform_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c deleted file mode 100644 index 4ce0ae5d7..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.c +++ /dev/null @@ -1,2423 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_polynomial.h" - -#include "internal/libcrux_core.h" - -const -int16_t -libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, - (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, - (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, - (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, - (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, - (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, - (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, - (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, - (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, - (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, - (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, - (int16_t)1522, (int16_t)1628 - }; - -const -uint8_t -libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U][16U] = - { - { - 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, - { 0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U }, - { - 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, { 0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U }, - { - 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, { 0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U }, - { - 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U - }, { 0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U }, - { 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U }, - { 0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U }, - { 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U } - }; - -static inline libcrux_ml_kem_vector_PortableVector zero(void) -{ - libcrux_ml_kem_vector_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -static libcrux_ml_kem_vector_PortableVector ZERO(void) -{ - return zero(); -} - -static inline libcrux_ml_kem_vector_PortableVector from_i16_array(Eurydice_slice array) -{ - libcrux_ml_kem_vector_PortableVector lit; - int16_t ret[16U]; - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - int16_t [16U], - void *); - core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, - ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); - return lit; -} - -static libcrux_ml_kem_vector_PortableVector from_i16_array0(Eurydice_slice array) -{ - return from_i16_array(array); -} - -static inline libcrux_ml_kem_vector_PortableVector -add(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - return add(lhs, rhs); -} - -static inline libcrux_ml_kem_vector_PortableVector -sub(libcrux_ml_kem_vector_PortableVector lhs, libcrux_ml_kem_vector_PortableVector *rhs) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs -) -{ - return sub(lhs, rhs); -} - -static inline libcrux_ml_kem_vector_PortableVector -multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, - int16_t c -) -{ - return multiply_by_constant(v, c); -} - -static inline libcrux_ml_kem_vector_PortableVector -bitwise_and_with_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; -} - -static libcrux_ml_kem_vector_PortableVector -bitwise_and_with_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - return bitwise_and_with_constant(v, c); -} - -static inline libcrux_ml_kem_vector_PortableVector -cond_subtract_3329(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) - { - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; - } - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v -) -{ - return cond_subtract_3329(v); -} - -#define BARRETT_MULTIPLIER ((int32_t)20159) - -#define BARRETT_SHIFT ((int32_t)26) - -#define BARRETT_R ((int32_t)1 << (uint32_t)BARRETT_SHIFT) - -static int16_t barrett_reduce_element(int16_t value) -{ - int32_t t = (int32_t)value * BARRETT_MULTIPLIER + (BARRETT_R >> 1U); - int16_t quotient = (int16_t)(t >> (uint32_t)BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; -} - -static inline libcrux_ml_kem_vector_PortableVector -barrett_reduce(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t uu____0 = barrett_reduce_element(v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v -) -{ - return barrett_reduce(v); -} - -#define MONTGOMERY_SHIFT (16U) - -static int16_t montgomery_reduce_element(int32_t value) -{ - int32_t - k = - (int32_t)(int16_t)value - * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t - k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> (uint32_t)MONTGOMERY_SHIFT); - int16_t value_high = (int16_t)(value >> (uint32_t)MONTGOMERY_SHIFT); - return value_high - c; -} - -static inline int16_t montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) -{ - return montgomery_reduce_element((int32_t)fe * (int32_t)fer); -} - -static inline libcrux_ml_kem_vector_PortableVector -montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, int16_t c) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t uu____0 = montgomery_multiply_fe_by_fer(v.elements[i0], c); - v.elements[i0] = uu____0; - } - return v; -} - -static libcrux_ml_kem_vector_PortableVector -montgomery_multiply_by_constant0(libcrux_ml_kem_vector_PortableVector v, int16_t r) -{ - return montgomery_multiply_by_constant(v, r); -} - -static uint8_t compress_message_coefficient(uint16_t fe) -{ - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); -} - -static inline libcrux_ml_kem_vector_PortableVector -compress_1(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - uint8_t uu____0 = compress_message_coefficient((uint16_t)v.elements[i0]); - v.elements[i0] = (int16_t)uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v -) -{ - return compress_1(v); -} - -static inline uint32_t get_n_least_significant_bits(uint8_t n, uint32_t value) -{ - return value & ((1U << (uint32_t)n) - 1U); -} - -static int16_t compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) -{ - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t)get_n_least_significant_bits(coefficient_bits, (uint32_t)compressed); -} - -static inline libcrux_ml_kem_vector_PortableVector -ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t t = montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); - v.elements[2U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); - v.elements[3U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); - v.elements[6U] = v.elements[4U] - t1; - v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); - v.elements[7U] = v.elements[5U] - t2; - v.elements[5U] = v.elements[5U] + t2; - int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], zeta2); - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], zeta2); - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta3); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta3); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -static inline libcrux_ml_kem_vector_PortableVector -ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) -{ - int16_t t = montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); - v.elements[4U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); - v.elements[5U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); - v.elements[6U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); - v.elements[7U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], zeta1); - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], zeta1); - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta1); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta1); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ - return ntt_layer_2_step(a, zeta0, zeta1); -} - -static inline libcrux_ml_kem_vector_PortableVector -ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) -{ - int16_t t = montgomery_multiply_fe_by_fer(v.elements[8U], zeta); - v.elements[8U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[9U], zeta); - v.elements[9U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[10U], zeta); - v.elements[10U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[11U], zeta); - v.elements[11U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[12U], zeta); - v.elements[12U] = v.elements[4U] - t3; - v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[13U], zeta); - v.elements[13U] = v.elements[5U] - t4; - v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[14U], zeta); - v.elements[14U] = v.elements[6U] - t5; - v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[15U], zeta); - v.elements[15U] = v.elements[7U] - t6; - v.elements[7U] = v.elements[7U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ - return ntt_layer_3_step(a, zeta); -} - -static inline libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t uu____0 = barrett_reduce_element(v.elements[0U] + v.elements[2U]); - v.elements[0U] = uu____0; - int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[2U] = uu____1; - int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t uu____2 = barrett_reduce_element(v.elements[1U] + v.elements[3U]); - v.elements[1U] = uu____2; - int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[3U] = uu____3; - int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t uu____4 = barrett_reduce_element(v.elements[4U] + v.elements[6U]); - v.elements[4U] = uu____4; - int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); - v.elements[6U] = uu____5; - int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t uu____6 = barrett_reduce_element(v.elements[5U] + v.elements[7U]); - v.elements[5U] = uu____6; - int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); - v.elements[7U] = uu____7; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t - uu____8 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)2U]); - v.elements[(size_t)8U + (size_t)0U] = uu____8; - int16_t uu____9 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); - v.elements[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t - uu____10 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)3U]); - v.elements[(size_t)8U + (size_t)1U] = uu____10; - int16_t uu____11 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); - v.elements[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t - uu____12 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)4U] - + v.elements[(size_t)8U + (size_t)6U]); - v.elements[(size_t)8U + (size_t)4U] = uu____12; - int16_t uu____13 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); - v.elements[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t - uu____14 = - barrett_reduce_element(v.elements[(size_t)8U - + (size_t)5U] - + v.elements[(size_t)8U + (size_t)7U]); - v.elements[(size_t)8U + (size_t)5U] = uu____14; - int16_t uu____15 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); - v.elements[(size_t)8U + (size_t)7U] = uu____15; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -static inline libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_2_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) -{ - int16_t a_minus_b = v.elements[4U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[4U]; - int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[4U] = uu____0; - int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[5U]; - int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[5U] = uu____1; - int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[6U]; - int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); - v.elements[6U] = uu____2; - int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[7U]; - int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); - v.elements[7U] = uu____3; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; - v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); - v.elements[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; - v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); - v.elements[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; - v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U - + (size_t)2U] - + v.elements[(size_t)8U + (size_t)6U]; - int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); - v.elements[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; - v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U - + (size_t)3U] - + v.elements[(size_t)8U + (size_t)7U]; - int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); - v.elements[(size_t)8U + (size_t)7U] = uu____7; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ - return inv_ntt_layer_2_step(a, zeta0, zeta1); -} - -static inline libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_3_step(libcrux_ml_kem_vector_PortableVector v, int16_t zeta) -{ - int16_t a_minus_b = v.elements[8U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[8U]; - int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - v.elements[8U] = uu____0; - int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[9U]; - int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta); - v.elements[9U] = uu____1; - int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[10U]; - int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta); - v.elements[10U] = uu____2; - int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[11U]; - int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta); - v.elements[11U] = uu____3; - int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; - v.elements[4U] = v.elements[4U] + v.elements[12U]; - int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta); - v.elements[12U] = uu____4; - int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; - v.elements[5U] = v.elements[5U] + v.elements[13U]; - int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta); - v.elements[13U] = uu____5; - int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; - v.elements[6U] = v.elements[6U] + v.elements[14U]; - int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta); - v.elements[14U] = uu____6; - int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; - v.elements[7U] = v.elements[7U] + v.elements[15U]; - int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta); - v.elements[15U] = uu____7; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, - int16_t zeta -) -{ - return inv_ntt_layer_3_step(a, zeta); -} - -typedef struct __int16_t_int16_t_s -{ - int16_t fst; - int16_t snd; -} -__int16_t_int16_t; - -static inline __int16_t_int16_t -ntt_multiply_binomials(__int16_t_int16_t _, __int16_t_int16_t _0, int16_t zeta) -{ - int16_t a0 = _.fst; - int16_t a1 = _.snd; - int16_t b0 = _0.fst; - int16_t b1 = _0.snd; - int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t - uu____1 = - montgomery_reduce_element(uu____0 - + (int32_t)montgomery_reduce_element((int32_t)a1 * (int32_t)b1) * (int32_t)zeta); - return - ( - (__int16_t_int16_t){ - .fst = uu____1, - .snd = montgomery_reduce_element((int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0) - } - ); -} - -static inline libcrux_ml_kem_vector_PortableVector -ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - libcrux_ml_kem_vector_PortableVector out = zero(); - __int16_t_int16_t lit0; - lit0.fst = lhs->elements[0U]; - lit0.snd = lhs->elements[1U]; - __int16_t_int16_t lit1; - lit1.fst = rhs->elements[0U]; - lit1.snd = rhs->elements[1U]; - __int16_t_int16_t product = ntt_multiply_binomials(lit0, lit1, zeta0); - out.elements[0U] = product.fst; - out.elements[1U] = product.snd; - __int16_t_int16_t lit2; - lit2.fst = lhs->elements[2U]; - lit2.snd = lhs->elements[3U]; - __int16_t_int16_t lit3; - lit3.fst = rhs->elements[2U]; - lit3.snd = rhs->elements[3U]; - __int16_t_int16_t product0 = ntt_multiply_binomials(lit2, lit3, -zeta0); - out.elements[2U] = product0.fst; - out.elements[3U] = product0.snd; - __int16_t_int16_t lit4; - lit4.fst = lhs->elements[4U]; - lit4.snd = lhs->elements[5U]; - __int16_t_int16_t lit5; - lit5.fst = rhs->elements[4U]; - lit5.snd = rhs->elements[5U]; - __int16_t_int16_t product1 = ntt_multiply_binomials(lit4, lit5, zeta1); - out.elements[4U] = product1.fst; - out.elements[5U] = product1.snd; - __int16_t_int16_t lit6; - lit6.fst = lhs->elements[6U]; - lit6.snd = lhs->elements[7U]; - __int16_t_int16_t lit7; - lit7.fst = rhs->elements[6U]; - lit7.snd = rhs->elements[7U]; - __int16_t_int16_t product2 = ntt_multiply_binomials(lit6, lit7, -zeta1); - out.elements[6U] = product2.fst; - out.elements[7U] = product2.snd; - __int16_t_int16_t lit8; - lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; - lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; - __int16_t_int16_t lit9; - lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; - lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; - __int16_t_int16_t product3 = ntt_multiply_binomials(lit8, lit9, zeta2); - out.elements[(size_t)8U + (size_t)0U] = product3.fst; - out.elements[(size_t)8U + (size_t)1U] = product3.snd; - __int16_t_int16_t lit10; - lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; - lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; - __int16_t_int16_t lit11; - lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; - lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; - __int16_t_int16_t product4 = ntt_multiply_binomials(lit10, lit11, -zeta2); - out.elements[(size_t)8U + (size_t)2U] = product4.fst; - out.elements[(size_t)8U + (size_t)3U] = product4.snd; - __int16_t_int16_t lit12; - lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; - lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; - __int16_t_int16_t lit13; - lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; - lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; - __int16_t_int16_t product5 = ntt_multiply_binomials(lit12, lit13, zeta3); - out.elements[(size_t)8U + (size_t)4U] = product5.fst; - out.elements[(size_t)8U + (size_t)5U] = product5.snd; - __int16_t_int16_t lit14; - lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; - lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; - __int16_t_int16_t lit; - lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; - lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; - __int16_t_int16_t product6 = ntt_multiply_binomials(lit14, lit, -zeta3); - out.elements[(size_t)8U + (size_t)6U] = product6.fst; - out.elements[(size_t)8U + (size_t)7U] = product6.snd; - return out; -} - -static libcrux_ml_kem_vector_PortableVector -ntt_multiply0( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); -} - -static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[2U]) -{ - uint8_t result[2U] = { 0U }; - KRML_MAYBE_FOR8(i, - (size_t)0U, - (size_t)8U, - (size_t)1U, - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); - KRML_MAYBE_FOR8(i, - (size_t)8U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_1(Eurydice_slice v) -{ - libcrux_ml_kem_vector_PortableVector result = zero(); - KRML_MAYBE_FOR8(i, - (size_t)0U, - (size_t)8U, - (size_t)1U, - size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); - for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); - } - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a -) -{ - return deserialize_1(a); -} - -static inline void serialize_4(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[8U]) -{ - uint8_t result[8U] = { 0U }; - result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; - result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; - result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; - result[4U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[5U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; - result[6U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; - result[7U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_4(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a -) -{ - return deserialize_4(a); -} - -static inline void serialize_5(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[10U]) -{ - uint8_t result[10U] = { 0U }; - result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); - result[1U] = - (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); - result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); - result[3U] = - (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); - result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); - result[5U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) - << 5U - | v.elements[(size_t)8U + (size_t)0U]); - result[6U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) - << 7U - | v.elements[(size_t)8U + (size_t)2U] << 2U) - | v.elements[(size_t)8U + (size_t)1U] >> 3U); - result[7U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | v.elements[(size_t)8U + (size_t)3U] >> 1U); - result[8U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) - << 6U - | v.elements[(size_t)8U + (size_t)5U] << 1U) - | v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)7U] - << 3U - | v.elements[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_5(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t - uu____1 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) - << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t - uu____4 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) - << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t - uu____6 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) - << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t - uu____9 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) - << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t - *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t - uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & 3U) - << 3U; - uint8_t - *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t - *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t - uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & 15U) - << 1U; - uint8_t - *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t - uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - & 1U) - << 4U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t - *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t - uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & 7U) - << 2U; - uint8_t - *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t - *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a -) -{ - return deserialize_5(a); -} - -static inline void serialize_10(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[20U]) -{ - uint8_t result[20U] = { 0U }; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); - result[3U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); - result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); - result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); - result[7U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); - result[8U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); - result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); - result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[11U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); - result[18U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); - result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_10(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector result = zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t - uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t - uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t - uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t - uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 8U; - uint8_t - *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 6U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 4U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t - uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t - uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 8U; - uint8_t - *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t - uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 6U; - uint8_t - *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t - uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 4U; - uint8_t - *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t - uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a -) -{ - return deserialize_10(a); -} - -static inline void serialize_11(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[22U]) -{ - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector result = zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = - uu____4 - | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = - uu____11 - | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t - uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)7) - << 8U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 5U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 7U; - uint8_t - *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)127) - << 4U; - uint8_t - *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - & (int16_t)31) - << 6U; - uint8_t - *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) - << 3U; - uint8_t - *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a -) -{ - return deserialize_11(a); -} - -static inline void serialize_12(libcrux_ml_kem_vector_PortableVector v, uint8_t ret[24U]) -{ - uint8_t result[24U] = { 0U }; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); - result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); - result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); - result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); - result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); - result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); - result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); - result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); - result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); - result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); - result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[13U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)0U] - >> 8U - | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); - result[16U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)2U] - >> 8U - | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[19U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)4U] - >> 8U - | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); - result[22U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)6U] - >> 8U - | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_12(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_PortableVector re = zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - int16_t - byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t); - int16_t - byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t *, uint8_t); - re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); - re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); - re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); - re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); - re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); - re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t - byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t *, uint8_t); - int16_t - byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t *, uint8_t); - int16_t - byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t *, uint8_t); - int16_t - byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t *, uint8_t); - int16_t - byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t *, uint8_t); - int16_t - byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t *, uint8_t); - int16_t - byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t *, uint8_t); - int16_t - byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t *, uint8_t); - int16_t - byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t *, uint8_t); - int16_t - byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t *, uint8_t); - int16_t - byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t *, uint8_t); - int16_t - byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t *, uint8_t); - re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); - re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); - re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); - re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); - re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); - re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); - re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); - re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); - return re; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a -) -{ - return deserialize_12(a); -} - -static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return rej_sample(a, out); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static libcrux_ml_kem_vector_PortableVector -to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - montgomery_multiply_by_constant0(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_PortableVector(self->coefficients[j]); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline libcrux_ml_kem_vector_PortableVector -compress___5int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return compress___5int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -compress___4int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return compress___4int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -compress___11int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return compress___11int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -compress___10int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int16_t - uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return compress___10int32_t(v); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - montgomery_multiply_by_constant0(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_PortableVector - tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v -) -{ - return - bitwise_and_with_constant0(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(ZERO(), - &v), - (int16_t)1665); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = - montgomery_multiply_by_constant0(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector lit; - lit.coefficients[0U] = ZERO(); - lit.coefficients[1U] = ZERO(); - lit.coefficients[2U] = ZERO(); - lit.coefficients[3U] = ZERO(); - lit.coefficients[4U] = ZERO(); - lit.coefficients[5U] = ZERO(); - lit.coefficients[6U] = ZERO(); - lit.coefficients[7U] = ZERO(); - lit.coefficients[8U] = ZERO(); - lit.coefficients[9U] = ZERO(); - lit.coefficients[10U] = ZERO(); - lit.coefficients[11U] = ZERO(); - lit.coefficients[12U] = ZERO(); - lit.coefficients[13U] = ZERO(); - lit.coefficients[14U] = ZERO(); - lit.coefficients[15U] = ZERO(); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - from_i16_array0(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_vector_PortableVector -shift_right___15int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; - } - return v; -} - -static libcrux_ml_kem_vector_PortableVector -shift_right___15int32_t0(libcrux_ml_kem_vector_PortableVector v) -{ - return shift_right___15int32_t(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a -) -{ - libcrux_ml_kem_vector_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_PortableVector - fm = bitwise_and_with_constant0(t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(a, - &fm); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - coefficient_normal_form = montgomery_multiply_by_constant0(b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - ntt_multiply0(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); - decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return decompress_ciphertext_coefficient___5int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); - decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return decompress_ciphertext_coefficient___4int32_t(v); -} - -void -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, - int16_t fer -) -{ - return montgomery_multiply_by_constant0(v, fer); -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); - decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return decompress_ciphertext_coefficient___11int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); - decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v -) -{ - return decompress_ciphertext_coefficient___10int32_t(v); -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h deleted file mode 100644 index 7a5c9a696..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_polynomial.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_polynomial_H -#define __libcrux_polynomial_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_core.h" -#include "eurydice_glue.h" - -typedef struct libcrux_ml_kem_vector_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_PortableVector; - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s -{ libcrux_ml_kem_vector_PortableVector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_polynomial_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c deleted file mode 100644 index 0a2961bbd..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.c +++ /dev/null @@ -1,3246 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "libcrux_core.h" - -#include "libcrux_sha3.h" - -#include "internal/libcrux_core.h" - - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) -{ - return 0ULL; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; -} - -static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) -{ - uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) -{ - return a ^ (b & ~c); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); -} - -static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) -{ - return a ^ c; -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -) -{ - return a ^ b; -} - -static inline void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - ret[0U] = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out[0U], - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -) -{ - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; - lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - return lit; -} - -static inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - uint64_t - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - uint64_t - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - uint64_t - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - uint64_t - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - uint64_t - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - uint64_t - uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], - t[0U]); - s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); - s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); - s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); - s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); - s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); - s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); - s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); - s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); - s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); - s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); - s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); - s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); - s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); - s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); - s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); - s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); - s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); - s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); - s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); - s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); - s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); - s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); - s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); - s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - uint64_t [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)72U, - (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); - } - } -} - -static inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); -} - -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); -} - -static inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -static inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); -} - -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -static inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); -} - -void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); -} - -static inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); -} - -static inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); -} - -void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); -} - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) -{ - size_t uu____0; - switch (mode) - { - case libcrux_sha3_Sha224: - { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = (size_t)64U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -static inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)144U, - (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); - } - } -} - -static inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); -} - -void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); -} - -static inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - { - size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)104U, - (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); - } - } -} - -static inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); -} - -void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); -} - -void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha224(digest, payload); -} - -void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) -{ - uint8_t out[28U] = { 0U }; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); -} - -void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha256(digest, payload); -} - -void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) -{ - uint8_t out[32U] = { 0U }; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - -void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha384(digest, payload); -} - -void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) -{ - uint8_t out[48U] = { 0U }; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); -} - -void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha512(digest, payload); -} - -void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)168U, - (size_t)168U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); - } - } -} - -static inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); -} - -void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); -} - -static const -size_t -libcrux_sha3_generic_keccak__PI[24U] = - { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, - (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, - (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, - (size_t)14U, (size_t)15U, (size_t)21U - }; - -static const -size_t -libcrux_sha3_generic_keccak__ROTC[24U] = - { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, - (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, - (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, - (size_t)61U, (size_t)56U, (size_t)14U - }; - -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -) -{ - return self[0U]; -} - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -) -{ - uint32_t uu____0; - switch (v) - { - case libcrux_sha3_Sha224: - { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = 4U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) -{ - libcrux_sha3_Algorithm uu____0; - switch (v) - { - case 1U: - { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: - { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: - { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: - { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h deleted file mode 100644 index 119c1131c..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3.h +++ /dev/null @@ -1,966 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_H -#define __libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_core.h" -#include "eurydice_glue.h" -static const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - - /* - -extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); - -uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -); - -uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -); - -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid); - -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -); - */ - -typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s -{ uint64_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; - - /* -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -); - -void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - */ -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); - /* -void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - */ - -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); - - /* -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - */ - -void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); - -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_KeccakState1; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void); - - /* -void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - */ - -void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -); - /* -void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - */ -void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -); - /* -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - */ - -void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -); - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); - /* -void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - */ - -void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); - -void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); - -void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); - -void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); - /* -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - */ -void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); - /* -extern const size_t libcrux_sha3_generic_keccak__PI[24U]; - -extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -); - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -); - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); - */ - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c deleted file mode 100644 index df0ccfaa1..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.c +++ /dev/null @@ -1,2520 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "libcrux_sha3_avx2.h" - -#include "internal/libcrux_core.h" - -static inline core_core_arch_x86___m256i zero(void) -{ - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i -_veor5q_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i -xor5( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i -rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i -rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i -_vbcaxq_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i uu____0 = a; - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i -and_not_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) -{ - core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) -{ - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i -xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void -slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) -{ - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(a[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(a[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = - Eurydice_slice_subslice(a[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void -slice_n(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) -{ - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) -{ - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out0, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at_mut(out1, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at_mut(out2, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at_mut(out3, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) -{ - return split_at_mut_4(a, mid); -} - -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void -load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void -load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline core_core_arch_x86___m256i -rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___36int32_t_28int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___3int32_t_61int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___41int32_t_23int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___18int32_t_46int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___1int32_t_63int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___44int32_t_20int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___10int32_t_54int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___45int32_t_19int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___2int32_t_62int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___62int32_t_2int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___6int32_t_58int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___43int32_t_21int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___15int32_t_49int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___61int32_t_3int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___28int32_t_36int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___55int32_t_9int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___25int32_t_39int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___21int32_t_43int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___56int32_t_8int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___27int32_t_37int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___20int32_t_44int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___39int32_t_25int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___8int32_t_56int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_x86___m256i -rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i -_vxarq_u64___14int32_t_50int32_t(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_x86___m256i -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i - uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); - core_core_arch_x86___m256i - uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); - core_core_arch_x86___m256i - uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); - core_core_arch_x86___m256i - uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); - core_core_arch_x86___m256i - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - core_core_arch_x86___m256i - uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i - uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i - uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i - uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i - uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i - uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i - uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i - uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i - uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i - uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i - uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i - uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i - uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i - uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i - uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i - uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i - uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i - uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i - uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i - uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i - uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i - uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i - uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i - uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i - uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - core_core_arch_x86___m256i [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - core_core_arch_x86___m256i - uu____0 = - and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -) -{ - core_core_arch_x86___m256i - uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void -load_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; - load_block___136size_t(uu____0, buf); -} - -static inline void -load_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void -store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - uint8_t out2[200U] = { 0U }; - uint8_t out3[200U] = { 0U }; - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - out3, - uint8_t, - Eurydice_slice) - }; - store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___136size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) -{ - uint8_t ret0[4U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - uint8_t b[4U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) -{ - store_block___136size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - store_block___136size_t0(s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } - else - { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o); - memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, - buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); -} - -static inline void -load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void -load_block_full___168size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; - load_block___168size_t(uu____0, buf); -} - -static inline void -load_block_full___168size_t0(core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); - load_block_full___168size_t0(uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -) -{ - Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, - buf); -} - -static inline void -store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) -{ - store_block___168size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___168size_t0(s->st, out); -} - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - store_block___168size_t0(s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____0 = split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____1 = split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o1); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o2); -} - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h deleted file mode 100644 index 0952f20d6..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_avx2.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_avx2_H -#define __libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "intrinsics/libcrux_intrinsics_avx2.h" - -#include "libcrux_sha3.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s -{ core_core_arch_x86___m256i st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; - -/* -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -); - -void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -); -*/ - -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void); - - /* -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - */ - -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -); - - /* -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - */ - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - - /* - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - */ - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c deleted file mode 100644 index e59cda99e..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "libcrux_sha3_neon.h" - -#include "internal/libcrux_core.h" - -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - diff --git a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h b/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h deleted file mode 100644 index e87dedbca..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/libcrux_sha3_neon.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc --log Phase3 - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_neon_H -#define __libcrux_sha3_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "intrinsics/libcrux_intrinsics_arm64.h" - -#include "libcrux_sha3.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -); - -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } -libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void); - -void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -); - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); - -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc b/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc deleted file mode 100644 index 382e2a5c9..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768.cc +++ /dev/null @@ -1,302 +0,0 @@ -/* - * Copyright 2023 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include -#include -#include - -#include "libcrux_sha3.h" -#include "libcrux_mlkem768.h" -#include "internal/libcrux_core.h" -// #include "util.h" - -using namespace std; - -typedef vector bytes; - -vector -from_hex(const string &hex) -{ - if (hex.length() % 2 == 1) - { - throw invalid_argument("Odd-length hex string"); - } - - int len = static_cast(hex.length()) / 2; - vector out(len); - for (int i = 0; i < len; i += 1) - { - string byte = hex.substr(2 * i, 2); - out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); - } - - return out; -} - -string -bytes_to_hex(const vector &data) -{ - stringstream hex(ios_base::out); - hex.flags(ios::hex); - for (const auto &byte : data) - { - hex << setw(2) << setfill('0') << int(byte); - } - return hex.str(); -} - -class KAT -{ -public: - bytes key_generation_seed; - bytes sha3_256_hash_of_public_key; - bytes sha3_256_hash_of_secret_key; - bytes encapsulation_seed; - bytes sha3_256_hash_of_ciphertext; - bytes shared_secret; -}; - -vector -read_kats(string path) -{ - ifstream kat_file(path); - nlohmann::json kats_raw; - kat_file >> kats_raw; - - vector kats; - - // Read test group - for (auto &kat_raw : kats_raw.items()) - { - auto kat_raw_value = kat_raw.value(); - - kats.push_back(KAT{ - .key_generation_seed = from_hex(kat_raw_value["key_generation_seed"]), - .sha3_256_hash_of_public_key = - from_hex(kat_raw_value["sha3_256_hash_of_public_key"]), - .sha3_256_hash_of_secret_key = - from_hex(kat_raw_value["sha3_256_hash_of_secret_key"]), - .encapsulation_seed = from_hex(kat_raw_value["encapsulation_seed"]), - .sha3_256_hash_of_ciphertext = - from_hex(kat_raw_value["sha3_256_hash_of_ciphertext"]), - .shared_secret = from_hex(kat_raw_value["shared_secret"]), - }); - } - - return kats; -} - -// void -// modify_ciphertext(uint8_t* ciphertext, size_t ciphertext_size) -// { -// uint8_t randomness[3]; -// generate_random(randomness, 3); - -// uint8_t random_byte = randomness[0]; -// if (random_byte == 0) { -// random_byte += 1; -// } - -// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; - -// uint16_t random_position = random_u16 % ciphertext_size; - -// ciphertext[random_position] ^= random_byte; -// } - -// void -// modify_secret_key(uint8_t* secret_key, -// size_t secret_key_size, -// bool modify_implicit_rejection_value) -// { -// uint8_t randomness[3]; -// generate_random(randomness, 3); - -// uint8_t random_byte = randomness[0]; -// if (random_byte == 0) { -// random_byte += 1; -// } - -// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; - -// uint16_t random_position = 0; - -// if (modify_implicit_rejection_value == true) { -// random_position = (secret_key_size - 32) + (random_u16 % 32); -// } else { -// random_position = random_u16 % (secret_key_size - 32); -// } - -// secret_key[random_position] ^= random_byte; -// } - -// uint8_t* -// compute_implicit_rejection_shared_secret(uint8_t* ciphertext, -// size_t ciphertext_size, -// uint8_t* secret_key, -// size_t secret_key_size) -// { -// uint8_t* hashInput = new uint8_t[32 + ciphertext_size]; -// uint8_t* sharedSecret = new uint8_t[32]; - -// std::copy(secret_key + (secret_key_size - 32), -// secret_key + secret_key_size, -// hashInput); -// std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); - -// Hacl_Hash_SHA3_shake256_hacl( -// 32 + ciphertext_size, hashInput, 32, sharedSecret); - -// delete[] hashInput; -// return sharedSecret; -// } - -TEST(MlKem768Test, ConsistencyTest) -{ - uint8_t randomness[64]; - for (int i = 0; i < 64; i++) - randomness[i] = 13; - // generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - // printf("pk: "); - // print_hex_ln(1184, key_pair.pk.value); - // printf("sk: "); - // print_hex_ln(2400, key_pair.sk.value); - - // generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - // printf("ctxt: "); - // print_hex_ln(1088U, ctxt.fst.value); - // printf("secret: "); - // print_hex_ln(32, ctxt.snd); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - // printf("secret2: "); - // print_hex_ln(32, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -} - -// TEST(Kyber768Test, ModifiedCiphertextTest) -// { -// uint8_t randomness[64]; -// generate_random(randomness, 64); -// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - -// generate_random(randomness, 32); -// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - -// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; -// modify_ciphertext(ctxt.fst.value, -// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); -// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - -// EXPECT_NE(0, -// memcmp(ctxt.snd, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - -// uint8_t* implicitRejectionSharedSecret = -// compute_implicit_rejection_shared_secret( -// ctxt.fst.value, -// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, -// key_pair.sk.value, -// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - -// EXPECT_EQ(0, -// memcmp(implicitRejectionSharedSecret, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -// delete[] implicitRejectionSharedSecret; -// } - -// TEST(Kyber768Test, ModifiedSecretKeyTest) -// { -// uint8_t randomness[64]; -// generate_random(randomness, 64); -// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - -// generate_random(randomness, 32); -// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - -// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; -// modify_secret_key( -// key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); -// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - -// EXPECT_NE(0, -// memcmp(ctxt.snd, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - -// modify_secret_key( -// ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); -// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - -// uint8_t* implicitRejectionSharedSecret = -// compute_implicit_rejection_shared_secret( -// ctxt.fst.value, -// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, -// key_pair.sk.value, -// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); -// EXPECT_EQ(0, -// memcmp(implicitRejectionSharedSecret, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -// delete[] implicitRejectionSharedSecret; -// } - -TEST(MlKem768Test, NISTKnownAnswerTest) -{ - // XXX: This should be done in a portable way. - auto kats = read_kats("tests/mlkem768_nistkats.json"); - - for (auto kat : kats) - { - auto key_pair = - libcrux_ml_kem_mlkem768_generate_key_pair(kat.key_generation_seed.data()); - uint8_t pk_hash[32]; - libcrux_sha3_sha256( - EURYDICE_SLICE(key_pair.pk.value, 0, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), - pk_hash); - EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); - uint8_t sk_hash[32]; - libcrux_sha3_sha256( - EURYDICE_SLICE(key_pair.sk.value, 0, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); - EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate( - &key_pair.pk, kat.encapsulation_seed.data()); - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - EURYDICE_SLICE(ctxt.fst.value, 0, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - // FIXME: REMOVE AGAIN - break; - } -} diff --git a/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json b/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json deleted file mode 100644 index 6a819f80d..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/tests/mlkem768_nistkats.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", - "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", - "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", - "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", - "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", - "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", - "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", - "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", - "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", - "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", - "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", - "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", - "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", - "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", - "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", - "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", - "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", - "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", - "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", - "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", - "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", - "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", - "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", - "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", - "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", - "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", - "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", - "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", - "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", - "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", - "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", - "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", - "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", - "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", - "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", - "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", - "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", - "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", - "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", - "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", - "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", - "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", - "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", - "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", - "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", - "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", - "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", - "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", - "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", - "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", - "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", - "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", - "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", - "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", - "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", - "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", - "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", - "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", - "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", - "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", - "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", - "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", - "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", - "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", - "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", - "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", - "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", - "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", - "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", - "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", - "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", - "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", - "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", - "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", - "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", - "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", - "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", - "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", - "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", - "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", - "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", - "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", - "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", - "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", - "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", - "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", - "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", - "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", - "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", - "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", - "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", - "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", - "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", - "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", - "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", - "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", - "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", - "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", - "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", - "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", - "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", - "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", - "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", - "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", - "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", - "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", - "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", - "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", - "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", - "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", - "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", - "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", - "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", - "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", - "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", - "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", - "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", - "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", - "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", - "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", - "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", - "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", - "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", - "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", - "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", - "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", - "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", - "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", - "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", - "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", - "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", - "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", - "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", - "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", - "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", - "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", - "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", - "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", - "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", - "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", - "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", - "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", - "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", - "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", - "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", - "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", - "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", - "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", - "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", - "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", - "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", - "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", - "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", - "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", - "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", - "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", - "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", - "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", - "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", - "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", - "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", - "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", - "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", - "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", - "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", - "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", - "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", - "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", - "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", - "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", - "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", - "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", - "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", - "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", - "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", - "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", - "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", - "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", - "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", - "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", - "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", - "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", - "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", - "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", - "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", - "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", - "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", - "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", - "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", - "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", - "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", - "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", - "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", - "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", - "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", - "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", - "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", - "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", - "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", - "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", - "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" - } -] diff --git a/libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc b/libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc deleted file mode 100644 index 7184a6754..000000000 --- a/libcrux-ml-kem/c-sha3-speedup/tests/sha3.cc +++ /dev/null @@ -1,84 +0,0 @@ - -#include -#include - -#include "libcrux_sha3.h" -#include "libcrux_mlkem768.h" - -using namespace std; - -typedef vector bytes; - -vector -from_hex(const string& hex) -{ - if (hex.length() % 2 == 1) { - throw invalid_argument("Odd-length hex string"); - } - - int len = static_cast(hex.length()) / 2; - vector out(len); - for (int i = 0; i < len; i += 1) { - string byte = hex.substr(2 * i, 2); - out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); - } - - return out; -} - -string -bytes_to_hex(const vector& data) -{ - stringstream hex(ios_base::out); - hex.flags(ios::hex); - for (const auto& byte : data) { - hex << setw(2) << setfill('0') << int(byte); - } - return hex.str(); -} - -TEST(Sha3Test, ConsistencyTest) -{ - const char* message = "Hello, World!"; - uint32_t message_size = strlen(message); - - uint8_t digest[32]; - Eurydice_slice input; - input.ptr = (void*) message; - input.len = message_size; - - libcrux_sha3_sha256(input,digest); - - bytes expected_digest = from_hex( - "1af17a664e3fa8e419b8ba05c2a173169df76162a5a286e0c405b460d478f7ef"); - - EXPECT_EQ(strncmp((char*)digest, - (char*)expected_digest.data(), - 32), - 0); -} - -#define KYBER768_SECRETKEYBYTES 2400 -#define KYBER768_PUBLICKEYBYTES 1184 -#define KYBER768_CIPHERTEXTBYTES 1088 -#define KYBER768_SHAREDSECRETBYTES 32 - -TEST(Kyber768Test, ConsistencyTest) -{ - uint8_t randomness[64] = { 0 }; - uint8_t publicKey[KYBER768_PUBLICKEYBYTES]; - uint8_t secretKey[KYBER768_SECRETKEYBYTES]; - - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t kp = - libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - - uint8_t ciphertext[KYBER768_CIPHERTEXTBYTES]; - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ cipher_and_shared_secret = - libcrux_ml_kem_mlkem768_encapsulate(&kp.pk, randomness); - - uint8_t sharedSecret2[KYBER768_SHAREDSECRETBYTES]; - libcrux_ml_kem_mlkem768_decapsulate(&kp.sk, &cipher_and_shared_secret.fst, sharedSecret2); - - EXPECT_EQ(0, memcmp(cipher_and_shared_secret.snd, sharedSecret2, KYBER768_SHAREDSECRETBYTES)); -} - From 09f13effab649401e38b3b3deb86ea47e353f73c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 4 Jun 2024 17:26:31 +0200 Subject: [PATCH 93/94] drop more files --- libcrux-ml-kem/build-foo.rs | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 libcrux-ml-kem/build-foo.rs diff --git a/libcrux-ml-kem/build-foo.rs b/libcrux-ml-kem/build-foo.rs deleted file mode 100644 index ef1138666..000000000 --- a/libcrux-ml-kem/build-foo.rs +++ /dev/null @@ -1,28 +0,0 @@ -use std::env; - -fn main() { - let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); - let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; - - let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; - - if target_arch == "aarch64" && !disable_simd128 { - // We enable simd128 on all aarch64 builds. - println!("cargo:rustc-cfg=feature=\"simd128\""); - } - if target_arch == "x86_64" && !disable_simd256 { - // We enable simd256 on all x86_64 builds. - // Note that this doesn't mean the required CPU features are available. - // But the compiler will support them and the runtime checks ensure that - // it's only used when available. - // - // We don't enable this on x86 because it seems to generate invalid code. - println!("cargo:rustc-cfg=feature=\"simd256\""); - } -} From 8246792e637074cc3f66395e637efc9992bc4e34 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 4 Jun 2024 17:32:56 +0200 Subject: [PATCH 94/94] keep supporting old rustc --- sys/hacl/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index f5221866b..698de115c 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -470,7 +470,7 @@ fn main() { }; // Set re-run trigger for all of c - println!("cargo::rerun-if-changed=c"); + println!("cargo:rerun-if-changed=c"); // Build the C files build(&platform, home_path);